Re: warning: unknown[137.xxx.xxx.253]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

[Wietse Venema]

Jim Garrison:
> On 6/6/2022 3:13 AM, Jaroslaw Rafa wrote:
> > Dnia  5.06.2022 o godz. 23:29:05 julio covolato pisze:
> >>
> >> I would like to know why these messages appear in the mail.log,
> >> I know that "UGFzc3dvcmQ6" is base64 encoded for "Password:".
> >> Is this some misconfigured internet mail server system (Windows)?
> > 
> > Rather not a misconfigured server, but some stupid bot trying to guess
> > passwords. It is a comonly observed thing.
> > 
> >> Blocking these IPs with fail2ban is a good idea?
> > 
> > Probably yes.
> 
> I recently saw this when I rebuilt a Postfix server and forgot to
> update a client's password when it changed on the server.
> 
> It seems the error message always contains the base64 encoding of
> "Password:" regardless of the actual userid/password.
> 
> Anybody know why the error message displays this (base64 encoded)?

Instead of logging the last user's input, which could be a password,
Postfix logs the last output from the SASL implementation. Postfix
does not understand SASL protocols, it just proxies messages between
the SMTP client and the Cyrus library or Dovecot.

After successful login, Postfix gets the username from the Cyrus
library or from Dovecot. I would not expect that such information is
available before a successful login, but someone could prove me wrong.
 
Wietse

Re: warning: unknown[137.xxx.xxx.253]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

[Jim Garrison]

On 6/6/2022 3:13 AM, Jaroslaw Rafa wrote:

Dnia  5.06.2022 o godz. 23:29:05 julio covolato pisze:


I would like to know why these messages appear in the mail.log,
I know that "UGFzc3dvcmQ6" is base64 encoded for "Password:".
Is this some misconfigured internet mail server system (Windows)?


Rather not a misconfigured server, but some stupid bot trying to guess
passwords. It is a comonly observed thing.


Blocking these IPs with fail2ban is a good idea?


Probably yes.


I recently saw this when I rebuilt a Postfix server and forgot to
update a client's password when it changed on the server.

It seems the error message always contains the base64 encoding of
"Password:" regardless of the actual userid/password.

Anybody know why the error message displays this (base64 encoded)?

--
Jim Garrison
j...@acm.org

Re: warning: unknown[137.xxx.xxx.253]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

[Jaroslaw Rafa]

Dnia  5.06.2022 o godz. 23:29:05 julio covolato pisze:
> 
> I would like to know why these messages appear in the mail.log,
> I know that "UGFzc3dvcmQ6" is base64 encoded for "Password:".
> Is this some misconfigured internet mail server system (Windows)?

Rather not a misconfigured server, but some stupid bot trying to guess
passwords. It is a comonly observed thing.

> Blocking these IPs with fail2ban is a good idea?

Probably yes.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

warning: unknown[137.xxx.xxx.253]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

[julio covolato]

Hi.

I would like to know why these messages appear in the mail.log,
I know that "UGFzc3dvcmQ6" is base64 encoded for "Password:".
Is this some misconfigured internet mail server system (Windows)?
Blocking these IPs with fail2ban is a good idea?

Jun  5 23:25:08 saturn postfix/smtps/smtpd[11831]: warning: 
unknown[178xxx.xxx.58]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun  5 23:25:08 saturn postfix/smtps/smtpd[11831]: lost connection after 
AUTH from unknown[178.88.160.58]
Jun  5 23:25:08 saturn postfix/smtps/smtpd[11831]: disconnect from 
unknown[178.xxx.xxx.58] ehlo=1 auth=0/1 commands=1/2


Thanks.

--
--
_Engº Julio Cesar Covolato
   0v0   
  /(_)\  F: 55-11-99175-9260
   ^ ^   PSI INTERNET
--

Re: SASL LOGIN authentication failed

[Bill Cole]

On 13 May 2018, at 1:27 (-0400), @lbutlr wrote:

On 2018-05-12 (23:01 MDT), Viktor Dukhovni 
<postfix-us...@dukhovni.org> wrote:



On May 13, 2018, at 12:42 AM, @lbutlr <krem...@kreme.com> wrote:

In these log lines, what is "UGFzc3dvcmQ6"?

May 12 07:52:07 mail submit-tls/smtpd[32670]: warning: 
vps1590651.vs.webtropia-customer.com[62.141.41.104]: SASL LOGIN 
authentication failed: UGFzc3dvcmQ6


$ printf "%s\n" $(printf "%s\n" UGFzc3dvcmQ6 | openssl base64 -d)
Password:


So, is that what the morons tried to login with (I have a few others 
that using your snippet decode to "Username:" (VXNlcm5hbWU6), they are 
trying to login with a base64 encode of "Usernae:" or "Password:"?


No, Postfix is logging the stage of an authentication failure in the 
SASL LOGIN mechanism. It would be unwise to routinely log the wrong 
credentials used by people who typo a username or password or by bots 
that have a list of username+password combinations acquired elsewhere.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole

Re: SASL LOGIN authentication failed

[Matthew Broadhead]

On 13/05/18 12:09, Erwan David wrote:

Le 05/13/18 à 09:49, Matthew Broadhead a écrit :

i get loads of these from different ip addresses all over the world
with the exact same password.  no idea what causes it.  i always
wondered myself. e.g. cat /var/log/maillog | grep UGFzc3dvcmQ6

...

May 13 08:43:43 ns1 postfix/smtpd[8800]: warning:
unknown[46.148.27.71]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:44:28 ns1 postfix/smtpd[6191]: warning:
unknown[185.234.217.61]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:44:52 ns1 postfix/smtpd[11760]: warning:
unknown[181.214.206.20]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:45:17 ns1 postfix/smtpd[6191]: warning:
unknown[185.234.218.130]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:45:23 ns1 postfix/smtpd[11760]: warning:
unknown[5.101.40.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:45:30 ns1 postfix/smtpd[11766]: warning:
unknown[181.214.206.20]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:45:32 ns1 postfix/smtpd[6191]: warning:
unknown[181.214.206.101]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:46:05 ns1 postfix/smtpd[11760]: warning:
unknown[201.162.182.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:46:09 ns1 postfix/smtpd[11766]: warning:
unknown[181.214.206.101]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:47:33 ns1 postfix/smtpd[11766]: warning:
unknown[5.101.40.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6


It is the base 64 encoding of Password:

yes i understood that but why is it continuously sent from random ip 
addresses all over the world where none of my accounts would be signing 
in from?  if i do an ip trace they come from loads of different 
countries.  the hits must be coming from compromised machines?

