Re: warning: unknown[137.xxx.xxx.253]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jim Garrison: > On 6/6/2022 3:13 AM, Jaroslaw Rafa wrote: > > Dnia 5.06.2022 o godz. 23:29:05 julio covolato pisze: > >> > >> I would like to know why these messages appear in the mail.log, > >> I know that "UGFzc3dvcmQ6" is base64 encoded for "Password:". > >> Is this some misconfigured internet mail server system (Windows)? > > > > Rather not a misconfigured server, but some stupid bot trying to guess > > passwords. It is a comonly observed thing. > > > >> Blocking these IPs with fail2ban is a good idea? > > > > Probably yes. > > I recently saw this when I rebuilt a Postfix server and forgot to > update a client's password when it changed on the server. > > It seems the error message always contains the base64 encoding of > "Password:" regardless of the actual userid/password. > > Anybody know why the error message displays this (base64 encoded)? Instead of logging the last user's input, which could be a password, Postfix logs the last output from the SASL implementation. Postfix does not understand SASL protocols, it just proxies messages between the SMTP client and the Cyrus library or Dovecot. After successful login, Postfix gets the username from the Cyrus library or from Dovecot. I would not expect that such information is available before a successful login, but someone could prove me wrong. Wietse
Re: warning: unknown[137.xxx.xxx.253]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
On 6/6/2022 3:13 AM, Jaroslaw Rafa wrote: Dnia 5.06.2022 o godz. 23:29:05 julio covolato pisze: I would like to know why these messages appear in the mail.log, I know that "UGFzc3dvcmQ6" is base64 encoded for "Password:". Is this some misconfigured internet mail server system (Windows)? Rather not a misconfigured server, but some stupid bot trying to guess passwords. It is a comonly observed thing. Blocking these IPs with fail2ban is a good idea? Probably yes. I recently saw this when I rebuilt a Postfix server and forgot to update a client's password when it changed on the server. It seems the error message always contains the base64 encoding of "Password:" regardless of the actual userid/password. Anybody know why the error message displays this (base64 encoded)? -- Jim Garrison j...@acm.org
Re: warning: unknown[137.xxx.xxx.253]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Dnia 5.06.2022 o godz. 23:29:05 julio covolato pisze: > > I would like to know why these messages appear in the mail.log, > I know that "UGFzc3dvcmQ6" is base64 encoded for "Password:". > Is this some misconfigured internet mail server system (Windows)? Rather not a misconfigured server, but some stupid bot trying to guess passwords. It is a comonly observed thing. > Blocking these IPs with fail2ban is a good idea? Probably yes. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
warning: unknown[137.xxx.xxx.253]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Hi. I would like to know why these messages appear in the mail.log, I know that "UGFzc3dvcmQ6" is base64 encoded for "Password:". Is this some misconfigured internet mail server system (Windows)? Blocking these IPs with fail2ban is a good idea? Jun 5 23:25:08 saturn postfix/smtps/smtpd[11831]: warning: unknown[178xxx.xxx.58]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jun 5 23:25:08 saturn postfix/smtps/smtpd[11831]: lost connection after AUTH from unknown[178.88.160.58] Jun 5 23:25:08 saturn postfix/smtps/smtpd[11831]: disconnect from unknown[178.xxx.xxx.58] ehlo=1 auth=0/1 commands=1/2 Thanks. -- -- _Engº Julio Cesar Covolato 0v0 /(_)\ F: 55-11-99175-9260 ^ ^ PSI INTERNET --
Re: SASL LOGIN authentication failed
On 13 May 2018, at 1:27 (-0400), @lbutlr wrote: On 2018-05-12 (23:01 MDT), Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: On May 13, 2018, at 12:42 AM, @lbutlr <krem...@kreme.com> wrote: In these log lines, what is "UGFzc3dvcmQ6"? May 12 07:52:07 mail submit-tls/smtpd[32670]: warning: vps1590651.vs.webtropia-customer.com[62.141.41.104]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 $ printf "%s\n" $(printf "%s\n" UGFzc3dvcmQ6 | openssl base64 -d) Password: So, is that what the morons tried to login with (I have a few others that using your snippet decode to "Username:" (VXNlcm5hbWU6), they are trying to login with a base64 encode of "Usernae:" or "Password:"? No, Postfix is logging the stage of an authentication failure in the SASL LOGIN mechanism. It would be unwise to routinely log the wrong credentials used by people who typo a username or password or by bots that have a list of username+password combinations acquired elsewhere. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole
Re: SASL LOGIN authentication failed
On 13/05/18 12:09, Erwan David wrote: Le 05/13/18 à 09:49, Matthew Broadhead a écrit : i get loads of these from different ip addresses all over the world with the exact same password. no idea what causes it. i always wondered myself. e.g. cat /var/log/maillog | grep UGFzc3dvcmQ6 ... May 13 08:43:43 ns1 postfix/smtpd[8800]: warning: unknown[46.148.27.71]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 08:44:28 ns1 postfix/smtpd[6191]: warning: unknown[185.234.217.61]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 08:44:52 ns1 postfix/smtpd[11760]: warning: unknown[181.214.206.20]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 08:45:17 ns1 postfix/smtpd[6191]: warning: unknown[185.234.218.130]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 08:45:23 ns1 postfix/smtpd[11760]: warning: unknown[5.101.40.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 08:45:30 ns1 postfix/smtpd[11766]: warning: unknown[181.214.206.20]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 08:45:32 ns1 postfix/smtpd[6191]: warning: unknown[181.214.206.101]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 08:46:05 ns1 postfix/smtpd[11760]: warning: unknown[201.162.182.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 08:46:09 ns1 postfix/smtpd[11766]: warning: unknown[181.214.206.101]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 08:47:33 ns1 postfix/smtpd[11766]: warning: unknown[5.101.40.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 It is the base 64 encoding of Password: yes i understood that but why is it continuously sent from random ip addresses all over the world where none of my accounts would be signing in from? if i do an ip trace they come from loads of different countries. the hits must be coming from compromised machines?
