Hi everybody,

I'm trying to set up an SMTP server on my Gentoo box that uses SASL for authentication that sits on top of a MySQL database - right now I'm just working on the authentication part - and I just can't get it to work - I've read maybe 10 howtos and done quite a bit of research, but everything I try still has authentication failing. I select simple authentication in my mail client and it just won't go - interestingly I can send to system users with no password at all.

Would you mind taking a look and seeing if there is anything obvious that I am doing wrong? As usual, I would be very appreciative.

Thanks!



/etc/postfix/main.cf:
Code:
soft_bounce = yes
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = gentoo.charlesread.com
mydomain = charlesread.com
myorigin = $myhostname
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks_style = host
#mynetworks =  127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
debug_peer_level = 2
sendmail_path = /usr/sbin/sendmail
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = no
inet_protocols = ipv4
home_mailbox = .maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_path = /etc/sasl2/smtpd.conf
smtpd_sasl_type =cyrus
smtpd_sasl_authenticated_header = yes

#smtpd_sasl_local_domain =
#smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
/etc/sasl2/smtpd.conf
Code:
log_level: 7
mech_list: PLAIN LOGIN
pwcheck_method: saslauthd
/etc/conf.d/saslauthd:
Code:
SASLAUTHD_OPTS=" -a pam -n 5"
/etc/pam.d/smtp: (yeah, I know keeping the password plain is bad, this is just for testing, so I can change it more easily - and I have verified that the vsftpd user has access [I happen to be using the same DB that I use for vsFTPd])
Code:
auth required pam_mysql.so user=XXX passwd=XXX host=localhost db=web table=accounts usercolumn=username passwdcolumn=pass_plain crypt=1
account required pam_mysql.so user=XXX passwd=XXX host=localhost db=web table=accounts usercolumn=username passwdcolumn=pass_plain crypt=1
/var/log/auth.log: (after restarting everything and attempting a connection)
Code:
Jan 30 21:24:00 gentoo saslauthd[13189]: server_exit     : master exited: 13189
Jan 30 21:24:00 gentoo saslauthd[13467]: detach_tty      : master pid is: 13467
Jan 30 21:24:00 gentoo saslauthd[13467]: ipc_init        : listening on socket: /var/lib/sasl2/mux
/var/log/mail.log: (after restarting everything and attempting a connection)