Re: SASL LOGIN authentication failed

[Erwan David]

Le 05/13/18 à 09:49, Matthew Broadhead a écrit :
> i get loads of these from different ip addresses all over the world
> with the exact same password.  no idea what causes it.  i always
> wondered myself. e.g. cat /var/log/maillog | grep UGFzc3dvcmQ6
>
> ...
>
> May 13 08:43:43 ns1 postfix/smtpd[8800]: warning:
> unknown[46.148.27.71]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
> May 13 08:44:28 ns1 postfix/smtpd[6191]: warning:
> unknown[185.234.217.61]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
> May 13 08:44:52 ns1 postfix/smtpd[11760]: warning:
> unknown[181.214.206.20]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
> May 13 08:45:17 ns1 postfix/smtpd[6191]: warning:
> unknown[185.234.218.130]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
> May 13 08:45:23 ns1 postfix/smtpd[11760]: warning:
> unknown[5.101.40.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
> May 13 08:45:30 ns1 postfix/smtpd[11766]: warning:
> unknown[181.214.206.20]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
> May 13 08:45:32 ns1 postfix/smtpd[6191]: warning:
> unknown[181.214.206.101]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
> May 13 08:46:05 ns1 postfix/smtpd[11760]: warning:
> unknown[201.162.182.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
> May 13 08:46:09 ns1 postfix/smtpd[11766]: warning:
> unknown[181.214.206.101]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
> May 13 08:47:33 ns1 postfix/smtpd[11766]: warning:
> unknown[5.101.40.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
>

It is the base 64 encoding of Password:

Re: SASL LOGIN authentication failed

[Matthew Broadhead]

i get loads of these from different ip addresses all over the world with 
the exact same password.  no idea what causes it.  i always wondered 
myself. e.g. cat /var/log/maillog | grep UGFzc3dvcmQ6


...

May 13 08:43:43 ns1 postfix/smtpd[8800]: warning: unknown[46.148.27.71]: 
SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:44:28 ns1 postfix/smtpd[6191]: warning: 
unknown[185.234.217.61]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:44:52 ns1 postfix/smtpd[11760]: warning: 
unknown[181.214.206.20]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:45:17 ns1 postfix/smtpd[6191]: warning: 
unknown[185.234.218.130]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:45:23 ns1 postfix/smtpd[11760]: warning: unknown[5.101.40.66]: 
SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:45:30 ns1 postfix/smtpd[11766]: warning: 
unknown[181.214.206.20]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:45:32 ns1 postfix/smtpd[6191]: warning: 
unknown[181.214.206.101]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:46:05 ns1 postfix/smtpd[11760]: warning: 
unknown[201.162.182.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:46:09 ns1 postfix/smtpd[11766]: warning: 
unknown[181.214.206.101]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:47:33 ns1 postfix/smtpd[11766]: warning: unknown[5.101.40.66]: 
SASL LOGIN authentication failed: UGFzc3dvcmQ6



On 13/05/18 06:42, @lbutlr wrote:

In these log lines, what is "UGFzc3dvcmQ6"?

May 12 07:52:07 mail submit-tls/smtpd[32670]: warning: 
vps1590651.vs.webtropia-customer.com[62.141.41.104]: SASL LOGIN authentication 
failed: UGFzc3dvcmQ6
May 12 17:05:14 mail submit-tls/smtpd[87898]: warning: 
ma350.mars.fastwebserver.de[193.111.198.88]: SASL LOGIN authentication failed: 
UGFzc3dvcmQ6
May 12 18:21:36 mail submit-tls/smtpd[65165]: warning: 
vps1590646.vs.webtropia-customer.com[62.141.41.114]: SASL LOGIN authentication 
failed: UGFzc3dvcmQ6

Re: SASL LOGIN authentication failed

[Durga Prasad Malyala]

Wonderful words to reflect on.. on a Sunday.

You too will get old. And when you do you'll fantasize that when you
were young prices where reasonable, politicians were noble, and children
respected their elders. Respect your elders.

Rgds/DP
9849111010 

Sent from my iPhone. Pls excuse brevity and typos if any. 

> On 13-May-2018, at 10:57 AM, @lbutlr  wrote:
> 
> You too will get old. And when you do you'll fantasize that when you
> were young prices where reasonable, politicians were noble, and children
> respected their elders. Respect your elders.

Re: SASL LOGIN authentication failed

[@lbutlr]

On 2018-05-12 (23:01 MDT), Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
> 
>> On May 13, 2018, at 12:42 AM, @lbutlr <krem...@kreme.com> wrote:
>> 
>> In these log lines, what is "UGFzc3dvcmQ6"?
>> 
>> May 12 07:52:07 mail submit-tls/smtpd[32670]: warning: 
>> vps1590651.vs.webtropia-customer.com[62.141.41.104]: SASL LOGIN 
>> authentication failed: UGFzc3dvcmQ6
> 
> $ printf "%s\n" $(printf "%s\n" UGFzc3dvcmQ6 | openssl base64 -d)
> Password:

So, is that what the morons tried to login with (I have a few others that using 
your snippet decode to "Username:" (VXNlcm5hbWU6), they are trying to login 
with a base64 encode of "Usernae:" or "Password:"?

-- 
You too will get old. And when you do you'll fantasize that when you
were young prices where reasonable, politicians were noble, and children
respected their elders. Respect your elders.

Re: SASL LOGIN authentication failed

[Viktor Dukhovni]

> On May 13, 2018, at 12:42 AM, @lbutlr <krem...@kreme.com> wrote:
> 
> In these log lines, what is "UGFzc3dvcmQ6"?
> 
> May 12 07:52:07 mail submit-tls/smtpd[32670]: warning: 
> vps1590651.vs.webtropia-customer.com[62.141.41.104]: SASL LOGIN 
> authentication failed: UGFzc3dvcmQ6

$ printf "%s\n" $(printf "%s\n" UGFzc3dvcmQ6 | openssl base64 -d)
Password:

-- 
Viktor.

Re: SASL LOGIN authentication failed: no mechanism available

[Nick]

Hi Viktor,

I switched to dovecot and the email went through fine this time! You rock!

Thanks so much for the help!