Re: SASL LOGIN authentication failed
Le 05/13/18 à 09:49, Matthew Broadhead a écrit : > i get loads of these from different ip addresses all over the world > with the exact same password. no idea what causes it. i always > wondered myself. e.g. cat /var/log/maillog | grep UGFzc3dvcmQ6 > > ... > > May 13 08:43:43 ns1 postfix/smtpd[8800]: warning: > unknown[46.148.27.71]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 > May 13 08:44:28 ns1 postfix/smtpd[6191]: warning: > unknown[185.234.217.61]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 > May 13 08:44:52 ns1 postfix/smtpd[11760]: warning: > unknown[181.214.206.20]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 > May 13 08:45:17 ns1 postfix/smtpd[6191]: warning: > unknown[185.234.218.130]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 > May 13 08:45:23 ns1 postfix/smtpd[11760]: warning: > unknown[5.101.40.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 > May 13 08:45:30 ns1 postfix/smtpd[11766]: warning: > unknown[181.214.206.20]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 > May 13 08:45:32 ns1 postfix/smtpd[6191]: warning: > unknown[181.214.206.101]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 > May 13 08:46:05 ns1 postfix/smtpd[11760]: warning: > unknown[201.162.182.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 > May 13 08:46:09 ns1 postfix/smtpd[11766]: warning: > unknown[181.214.206.101]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 > May 13 08:47:33 ns1 postfix/smtpd[11766]: warning: > unknown[5.101.40.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 > It is the base 64 encoding of Password:
Re: SASL LOGIN authentication failed
i get loads of these from different ip addresses all over the world with the exact same password. no idea what causes it. i always wondered myself. e.g. cat /var/log/maillog | grep UGFzc3dvcmQ6 ... May 13 08:43:43 ns1 postfix/smtpd[8800]: warning: unknown[46.148.27.71]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 08:44:28 ns1 postfix/smtpd[6191]: warning: unknown[185.234.217.61]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 08:44:52 ns1 postfix/smtpd[11760]: warning: unknown[181.214.206.20]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 08:45:17 ns1 postfix/smtpd[6191]: warning: unknown[185.234.218.130]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 08:45:23 ns1 postfix/smtpd[11760]: warning: unknown[5.101.40.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 08:45:30 ns1 postfix/smtpd[11766]: warning: unknown[181.214.206.20]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 08:45:32 ns1 postfix/smtpd[6191]: warning: unknown[181.214.206.101]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 08:46:05 ns1 postfix/smtpd[11760]: warning: unknown[201.162.182.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 08:46:09 ns1 postfix/smtpd[11766]: warning: unknown[181.214.206.101]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 08:47:33 ns1 postfix/smtpd[11766]: warning: unknown[5.101.40.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 On 13/05/18 06:42, @lbutlr wrote: In these log lines, what is "UGFzc3dvcmQ6"? May 12 07:52:07 mail submit-tls/smtpd[32670]: warning: vps1590651.vs.webtropia-customer.com[62.141.41.104]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 12 17:05:14 mail submit-tls/smtpd[87898]: warning: ma350.mars.fastwebserver.de[193.111.198.88]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 12 18:21:36 mail submit-tls/smtpd[65165]: warning: vps1590646.vs.webtropia-customer.com[62.141.41.114]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Re: SASL LOGIN authentication failed
Wonderful words to reflect on.. on a Sunday. You too will get old. And when you do you'll fantasize that when you were young prices where reasonable, politicians were noble, and children respected their elders. Respect your elders. Rgds/DP 9849111010 Sent from my iPhone. Pls excuse brevity and typos if any. > On 13-May-2018, at 10:57 AM, @lbutlrwrote: > > You too will get old. And when you do you'll fantasize that when you > were young prices where reasonable, politicians were noble, and children > respected their elders. Respect your elders.
