Another SASL authentication error

Wed, 28 May 2014 11:19:29 -0700 

Hello,

I am trying to setup a Postfix server on a Debian Wheezy system, and I'm
encountering a little problem with SMTP authentication...

Since I don't need mailboxes (messages can go out, but nothing has to
come in), I decided not to install Dovecot (or another IMAP/POP3).
However, this is the first time I make such a "partial" setup, and
authenticating users over SMTPs is getting tricky.

First, my logs :

---
(...)
localhost postfix/smtps/smtpd[14222]: <
localhost.localdomain[127.0.0.1]: bXl1c2Vy
localhost postfix/smtps/smtpd[14222]: xsasl_cyrus_server_next: decoded
response: myuser
(...)
localhost postfix/smtps/smtpd[14222]: <
localhost.localdomain[127.0.0.1]: bXlwYXNz
localhost postfix/smtps/smtpd[14222]: xsasl_cyrus_server_next: decoded
response: mypass
(...)
localhost postfix/smtps/smtpd[14222]: warning:
localhost.localdomain[127.0.0.1]: SASL LOGIN authentication failed:
authentication failure
localhost postfix/smtps/smtpd[14222]: >
localhost.localdomain[127.0.0.1]: 535 5.7.8 Error: authentication
failed: authentication failure
---

(I've removed irrelevant lines, the challenges were correct, and here's
all I have about the authentication process)

Now, to the configuration (main.cf, master.cf) :

---
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/users
smtp_sasl_security_options = noplaintext, noanonymous
smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination
---
smtp      inet  n       -       -       -       -       smtpd
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
---

The SSL/TLS parameters are correct, since encryption/decryption succeeds
in the logs (decoding the credentials, encoding the challenges).

My "users" file contains :
mydomain.tld myuser:mypass

It has been postmap-ed. SASLauthd is configured (START=yes), and I can
see my processes running without trouble. I've also made sure Postfix
could contact it by moving the socket and PID files into the Postfix
chroot (and linking accordingly).

I would gladly give you more information if I had some but... the logs
are quiet silent on this one (even with a high verbosity level)... Is
there any way I could get more information about this failure ? Or have
I missed something ?

Reply via email to