Viktor Dukhovni wrote:

On Thu, Feb 09, 2017 at 04:05:25PM +, Viktor Dukhovni wrote:

  

On Thu, Feb 09, 2017 at 12:45:44PM -0300, Nick wrote:



I have just tried adding multiple symlinks, restarted postfix and saslauthd
but the same error persists,
  

Time to configure "debug_peer_list" to include the IP address of
the client that is triggering the errors.  More may become apparent
from verbose logs.  Be aware that the client may send base64-encoded
plaintext passwords to the server.  Excise any password-bearing
base64 payload from any logs you post.  Since the passwords end up
in syslog output files, you may want to change any password used
after you get this working.



Also, you seem to be trying to use "rimap".  If your IMAP server
is dovecot, it is much simpler to use the dovecot SASL backend
instead.

Indeed you may in fact be configured to use Dovecot, since I
don't see:

smtpd_sasl_type = cyrus

in your "postconf -n" output.  That could explain why the Cyrus
smtpd.conf is not used...

  

Re: SASL LOGIN authentication failed: no mechanism available

[Viktor Dukhovni]

On Thu, Feb 09, 2017 at 04:05:25PM +, Viktor Dukhovni wrote:

> On Thu, Feb 09, 2017 at 12:45:44PM -0300, Nick wrote:
> 
> > I have just tried adding multiple symlinks, restarted postfix and saslauthd
> > but the same error persists,
> 
> Time to configure "debug_peer_list" to include the IP address of
> the client that is triggering the errors.  More may become apparent
> from verbose logs.  Be aware that the client may send base64-encoded
> plaintext passwords to the server.  Excise any password-bearing
> base64 payload from any logs you post.  Since the passwords end up
> in syslog output files, you may want to change any password used
> after you get this working.

Also, you seem to be trying to use "rimap".  If your IMAP server
is dovecot, it is much simpler to use the dovecot SASL backend
instead.

Indeed you may in fact be configured to use Dovecot, since I
don't see:

smtpd_sasl_type = cyrus

in your "postconf -n" output.  That could explain why the Cyrus
smtpd.conf is not used...

-- 
Viktor.

Re: SASL LOGIN authentication failed: no mechanism available

[Viktor Dukhovni]

On Thu, Feb 09, 2017 at 12:45:44PM -0300, Nick wrote:

> I have just tried adding multiple symlinks, restarted postfix and saslauthd
> but the same error persists,

Time to configure "debug_peer_list" to include the IP address of
the client that is triggering the errors.  More may become apparent
from verbose logs.  Be aware that the client may send base64-encoded
plaintext passwords to the server.  Excise any password-bearing
base64 payload from any logs you post.  Since the passwords end up
in syslog output files, you may want to change any password used
after you get this working.

-- 
Viktor.

Re: SASL LOGIN authentication failed: no mechanism available

[Nick]

Hi Viktor,

Thanks for the help!

Postfix is from Ubuntu apt official repo, version is 2.11.

# postconf -d | grep mail_version
mail_version = 2.11.0

I have just tried adding multiple symlinks, restarted postfix and 
saslauthd but the same error persists,


# ls -lah /usr/lib/sasl2/smtpd.conf
lrwxrwxrwx 1 root root 28 Feb  9 10:35 /usr/lib/sasl2/smtpd.conf -> 
/etc/postfix/sasl/smtpd.conf


# ls -lah /etc/sasl2/smtpd.conf
lrwxrwxrwx 1 root root 28 Feb  9 10:40 /etc/sasl2/smtpd.conf -> 
/etc/postfix/sasl/smtpd.conf


# ls -lah /var/lib/sasl2/smtpd.conf
lrwxrwxrwx 1 root root 28 Feb  9 10:41 /var/lib/sasl2/smtpd.conf -> 
/etc/postfix/sasl/smtpd.conf


Im running chroot'ed postfix:

root@server:~# grep smtp /etc/postfix/master.cf
smtp  inet  n   -   -   -   -   smtpd
#smtp  inet  n   -   -   -   1   postscreen
#smtpd pass  -   -   -   -   -   smtpd
#submission inet n   -   -   -   -   smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#smtps inet  n   -   -   -   -   smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
smtp  unix  -   -   -   -   -   smtp
relay unix  -   -   -   -   -   smtp
#   -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
bsmtp unix  -   n   n   -   -   pipe
 flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender 
$recipient



saslauthd option is configured with the chroot'ed path.

root@server:~# cat /etc/default/saslauthd
START=yes
NAME=saslauthd
MECHANISMS="rimap"
#imap server address
MECH_OPTIONS="localhost"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

# ls -lah /var/spool/postfix/var/run/saslauthd
total 976K
drwx--x--- 2 root sasl 4.0K Feb  9 10:41 .
drwxr-xr-x 3 root root 4.0K Feb  8 23:46 ..
-rw--- 1 root root0 Feb  9 10:41 cache.flock
-rw--- 1 root root 963K Feb  9 10:41 cache.mmap
srwxrwxrwx 1 root root0 Feb  9 10:41 mux
-rw--- 1 root root0 Feb  9 10:41 mux.accept
-rw--- 1 root root6 Feb  9 10:41 saslauthd.pid

Not sure if Im missing anything.

Thank you so much guys!

Viktor Dukhovni wrote:

On Thu, Feb 09, 2017 at 12:05:08PM -0300, Nick wrote:

  

Hi Chris,

Thank you for the prompt reply, package its already installed.



What Postfix version?  Is Postfix from the Debian package, or
your own build?

Upthread you mention /etc/postfix/sasl/smtpd.conf, that would not
be used if your Postfix is not modified (e.g. by the Debian release
maintainers) to do that (or perhaps a symlink is expected from
the default location to /etc/postfix/sasl/):

SASL_README:

  * Cyrus SASL version 2.x searches for the configuration file in /usr/lib/
sasl2/.

  * Cyrus SASL version 2.1.22 and newer additionally search in /etc/sasl2/.

  * Some Postfix distributions are modified and look for the Cyrus SASL
configuration file in /etc/postfix/sasl/, /var/lib/sasl2/ etc. See the
distribution-specific documentation to determine the expected location.

Note

Cyrus SASL searches /usr/lib/sasl2/ first. If it finds the specified
configuration file there, it will not examine other locations.

And of course you need to make sure that any chroot settings in
master.cf are compatible with the saslauthd mux socket location.