Re: SASL LOGIN authentication failed
On 2018-05-12 (23:01 MDT), Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > >> On May 13, 2018, at 12:42 AM, @lbutlr <krem...@kreme.com> wrote: >> >> In these log lines, what is "UGFzc3dvcmQ6"? >> >> May 12 07:52:07 mail submit-tls/smtpd[32670]: warning: >> vps1590651.vs.webtropia-customer.com[62.141.41.104]: SASL LOGIN >> authentication failed: UGFzc3dvcmQ6 > > $ printf "%s\n" $(printf "%s\n" UGFzc3dvcmQ6 | openssl base64 -d) > Password: So, is that what the morons tried to login with (I have a few others that using your snippet decode to "Username:" (VXNlcm5hbWU6), they are trying to login with a base64 encode of "Usernae:" or "Password:"? -- You too will get old. And when you do you'll fantasize that when you were young prices where reasonable, politicians were noble, and children respected their elders. Respect your elders.
Re: SASL LOGIN authentication failed
> On May 13, 2018, at 12:42 AM, @lbutlr <krem...@kreme.com> wrote: > > In these log lines, what is "UGFzc3dvcmQ6"? > > May 12 07:52:07 mail submit-tls/smtpd[32670]: warning: > vps1590651.vs.webtropia-customer.com[62.141.41.104]: SASL LOGIN > authentication failed: UGFzc3dvcmQ6 $ printf "%s\n" $(printf "%s\n" UGFzc3dvcmQ6 | openssl base64 -d) Password: -- Viktor.
Re: SASL LOGIN authentication failed: no mechanism available
Hi Viktor, I switched to dovecot and the email went through fine this time! You rock! Thanks so much for the help! Viktor Dukhovni wrote: On Thu, Feb 09, 2017 at 04:05:25PM +, Viktor Dukhovni wrote: On Thu, Feb 09, 2017 at 12:45:44PM -0300, Nick wrote: I have just tried adding multiple symlinks, restarted postfix and saslauthd but the same error persists, Time to configure "debug_peer_list" to include the IP address of the client that is triggering the errors. More may become apparent from verbose logs. Be aware that the client may send base64-encoded plaintext passwords to the server. Excise any password-bearing base64 payload from any logs you post. Since the passwords end up in syslog output files, you may want to change any password used after you get this working. Also, you seem to be trying to use "rimap". If your IMAP server is dovecot, it is much simpler to use the dovecot SASL backend instead. Indeed you may in fact be configured to use Dovecot, since I don't see: smtpd_sasl_type = cyrus in your "postconf -n" output. That could explain why the Cyrus smtpd.conf is not used...
Re: SASL LOGIN authentication failed: no mechanism available
On Thu, Feb 09, 2017 at 04:05:25PM +, Viktor Dukhovni wrote: > On Thu, Feb 09, 2017 at 12:45:44PM -0300, Nick wrote: > > > I have just tried adding multiple symlinks, restarted postfix and saslauthd > > but the same error persists, > > Time to configure "debug_peer_list" to include the IP address of > the client that is triggering the errors. More may become apparent > from verbose logs. Be aware that the client may send base64-encoded > plaintext passwords to the server. Excise any password-bearing > base64 payload from any logs you post. Since the passwords end up > in syslog output files, you may want to change any password used > after you get this working. Also, you seem to be trying to use "rimap". If your IMAP server is dovecot, it is much simpler to use the dovecot SASL backend instead. Indeed you may in fact be configured to use Dovecot, since I don't see: smtpd_sasl_type = cyrus in your "postconf -n" output. That could explain why the Cyrus smtpd.conf is not used... -- Viktor.
Re: SASL LOGIN authentication failed: no mechanism available
On Thu, Feb 09, 2017 at 12:45:44PM -0300, Nick wrote: > I have just tried adding multiple symlinks, restarted postfix and saslauthd > but the same error persists, Time to configure "debug_peer_list" to include the IP address of the client that is triggering the errors. More may become apparent from verbose logs. Be aware that the client may send base64-encoded plaintext passwords to the server. Excise any password-bearing base64 payload from any logs you post. Since the passwords end up in syslog output files, you may want to change any password used after you get this working. -- Viktor.