Code:
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: name_mask: ipv4
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: name_mask: host
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: inet_addr_local: configured 2 IPv4 addresses
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: been_here: 127.0.0.1/32: 0
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: been_here: 10.0.1.201/32: 0
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: mynetworks: 127.0.0.1/32 10.0.1.201/32 
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: process generation: 7 (7)
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: mynetworks ~? debug_peer_list
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: mynetworks ~? fast_flush_domains
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: mynetworks ~? mynetworks
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: relay_domains ~? debug_peer_list
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: relay_domains ~? fast_flush_domains
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: relay_domains ~? mynetworks
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: relay_domains ~? permit_mx_backup_networks
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: relay_domains ~? qmqpd_authorized_clients
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: relay_domains ~? relay_domains
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: permit_mx_backup_networks ~? debug_peer_list
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: permit_mx_backup_networks ~? fast_flush_domains
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: permit_mx_backup_networks ~? mynetworks
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: permit_mx_backup_networks ~? permit_mx_backup_networks
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: connect to subsystem private/proxymap
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: send attr request = open
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: send attr table = unix:passwd.byname
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: send attr flags = 0
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: private/proxymap socket: wanted attribute: status
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute name: status
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute value: 0
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: private/proxymap socket: wanted attribute: flags
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute name: flags
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute value: 16
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: private/proxymap socket: wanted attribute: (list terminator)
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute name: (end)
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: dict_proxy_open: connect to map=unix:passwd.byname status=0 server_flags=fixed
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: dict_open: proxy:unix:passwd.byname
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: Compiled against Berkeley DB: 4.8.30?
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: Run-time linked against Berkeley DB: 4.8.30?
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: dict_open: hash:/etc/mail/aliases
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: smtpd_access_maps ~? debug_peer_list
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: smtpd_access_maps ~? fast_flush_domains
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: smtpd_access_maps ~? mynetworks
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: smtpd_access_maps ~? permit_mx_backup_networks
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: smtpd_access_maps ~? qmqpd_authorized_clients
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: smtpd_access_maps ~? relay_domains
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: smtpd_access_maps ~? smtpd_access_maps
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: unknown_helo_hostname_tempfail_action = defer_if_permit
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: unknown_address_tempfail_action = defer_if_permit
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: unverified_recipient_tempfail_action = defer_if_permit
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: unverified_sender_tempfail_action = defer_if_permit
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: xsasl_cyrus_server_init: SASL config file is /etc/sasl2/smtpd.conf.conf
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: fast_flush_domains ~? debug_peer_list
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: fast_flush_domains ~? fast_flush_domains
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: auto_clnt_create: transport=local endpoint=private/anvil
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: connection established
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: master_notify: status 0
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: name_mask: resource
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: name_mask: software
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: connect from XXX.XXX.XXX.XXXX
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: smtp_stream_setup: maxtime=300 enable_deadline=0
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_hostname: XXX.XXX.XXX.XXXX ~? 127.0.0.1/32
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_hostaddr: XXX.XXX.XXX.XXXX ~? 127.0.0.1/32
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_hostname: XXX.XXX.XXX.XXXX ~? 10.0.1.201/32
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_hostaddr: XXX.XXX.XXX.XXXX ~? 10.0.1.201/32
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: auto_clnt_open: connected to private/anvil
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: send attr request = connect
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: send attr ident = smtp:XXX.XXX.XXX.XXXX
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: private/anvil: wanted attribute: status
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute name: status
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute value: 0
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: private/anvil: wanted attribute: count
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute name: count
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute value: 1
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: private/anvil: wanted attribute: rate
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute name: rate
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute value: 1
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: private/anvil: wanted attribute: (list terminator)
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute name: (end)
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 220 gentoo.charlesread.com ESMTP Postfix
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: xsasl_cyrus_server_create: SASL service=smtp, realm=(null)
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: name_mask: noanonymous
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: < XXX.XXX.XXX.XXXX: EHLO [10.0.1.7]
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-gentoo.charlesread.com
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-PIPELINING
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-SIZE 10240000
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-VRFY
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-ETRN
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-AUTH SCRAM-SHA-1 DIGEST-MD5 OTP NTLM CRAM-MD5 LOGIN PLAIN
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-AUTH=SCRAM-SHA-1 DIGEST-MD5 OTP NTLM CRAM-MD5 LOGIN PLAIN
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-ENHANCEDSTATUSCODES
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-8BITMIME
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250 DSN
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: < XXX.XXX.XXX.XXXX: EHLO [10.0.1.7]
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-gentoo.charlesread.com
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-PIPELINING
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-SIZE 10240000
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-VRFY
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-ETRN
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-AUTH SCRAM-SHA-1 DIGEST-MD5 OTP NTLM CRAM-MD5 LOGIN PLAIN
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-AUTH=SCRAM-SHA-1 DIGEST-MD5 OTP NTLM CRAM-MD5 LOGIN PLAIN
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-ENHANCEDSTATUSCODES
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-8BITMIME
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250 DSN
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: < XXX.XXX.XXX.XXXX: AUTH PLAIN AHRlc3QAMTIzNA==
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: xsasl_cyrus_server_first: sasl_method PLAIN, init_response AHRlc3QAMTIzNA==
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: xsasl_cyrus_server_first: decoded initial response 
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: warning: SASL authentication failure: Password verification failed
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: warning: XXX.XXX.XXX.XXXX: SASL PLAIN authentication failed: authentication failure
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 435 4.7.8 Error: authentication failed: authentication failure
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: smtp_get: EOF
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_hostname: XXX.XXX.XXX.XXXX ~? 127.0.0.1/32
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_hostaddr: XXX.XXX.XXX.XXXX ~? 127.0.0.1/32
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_hostname: XXX.XXX.XXX.XXXX ~? 10.0.1.201/32
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_hostaddr: XXX.XXX.XXX.XXXX ~? 10.0.1.201/32
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: send attr request = disconnect
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: send attr ident = smtp:XXX.XXX.XXX.XXXX
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: private/anvil: wanted attribute: status
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute name: status
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute value: 0
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: private/anvil: wanted attribute: (list terminator)
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute name: (end)
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: lost connection after AUTH from XXX.XXX.XXX.XXXX
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: disconnect from XXX.XXX.XXX.XXXX
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: master_notify: status 1
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: connection closed
Jan 30 21:28:02 gentoo postfix/smtpd[13637]: proxymap stream disconnect
With the important part being:
Code:
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: xsasl_cyrus_server_first: sasl_method PLAIN, init_response AHRlc3QAMTIzNA==
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: xsasl_cyrus_server_first: decoded initial response 
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: warning: SASL authentication failure: Password verification failed
Jan 30 21:27:57 gentoo postfix/smtpd[13637]: warning: XXX.XXX.XXX.XXXX: SASL PLAIN authentication failed: authentication failure