  

Re: SASL LOGIN authentication failed: no mechanism available

[Nick]

Hi chaouche,

I appreciate the quick help, I provided the config files on my very 
first email, below is the smtpd.conf file, let me know if you want me to 
paste all the config files again,


# cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
auxprop_plugin: rimap
log_level: 7

Kind Regards,

SB-Nick.
Certified System and Network Administrator.

http://www.serverbuddies.com
Technical Support Manager

n...@serverbuddies.com

Providing Dedicated Server Solutions Just a Click AWAY!
---



chaouche yacine wrote:
Hi Nick, 



I'm curious to know what's inside your /etc/postfix/sasl/smtpd.conf file ? 



  

Re: SASL LOGIN authentication failed: no mechanism available

[Viktor Dukhovni]

On Thu, Feb 09, 2017 at 12:05:08PM -0300, Nick wrote:

> Hi Chris,
> 
> Thank you for the prompt reply, package its already installed.

What Postfix version?  Is Postfix from the Debian package, or
your own build?

Upthread you mention /etc/postfix/sasl/smtpd.conf, that would not
be used if your Postfix is not modified (e.g. by the Debian release
maintainers) to do that (or perhaps a symlink is expected from
the default location to /etc/postfix/sasl/):

SASL_README:

  * Cyrus SASL version 2.x searches for the configuration file in /usr/lib/
sasl2/.

  * Cyrus SASL version 2.1.22 and newer additionally search in /etc/sasl2/.

  * Some Postfix distributions are modified and look for the Cyrus SASL
configuration file in /etc/postfix/sasl/, /var/lib/sasl2/ etc. See the
distribution-specific documentation to determine the expected location.

Note

Cyrus SASL searches /usr/lib/sasl2/ first. If it finds the specified
configuration file there, it will not examine other locations.

And of course you need to make sure that any chroot settings in
master.cf are compatible with the saslauthd mux socket location.

-- 
Viktor.

Re: SASL LOGIN authentication failed: no mechanism available

[chaouche yacine]

Hi Nick, 


I'm curious to know what's inside your /etc/postfix/sasl/smtpd.conf file ? 

Re: SASL LOGIN authentication failed: no mechanism available

[Nick]

Hi Chris,

Thank you for the prompt reply, package its already installed.

root@server:~# dpkg --get-selections | grep -i sasl2
libsasl2-2:amd64install
libsasl2-modules:amd64install
libsasl2-modules-db:amd64install
sasl2-bininstall

root@server:~# apt-get install libsasl2-modules
Reading package lists... Done
Building dependency tree  
Reading state information... Done

libsasl2-modules is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 225 not upgraded.
root@server:~#

Any guidance will be appreciated!


Christian Kivalo wrote:



On 2017-02-09 09:09, Nick - ServerBuddies Support wrote:

Hello guys,

For some reason Im unable to send any email from this postfix server,
Im getting the following error:

Feb  9 03:00:35 buf postfix/smtpd[6424]: warning: SASL PLAIN
authentication failed: no mechanism available


For debian install the package libsasl2-modules

Re: SASL LOGIN authentication failed: no mechanism available

[Christian Kivalo]

On 2017-02-09 09:09, Nick - ServerBuddies Support wrote:

Hello guys,

For some reason Im unable to send any email from this postfix server,
Im getting the following error:

Feb  9 03:00:35 buf postfix/smtpd[6424]: warning: SASL PLAIN
authentication failed: no mechanism available


For debian install the package libsasl2-modules

--
 Christian Kivalo

SASL LOGIN authentication failed: no mechanism available

[Nick - ServerBuddies Support]

Hello guys,

For some reason Im unable to send any email from this postfix server, Im 
getting the following error:


Feb  9 03:00:35 buf postfix/smtpd[6424]: warning: SASL PLAIN 
authentication failed: no mechanism available


No more errors than the one below appears on logs.
Im using rimap for checking valid mailbox accounts, receiving email 
through POP3/IMAP works just fine.

Im able to get a Success when testing the mailbox with testsaslauth:

# testsaslauthd -u t...@domain.tld -p passwd -f 
/var/spool/postfix/var/run/saslauthd/mux

0: OK "Success.

Adding typos on file /etc/postfix/sasl/smtpd.conf doesnt return any 
error from postfix so Im wondering if its really loading it.
Additionally, have tried to run saslauthd in debug/verbose mode when 
sending an email from my email client but I dont see any connection 
attempt or error in there, just the "no mechanism available" error on 
the postfix log.


Below is my postconf, master.cf and saslauthd config, please let me know 
if you need further details to help me find the cause of the problem, 
any help is highly appreciated!


root@server:~# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
inet_protocols = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = localhost.localdomain, localhost
mynetworks = 138.128.20.50/32 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_mynetworks reject_invalid_hostname 
reject_non_fqdn_sender reject_non_fqdn_recipient 
reject_unknown_recipient_domain reject_unknown_sender_domain 
reject_unauth_pipelining permit_sasl_authenticated reject_unauth_destination

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = 
mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf

virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

# cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
auxprop_plugin: rimap
log_level: 7

# cat /etc/default/saslauthd
START=yes
NAME=saslauthd
MECHANISMS="rimap"
#imap server address
MECH_OPTIONS="localhost"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

root@server:~# cat /etc/postfix/master.cf
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==
# service type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (yes)   (never) (100)
# ==
smtp  inet  n   -   -   -   -   smtpd
#smtp  inet  n   -   -   -   1   postscreen
#smtpd pass  -   -   -   -   -   smtpd
#dnsblog   unix  -   -   -   -   0   dnsblog
#tlsproxy  unix  -   -   -   -   0   tlsproxy
#submission inet n   -   -   -   -   smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps inet  n   -   -   -   -   smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628   inet  n   -   -   -   -   qmqpd
pickupunix  n   -   -   60  1   pickup
cleanup   unix  n   -   -   -   

Re: Show username for SASL LOGIN authentication failed:?

[Bogdan Enache]

Hi.

