Re: problems authenticating

[Patrick Ben Koetter]

* Vince LaMonica <[EMAIL PROTECTED]>:
> First off the problem: setting up a new server with Ubuntu 8.04; hand  
> compiling everything. Old server was Ubuntu 6.06 with hand-compiled  
> Postfix 2.4.6. For the new server, I did a fresh install of 2.5.5.  
> Apparently I'm missing something in the release notes though, as I'm  
> getting this error when I attempt to send an e.mail using authentication:
>
> Oct 27 07:31:35 aeryn postfix/master[26422]: daemon started -- version  
> 2.5.5, configuration /etc/postfix
> Oct 27 07:33:50 aeryn postfix/smtpd[26557]: connect from  
> newserver.example.com[1.2.3.4]
> Oct 27 07:33:50 aeryn postfix/smtpd[26557]: setting up TLS connection 
> from newserver.example.com[1.2.3.4]
> Oct 27 07:33:50 aeryn postfix/smtpd[26557]: Anonymous TLS connection  
> established from newserver.example.com[1.2.3.4]: TLSv1 with cipher  
> AES128-SHA (128/128 bits)
> Oct 27 07:33:50 aeryn postfix/smtpd[26557]: warning: SASL authentication  
> failure: Password verification failed
> Oct 27 07:33:50 aeryn postfix/smtpd[26557]: warning:  
> newserver.example.com[1.2.3.4]: SASL PLAIN authentication failed:  
> authentication failure
> Oct 27 07:33:50 aeryn postfix/smtpd[26557]: disconnect from  
> newserver.example.com[1.2.3.4]
>
> Yes, I'm typing my password correctly. :)
>
> Connecting to my old server with the same MUA and same userid/password  
> works fine. Both servers have the same postconf -n, which leads me to  
> believe that Something has Changed; either a postfix behavior or 
> something with my TLS, but I have not been able to find the right clue to 
> look in the right area.
>
> Here is my postconf -n output:
>
> --------------------------------8<--------------------------------8<-------
> # postconf -n
> alias_database = hash:/etc/aliases, hash:/home/mailman/data/aliases
> alias_maps = hash:/etc/aliases, hash:/home/mailman/data/aliases
> bounce_queue_lifetime = 3d
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> data_directory = /var/lib/postfix
> debug_peer_level = 2
> default_privs = nobody
> delay_warning_time = 16h
> html_directory = no
> inet_interfaces = all
> mail_owner = postfix
> mail_spool_directory = /var/mail
> mailbox_command = /usr/bin/procmail -Y -a $DOMAIN
> mailbox_size_limit = 850200000
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/local/man
> maximal_queue_lifetime = 3d
> message_size_limit = 21000000
> mydestination = $myhostname, localhost.$mydomain $mydomain,
> mail.$mydomain, www.$mydomain, ftp.$mydomain
> mydomain = example.com
> myhostname = mail.example.com
> mynetworks = 1.2.3.4/32, 1.2.3.5/32, 1.2.3.6/32, 127.0.0.1/32, 1.2.2.1/32
> mynetworks_style = host
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases
> owner_request_special = no
> queue_directory = /var/spool/postfix
> readme_directory = no
> sample_directory = /etc/postfix
> sendmail_path = /usr/sbin/sendmail
> setgid_group = postdrop
> smtpd_banner = $myhostname ESMTP $mail_name [Linux]
> smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
> reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> smtpd_tls_CAfile = /etc/postfix/certs/ca2.pem
> smtpd_tls_CApath = /etc/postfix/certs
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/postfix/certs/server.pem
> smtpd_tls_key_file = $smtpd_tls_cert_file
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_use_tls = yes
> tls_random_source = dev:/dev/urandom
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps = hash:/etc/postfix/virtual
> --------------------------------8<--------------------------------8<-----
> /etc/default/saslauthd:
>
> START=yes
> DESC="SASL Authentication Daemon"
> NAME="saslauthd"
> MECHANISMS="shadow"
> MECH_OPTIONS=""
> THREADS=5
> OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
>
> /etc/postfix/master.cf:
>
> #  
> ==========================================================================
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> #  
> ==========================================================================
> smtp      inet  n       -       n       -       -       smtpd

You are not running postfix chrooted, but your saslauthd settings ($OPTIONS)
reflect a chroot setup. Remove "-m /var/spool/postfix/var/run/saslauthd" from
OPTIONS, restart saslauthd and try again.

[EMAIL PROTECTED]







> 825       inet  n       -       n       -       -       smtpd
> 587       inet  n       -       n       -       -       smtpd
> #submission inet n       -       n       -       -       smtpd
> #  -o smtpd_enforce_tls=yes
> #  -o smtpd_sasl_auth_enable=yes
> #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> #smtps     inet  n       -       n       -       -       smtpd
> #  -o smtpd_tls_wrappermode=yes
> #  -o smtpd_sasl_auth_enable=yes
> #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> #628      inet  n       -       n       -       -       qmqpd
> pickup    fifo  n       -       n       60      1       pickup
> cleanup   unix  n       -       n       -       0       cleanup
> qmgr      fifo  n       -       n       300     1       qmgr
> #qmgr     fifo  n       -       n       300     1       oqmgr
> tlsmgr    unix  -       -       n       1000?   1       tlsmgr
> rewrite   unix  -       -       n       -       -       trivial-rewrite
> bounce    unix  -       -       n       -       0       bounce
> defer     unix  -       -       n       -       0       bounce
> trace     unix  -       -       n       -       0       bounce
> verify    unix  -       -       n       -       1       verify
> flush     unix  n       -       n       1000?   0       flush
> proxymap  unix  -       -       n       -       -       proxymap
> smtp      unix  -       -       n       -       -       smtp
> # When relaying mail as backup MX, disable fallback_relay to avoid MX  
> loops
> relay     unix  -       -       n       -       -       smtp
>         -o fallback_relay=
> #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> showq     unix  n       -       n       -       -       showq
> error     unix  -       -       n       -       -       error
> retry     unix  -       -       n       -       -       error
> discard   unix  -       -       n       -       -       discard
> local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       n       -       -       lmtp
> anvil     unix  -       -       n       -       1       anvil
> scache    unix  -       -       n       -       1       scache
>
> proxywrite unix -       -       n       -       1       proxymap
> tmail      unix -       n       n       -       -       pipe
>   flags=DR eol=\r\n user=nobody argv=/usr/sbin/tmail ${user}
>
> /etc/postfix/sasl2/smtpd.conf:
>
> log_level: 3
> mech_list: PLAIN LOGIN
> pwcheck_method: saslauthd
> # gretchen under mandrake:
> #saslauthd_path: /var/lib/sasl2/mux
> # ubuntu 6.06:
> saslauthd_path: /var/run/saslauthd/mux
>
> Am I leaving anything out? Any bit of enlightenment would be most  
> appreciated!
>
> /vjl/
>
> -- 
> Vince J. LaMonica       Knowledge is knowing a street is one way.
> [EMAIL PROTECTED]  <*>  Wisdom is still looking in both directions.
>
>            Donate today, please: http://www.cancer.org/

-- 
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>