On 09.06.2013 18:12, Charles Marcus wrote:
 On 2013-06-09 10:34 AM, Zhang Huangbin zhbmaillisto...@gmail.com wrote:
 On Sunday, June 9, 2013 at 10:09 PM, Charles Marcus wrote:
 Dovecot uses login_log_format_elements to determine what it logs for
 login attempts... you'll find the variables it supports here:

 http://wiki2.dovecot.org/Variables?highlight=%28login_log_format_elements%29


 Mine (which logs the username) looks like:

 login_log_format_elements = user=%u method=%m rip=%r lport=%{lport}
 mpid=%e %c session=%{session}

 This works for IMAP/POP3/Managesieve services provided by Dovecot, and
 logged in Dovecot log file, but it won't appear in Postfix/Dovecot
 log files for
 SMTP service.

 Hmmm... well, I definitely see the usernames on my system
 (postfix+dovecot) for both successful and unsuccessful logins...

 successful login:

 2013-06-09T10:50:38-04:00 myhost postfix-587/smtpd[5807]: E9482B73AF4:
 client=client.example.com[192.168.1.110], sasl_method=PLAIN,
 sasl_username=myu...@example.com

 bad password:

 2013-06-09T11:02:38-04:00 myhost postfix-587/smtpd[5903]: connect from
 myclient.example.com[###.###.###.###]
 2013-06-09T11:02:38-04:00 myhost dovecot: auth-worker(5904):
 sql(validu...@example.com,###.###.###.###): Password mismatch

 invalid username:

 2013-06-09T11:01:45-04:00 myhost postfix-587/smtpd[5903]: connect from
 myclient.example.com[###.###.###.###]
 2013-06-09T11:01:50-04:00 myhost dovecot: auth-worker(5904):
 sql(invalidu...@example.com,###.###.###.###): unknown user

 So, it is possible...


I just enabled login_log_format_elements as:
login_log_format_elements = user=%u method=%m rip=%r lport=%{lport}
service=%s mpid=%e %c session=%{session}

I get more info than usual (service, mpid, session) but still nothing
for smtp. Clearly, I'm missing something. Probably my dovecot/postfix
combo is too old.

Re: Show username for SASL LOGIN authentication failed:?

[Charles Marcus]

On 2013-06-10 4:57 PM, Bogdan Enache enachebog...@gmx.com wrote:

Hi.

On 09.06.2013 18:12, Charles Marcus wrote:

On 2013-06-09 10:34 AM, Zhang Huangbin zhbmaillisto...@gmail.com wrote:

On Sunday, June 9, 2013 at 10:09 PM, Charles Marcus wrote:

Dovecot uses login_log_format_elements to determine what it logs for
login attempts... you'll find the variables it supports here:

http://wiki2.dovecot.org/Variables?highlight=%28login_log_format_elements%29


Mine (which logs the username) looks like:

login_log_format_elements = user=%u method=%m rip=%r lport=%{lport}
mpid=%e %c session=%{session}

This works for IMAP/POP3/Managesieve services provided by Dovecot, and
logged in Dovecot log file, but it won't appear in Postfix/Dovecot
log files for
SMTP service.

Hmmm... well, I definitely see the usernames on my system
(postfix+dovecot) for both successful and unsuccessful logins...

successful login:

2013-06-09T10:50:38-04:00 myhost postfix-587/smtpd[5807]: E9482B73AF4:
client=client.example.com[192.168.1.110], sasl_method=PLAIN,
sasl_username=myu...@example.com

bad password:

2013-06-09T11:02:38-04:00 myhost postfix-587/smtpd[5903]: connect from
myclient.example.com[###.###.###.###]
2013-06-09T11:02:38-04:00 myhost dovecot: auth-worker(5904):
sql(validu...@example.com,###.###.###.###): Password mismatch

invalid username:

2013-06-09T11:01:45-04:00 myhost postfix-587/smtpd[5903]: connect from
myclient.example.com[###.###.###.###]
2013-06-09T11:01:50-04:00 myhost dovecot: auth-worker(5904):
sql(invalidu...@example.com,###.###.###.###): unknown user

So, it is possible...


I just enabled login_log_format_elements as:
login_log_format_elements = user=%u method=%m rip=%r lport=%{lport}
service=%s mpid=%e %c session=%{session}

I get more info than usual (service, mpid, session) but still nothing
for smtp. Clearly, I'm missing something. Probably my dovecot/postfix
combo is too old.


How old?

Anyway, I just went back and looked, and I believe to get the username 
you also have to add:


protocol smtp {
  auth_verbose = yes
}

But mine is 2.1.16, soon to be 2.2...

--

Best regards,

Charles

Re: Show username for SASL LOGIN authentication failed:?

[Wietse Venema]

Benny Pedersen:
 Bogdan Enache skrev den 2013-06-08 12:09:
 
  mx1 postfix/smtpd[1069]: warning: unknown[89.xx.xx.xx]: SASL LOGIN
  authentication failed: UGFzc3dvcmQ6
  Which is perfectly normal.
 
 normal in what way ?
 
 i have seen this here aswell with that user
 
  But how can I also show the username that was tried in the logs? I 
  want
  to see:
  1. Which user keeps entering the wrong password.
 
 UGFzc3dvcmQ6 is a user that uses somekind of tor networking where port 
 25 is not gething direct, so we all see him using more then one ip in 
 postfix

In this universe, the string 'UGFzc3dvcmQ6' is the base64-encoded
value of the string 'Password:'.

Wietse

Re: Show username for SASL LOGIN authentication failed:?

[Bogdan Enache]

Hi list.

On 09.06.2013 03:35, LuKreme wrote:
 On 08 Jun 2013, at 04:09 , Bogdan Enache enachebog...@gmx.com wrote:

 But how can I also show the username that was tried in the logs? I want
 to see:
 1. Which user keeps entering the wrong password.
 2. What user is someone else trying to hijack.
 Are you using courier authlib?

 It has a DEBUG_LOGIN setting which will put the login AND password in the 
 logs. I believe it will log incorrect password attempts as well.
No, I'm using Dovecot SASL login.


 I have fail2ban installed and working (banning IPs for 1 hour after 10 
 incorrect passwords)
 10? That seems overly generous.

 My fail2ban was set at 1 hour for 3 failed attempts and a day for 10.

Unfortunately if I try lowering it from 10 to 3 I will receive like 20
phone calls a day about users that don't know how to check when CAPS
LOCK is on or off.

So I guess it's not easily doable using Dovecot SALS, right?

Thanks!

Re: Show username for SASL LOGIN authentication failed:?

[Charles Marcus]

On 2013-06-08 6:09 AM, Bogdan Enache enachebog...@gmx.com wrote:

But how can I also show the username that was tried in the logs? I want
to see:
1. Which user keeps entering the wrong password.
2. What user is someone else trying to hijack.


Since you left out the critical fact that you are using dovecot sasl, I 
didn't respond to this.


Dovecot uses login_log_format_elements to determine what it logs for 
login attempts... you'll find the variables it supports here:


http://wiki2.dovecot.org/Variables?highlight=%28login_log_format_elements%29

Mine (which logs the username) looks like:

login_log_format_elements = user=%u method=%m rip=%r lport=%{lport} 
mpid=%e %c session=%{session}


Hope this helps...

Charles

Re: Show username for SASL LOGIN authentication failed:?

[Zhang Huangbin]

On Sunday, June 9, 2013 at 10:09 PM, Charles Marcus wrote:

 
 Dovecot uses login_log_format_elements to determine what it logs for 
 login attempts... you'll find the variables it supports here:
 
 http://wiki2.dovecot.org/Variables?highlight=%28login_log_format_elements%29
 
 Mine (which logs the username) looks like:
 
 login_log_format_elements = user=%u method=%m rip=%r lport=%{lport} 
 mpid=%e %c session=%{session}
 


This works for IMAP/POP3/Managesieve services provided by Dovecot, and
logged in Dovecot log file, but it won't appear in Postfix/Dovecot log files for
SMTP service.


Zhang Huangbin
iRedMail: free, open source mail server solution for Red Hat
Enterprise Linux, CentOS, Scientific Linux, Debian, Ubuntu,
openSUSE, FreeBSD, OpenBSD. http://www.iredmail.org/

Re: Show username for SASL LOGIN authentication failed:?

[Jerry]

On Sun, 09 Jun 2013 16:44:13 +0300
Bogdan Enache articulated:

 Unfortunately if I try lowering it from 10 to 3 I will receive like 20
 phone calls a day about users that don't know how to check when CAPS
 LOCK is on or off.

20 calls from 20,000 users would be insignificant. From 100 users, a
troubling amount. Install an automated answering system to handle
routine calls like that.

As far as determining if the CAPS LOCK is set, there is one thing I
have learned in life, You cannot fix stupid. You are always going to
have a percentage of users who cannot chew gum and walk at the same
time.

-- 
Jerry ✌
postfix-u...@seibercom.net
_
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Re: Show username for SASL LOGIN authentication failed:?

[Charles Marcus]

On 2013-06-09 10:34 AM, Zhang Huangbin zhbmaillisto...@gmail.com wrote:

On Sunday, June 9, 2013 at 10:09 PM, Charles Marcus wrote:

Dovecot uses login_log_format_elements to determine what it logs for
login attempts... you'll find the variables it supports here:

http://wiki2.dovecot.org/Variables?highlight=%28login_log_format_elements%29

Mine (which logs the username) looks like:

login_log_format_elements = user=%u method=%m rip=%r lport=%{lport}
mpid=%e %c session=%{session}



This works for IMAP/POP3/Managesieve services provided by Dovecot, and
logged in Dovecot log file, but it won't appear in Postfix/Dovecot log files for
SMTP service.


Hmmm... well, I definitely see the usernames on my system (postfix+dovecot) for 
both successful and unsuccessful logins...

successful login:

2013-06-09T10:50:38-04:00 myhost postfix-587/smtpd[5807]: E9482B73AF4: 
client=client.example.com[192.168.1.110], sasl_method=PLAIN, 
sasl_username=myu...@example.com

bad password:

2013-06-09T11:02:38-04:00 myhost postfix-587/smtpd[5903]: connect from 
myclient.example.com[###.###.###.###]
2013-06-09T11:02:38-04:00 myhost dovecot: auth-worker(5904): 
sql(validu...@example.com,###.###.###.###): Password mismatch

invalid username:

2013-06-09T11:01:45-04:00 myhost postfix-587/smtpd[5903]: connect from 
myclient.example.com[###.###.###.###]
2013-06-09T11:01:50-04:00 myhost dovecot: auth-worker(5904): 
sql(invalidu...@example.com,###.###.###.###): unknown user

So, it is possible...

Show username for SASL LOGIN authentication failed:?

[Bogdan Enache]

Hi.
When an user inputs an incorrect password, I have the following message
in the logs:
mx1 postfix/smtpd[1069]: warning: unknown[89.xx.xx.xx]: SASL LOGIN
authentication failed: UGFzc3dvcmQ6
Which is perfectly normal.

But how can I also show the username that was tried in the logs? I want
to see:
1. Which user keeps entering the wrong password.
2. What user is someone else trying to hijack.

I need this because a user of mine was hijacked a few days ago. I have
fail2ban installed and working (banning IPs for 1 hour after 10
incorrect passwords), but looking through the logs in the last month I
realized this might have been a distributed attack actually.

Running postfix 2.5.9.

Thanks!

Re: Show username for SASL LOGIN authentication failed:?

[Wietse Venema]

Bogdan Enache:
 Hi.
 When an user inputs an incorrect password, I have the following message
 in the logs:
 mx1 postfix/smtpd[1069]: warning: unknown[89.xx.xx.xx]: SASL LOGIN
 authentication failed: UGFzc3dvcmQ6
 Which is perfectly normal.

'UGFzc3dvcmQ6' decodes into 'Password:'. That's part of the
SASL LOGIN protocol. There are a dozen different protocols,
and those protocols are implemented by the Cyrus SASL library
or Dovecot authentication server.

Postfix normally retrieves the username from the Cyrus SASL library
AFTER successful authentication. The libsasl documentation does
not promise that such information is available after login failure.

 But how can I also show the username that was tried in the logs? I want
 to see:
 1. Which user keeps entering the wrong password.
 2. What user is someone else trying to hijack.

This requires adding code that looks up the username after
authentication failure, and finding out whether that information
is available at all.

Another approach would be to rate-limit AUTH commands (by duplicating
the code for rate-limiting the STARTTLS command).  That would stop
a dictionary attack from one bad client, but not from a botnet.

Or, one could run a network sniffer and rip the information from the
TCP packets.

Wietse

Re: Show username for SASL LOGIN authentication failed:?

[LuKreme]

On 08 Jun 2013, at 04:09 , Bogdan Enache enachebog...@gmx.com wrote:

 But how can I also show the username that was tried in the logs? I want
 to see:
 1. Which user keeps entering the wrong password.
 2. What user is someone else trying to hijack.

Are you using courier authlib?

It has a DEBUG_LOGIN setting which will put the login AND password in the logs. 
I believe it will log incorrect password attempts as well.

 I have fail2ban installed and working (banning IPs for 1 hour after 10 
 incorrect passwords)

10? That seems overly generous.

My fail2ban was set at 1 hour for 3 failed attempts and a day for 10.

-- 
NO ONE WANTS TO HEAR FROM MY ARMPITS Bart chalkboard Ep. 3F01

Re: Show username for SASL LOGIN authentication failed:?

[Benny Pedersen]

Bogdan Enache skrev den 2013-06-08 12:09:


mx1 postfix/smtpd[1069]: warning: unknown[89.xx.xx.xx]: SASL LOGIN
authentication failed: UGFzc3dvcmQ6
Which is perfectly normal.


normal in what way ?

i have seen this here aswell with that user

But how can I also show the username that was tried in the logs? I 
want

to see:
1. Which user keeps entering the wrong password.


UGFzc3dvcmQ6 is a user that uses somekind of tor networking where port 
25 is not gething direct, so we all see him using more then one ip in 
postfix



2. What user is someone else trying to hijack.


UGFzc3dvcmQ6 is the user that try to use your postfix to sendmail, it 
does not matter if that user is not local, its the auth you see trying 
being abused on your host


i have seen at most 10 failed logins here for that user, so pretty 
common here as well


i have limited it here to remove sasl auth on port 25, and on port 587 
i have limited ipranges to just be the networking users is on, this 
stops it very well for me


I need this because a user of mine was hijacked a few days ago. I 
have

fail2ban installed and working (banning IPs for 1 hour after 10
incorrect passwords), but looking through the logs in the last month 
I

realized this might have been a distributed attack actually.


UGFzc3dvcmQ6 make a fail2ban rule to catch this in logs, and make it 
perm firewalled, not just let fail2ban do its work



Running postfix 2.5.9.


pretty old :)


--
senders that put my email into body content will deliver it to my own 
trashcan, so if you like to get reply, dont do it

SASL LOGIN authentication failed: Invalid authentication mechanism

[l...@airstreamcomm.net]

I am trying to get SASL (with dovecot) setup on postfix 2.6.6 and 
receiving this warning:


warning: domain.tld[ip.add.re.ss]: SASL LOGIN authentication failed: 
Invalid authentication mechanism


There are a number of successful SASL attempts, but a large number of 
these warnings are occurring as well.


Postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_destination_recipient_limit = 1000
default_process_limit = 1000
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 52224000
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
myhostname = osmtp-3.airstreamcomm.net
mynetworks = $config_directory/mynetworks
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
relayhost = omrcd1.parcel-airstreamcomm.net
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sender_bcc_maps = hash:/etc/postfix/sender_bcc
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_data_done_timeout = 900s
smtp_data_init_timeout = 900s
smtp_data_xfer_timeout = 900s
smtp_helo_timeout = 900s
smtp_mail_timeout = 900s
smtp_tls_note_starttls_offer = yes
smtpd_client_event_limit_exceptions = static:all
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, 
permit_sasl_authenticated, check_client_access 
mysql:/etc/postfix/authb4smtp.cf, reject_unauth_destination

smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain, 
reject_non_fqdn_sender, permit

smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.crt
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550

Re: SASL LOGIN authentication failed: Invalid authentication mechanism

[Patrick Ben Koetter]

* l...@airstreamcomm.net l...@airstreamcomm.net:
 I am trying to get SASL (with dovecot) setup on postfix 2.6.6 and
 receiving this warning:
 
 warning: domain.tld[ip.add.re.ss]: SASL LOGIN authentication failed:
 Invalid authentication mechanism

The client attempts to use a mechanism Postfix does not offer. Actually it is
dovecot - acting as SASL service - who offers a list of mechanisms to Postfix
and Postfix just passes it on.

Take a list at $auth_mechanisms in /etc/dovecot/conf.d/10-auth.conf and see
if you can match what your clients ask for.

p@rick


-- 
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.

saslfinger (debugging SMTP AUTH):
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/

Re: SASL LOGIN authentication failed: Invalid authentication mechanism

[Wietse Venema]

l...@airstreamcomm.net:
 I am trying to get SASL (with dovecot) setup on postfix 2.6.6 and 
 receiving this warning:
 
 ?warning: domain.tld[ip.add.re.ss]: SASL LOGIN authentication failed: 

This means that the client sent an AUTH LOGIN command, i.e.
a request to use the LOGIN authentication method.

 Invalid authentication mechanism

This means that Postfix SMTP daemon rejects the LOGIN authentication
method, because it's not on the list of methods that the Dovecot
server is configured to support.

Wietse

Re: SASL LOGIN authentication failed: Invalid authentication mechanism

[l...@airstreamcomm.net]

On 8/17/12 3:17 PM, Patrick Ben Koetter wrote:

* l...@airstreamcomm.net l...@airstreamcomm.net:

I am trying to get SASL (with dovecot) setup on postfix 2.6.6 and
receiving this warning:

warning: domain.tld[ip.add.re.ss]: SASL LOGIN authentication failed:
Invalid authentication mechanism

The client attempts to use a mechanism Postfix does not offer. Actually it is
dovecot - acting as SASL service - who offers a list of mechanisms to Postfix
and Postfix just passes it on.

Take a list at $auth_mechanisms in /etc/dovecot/conf.d/10-auth.conf and see
if you can match what your clients ask for.

p@rick



Thanks that did the trick.

Re: SASL LOGIN authentication failed: Invalid authentication mechanism

[/dev/rob0]

On Fri, Aug 17, 2012 at 04:20:38PM -0400, Wietse Venema wrote:
 l...@airstreamcomm.net:
  I am trying to get SASL (with dovecot) setup on postfix 2.6.6
  and receiving this warning:
  
  ?warning: domain.tld[ip.add.re.ss]: SASL LOGIN authentication 
  failed:
 
 This means that the client sent an AUTH LOGIN command, i.e.
 a request to use the LOGIN authentication method.

It's perhaps also worthy of note to mention that the client is 
broken. It should not attempt to use an unlisted AUTH mechanism.

  Invalid authentication mechanism
 
 This means that Postfix SMTP daemon rejects the LOGIN 
 authentication method, because it's not on the list of methods
 that the Dovecot server is configured to support.
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if /dev/rob0 is in the Subject:

SASL LOGIN authentication failed generic failure on localhost

[kibirango moses]

Hullo Users,
I setting up a mailserver with smtp authentication and the backend
database is mysql 5.1.53 with pam_mysql and cyrus-sasl2 2.1.23 on
slackware linux 13.1.When i telnet to test my server side
authenication it gives me the error
below:

rootxx:/etc/postfix# postconf -a
cyrus
dovecot

root@:/etc/postfix# saslauthd -v
saslauthd 2.1.23
authentication mechanisms: getpwent pam rimap shadow ldap

Error from maillog file
x postfix/smtpd[1475]: xsasl_cyrus_server_next: decoded response:
x postfix/smtpd[1475]: warning: SASL authentication failure:
All-whitespace username.
x postfix/smtpd[1475]: warning: localhost[127.0.0.1]: SASL LOGIN
authentication failed: generic failure
x postfix/smtpd[1475]:  localhost[127.0.0.1]: 535.5.7.8 Error:
authentication failed: generic failure.
on doing a testsaslauthd :

#testsaslauthd -u mkk@mydomain  -p password  -f
/var/state/saslauthd/mux -s smtp
0: OK Success.

When i do a Check for  server-side SMTP AUTH configuration. I get the
output below:

#saslfinger -s
-- content of /usr/lib64/sasl2/smtpd.conf --
#Global Parameters
log_level: 7
allow_plaintext: true
pwcheck_method: auxprop
auxprop_plugin: mysql
mech_list: plain login
sql_engine: mysql
sql_database: postfix
sql_user: --- replaced ---
sql_hostnames:127.0.0.1
sql_passwd: --- replaced ---
sql_select: select password from mailbox where username='%u' AND active ='1'
#sql_select: select password from mailbox where username='%u@%r' AND active ='1'
# - saslauthd parameters-#
saslauthd_path : /var/state/saslauthd/mux


-- content of /usr/local/lib/sasl2/smtpd.conf --
#Global Parameters
log_level: 7
allow_plaintext: true
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login
sql_engine: mysql
sql_database: postfix
sql_user: --- replaced ---
sql_hostnames:127.0.0.1
sql_passwd: --- replaced ---
sql_select: select password from mailbox where username='%u' AND active ='1'
#sql_select: select password from mailbox where username='%u@%r' AND active ='1'
# - saslauthd parameters-#
saslauthd_path : /var/state/saslauthd/mux



-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (yes)   (never) (100)
smtp  inet  n   -   n   -   -   smtpd -v
pickupfifo  n   -   n   60  1   pickup
cleanup   unix  n   -   n   -   0   cleanup
qmgr  fifo  n   -   n   300 1   qmgr
tlsmgrunix  -   -   n   1000?   1   tlsmgr
rewrite   unix  -   -   n   -   -   trivial-rewrite
bounceunix  -   -   n   -   0   bounce
defer unix  -   -   n   -   0   bounce
trace unix  -   -   n   -   0   bounce
verifyunix  -   -   n   -   1   verify
flush unix  n   -   n   1000?   0   flush
proxymap  unix  -   -   n   -   -   proxymap
proxywrite unix -   -   n   -   1   proxymap
smtp  unix  -   -   n   -   -   smtp
relay unix  -   -   n   -   -   smtp
   -o smtp_fallback_relay=
showq unix  n   -   n   -   -   showq
error unix  -   -   n   -   -   error
retry unix  -   -   n   -   -   error
discard   unix  -   -   n   -   -   discard
local unix  -   n   n   -   -   local
virtual   unix  -   n   n   -   -   virtual
lmtp  unix  -   -   n   -   -   lmtp
anvil unix  -   -   n   -   1   anvil
scacheunix  -   -   n   -   1   scache
maildrop  unix  -   n   n   -   -   pipe
 flags=ODRhu user=popmail:popmail argv=/usr/bin/maildrop -w 90 -d
${user}@${nexthop}
  ${extension} ${recipient} ${user} ${nexthop}
cyrus unix  -   n   n   -   -   pipe
 user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
old-cyrus unix  -   n   n   -   -   pipe
 flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}

-- mechanisms on localhost --
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN


-- end of saslfinger output --

Fellow users how can i fix this.All advice is highly welocme.

Thanx in advance

Re: SASL LOGIN authentication failed generic failure on localhost

[Patrick Ben Koetter]

* kibirango moses kibsmo...@gmail.com:
 Hullo Users,
 I setting up a mailserver with smtp authentication and the backend
 database is mysql 5.1.53 with pam_mysql and cyrus-sasl2 2.1.23 on
 slackware linux 13.1.When i telnet to test my server side
 authenication it gives me the error
 below:
 
 rootxx:/etc/postfix# postconf -a
 cyrus
 dovecot
 
 root@:/etc/postfix# saslauthd -v
 saslauthd 2.1.23
 authentication mechanisms: getpwent pam rimap shadow ldap
 
 Error from maillog file
 x postfix/smtpd[1475]: xsasl_cyrus_server_next: decoded response:
 x postfix/smtpd[1475]: warning: SASL authentication failure:
 All-whitespace username.
 x postfix/smtpd[1475]: warning: localhost[127.0.0.1]: SASL LOGIN
 authentication failed: generic failure
 x postfix/smtpd[1475]:  localhost[127.0.0.1]: 535.5.7.8 Error:
 authentication failed: generic failure.
 on doing a testsaslauthd :
 
 #testsaslauthd -u mkk@mydomain  -p password  -f
 /var/state/saslauthd/mux -s smtp
 0: OK Success.
 
 When i do a Check for  server-side SMTP AUTH configuration. I get the
 output below:
 
 #saslfinger -s
 -- content of /usr/lib64/sasl2/smtpd.conf --
 #Global Parameters

You are using this chain:

postfix - libsasl - saslauthd - pam - pam_mysql

However you configured /usr/lib64/sasl2/smtpd.conf to go this way:

postfix - libsasl -  mysql

Try this in /usr/lib64/sasl2/smtpd.conf:

pwcheck_method: saslauthd
mech_list: plain login


 -- content of /usr/local/lib/sasl2/smtpd.conf --

remove /usr/local/lib/sasl2/smtpd.conf. You should not need it.

p@rick


-- 
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.

saslfinger (debugging SMTP AUTH):
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/