Re: SASL LOGIN authentication failed: no mechanism available
Hi Viktor, Thanks for the help! Postfix is from Ubuntu apt official repo, version is 2.11. # postconf -d | grep mail_version mail_version = 2.11.0 I have just tried adding multiple symlinks, restarted postfix and saslauthd but the same error persists, # ls -lah /usr/lib/sasl2/smtpd.conf lrwxrwxrwx 1 root root 28 Feb 9 10:35 /usr/lib/sasl2/smtpd.conf -> /etc/postfix/sasl/smtpd.conf # ls -lah /etc/sasl2/smtpd.conf lrwxrwxrwx 1 root root 28 Feb 9 10:40 /etc/sasl2/smtpd.conf -> /etc/postfix/sasl/smtpd.conf # ls -lah /var/lib/sasl2/smtpd.conf lrwxrwxrwx 1 root root 28 Feb 9 10:41 /var/lib/sasl2/smtpd.conf -> /etc/postfix/sasl/smtpd.conf Im running chroot'ed postfix: root@server:~# grep smtp /etc/postfix/master.cf smtp inet n - - - - smtpd #smtp inet n - - - 1 postscreen #smtpd pass - - - - - smtpd #submission inet n - - - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject #smtps inet n - - - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject smtp unix - - - - - smtp relay unix - - - - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient saslauthd option is configured with the chroot'ed path. root@server:~# cat /etc/default/saslauthd START=yes NAME=saslauthd MECHANISMS="rimap" #imap server address MECH_OPTIONS="localhost" OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r" # ls -lah /var/spool/postfix/var/run/saslauthd total 976K drwx--x--- 2 root sasl 4.0K Feb 9 10:41 . drwxr-xr-x 3 root root 4.0K Feb 8 23:46 .. -rw--- 1 root root0 Feb 9 10:41 cache.flock -rw--- 1 root root 963K Feb 9 10:41 cache.mmap srwxrwxrwx 1 root root0 Feb 9 10:41 mux -rw--- 1 root root0 Feb 9 10:41 mux.accept -rw--- 1 root root6 Feb 9 10:41 saslauthd.pid Not sure if Im missing anything. Thank you so much guys! Viktor Dukhovni wrote: On Thu, Feb 09, 2017 at 12:05:08PM -0300, Nick wrote: Hi Chris, Thank you for the prompt reply, package its already installed. What Postfix version? Is Postfix from the Debian package, or your own build? Upthread you mention /etc/postfix/sasl/smtpd.conf, that would not be used if your Postfix is not modified (e.g. by the Debian release maintainers) to do that (or perhaps a symlink is expected from the default location to /etc/postfix/sasl/): SASL_README: * Cyrus SASL version 2.x searches for the configuration file in /usr/lib/ sasl2/. * Cyrus SASL version 2.1.22 and newer additionally search in /etc/sasl2/. * Some Postfix distributions are modified and look for the Cyrus SASL configuration file in /etc/postfix/sasl/, /var/lib/sasl2/ etc. See the distribution-specific documentation to determine the expected location. Note Cyrus SASL searches /usr/lib/sasl2/ first. If it finds the specified configuration file there, it will not examine other locations. And of course you need to make sure that any chroot settings in master.cf are compatible with the saslauthd mux socket location.
Re: SASL LOGIN authentication failed: no mechanism available
Hi chaouche, I appreciate the quick help, I provided the config files on my very first email, below is the smtpd.conf file, let me know if you want me to paste all the config files again, # cat /etc/postfix/sasl/smtpd.conf pwcheck_method: saslauthd mech_list: plain login auxprop_plugin: rimap log_level: 7 Kind Regards, SB-Nick. Certified System and Network Administrator. http://www.serverbuddies.com Technical Support Manager n...@serverbuddies.com Providing Dedicated Server Solutions Just a Click AWAY! --- chaouche yacine wrote: Hi Nick, I'm curious to know what's inside your /etc/postfix/sasl/smtpd.conf file ?
Re: SASL LOGIN authentication failed: no mechanism available
On Thu, Feb 09, 2017 at 12:05:08PM -0300, Nick wrote: > Hi Chris, > > Thank you for the prompt reply, package its already installed. What Postfix version? Is Postfix from the Debian package, or your own build? Upthread you mention /etc/postfix/sasl/smtpd.conf, that would not be used if your Postfix is not modified (e.g. by the Debian release maintainers) to do that (or perhaps a symlink is expected from the default location to /etc/postfix/sasl/): SASL_README: * Cyrus SASL version 2.x searches for the configuration file in /usr/lib/ sasl2/. * Cyrus SASL version 2.1.22 and newer additionally search in /etc/sasl2/. * Some Postfix distributions are modified and look for the Cyrus SASL configuration file in /etc/postfix/sasl/, /var/lib/sasl2/ etc. See the distribution-specific documentation to determine the expected location. Note Cyrus SASL searches /usr/lib/sasl2/ first. If it finds the specified configuration file there, it will not examine other locations. And of course you need to make sure that any chroot settings in master.cf are compatible with the saslauthd mux socket location. -- Viktor.
Re: SASL LOGIN authentication failed: no mechanism available
Hi Nick, I'm curious to know what's inside your /etc/postfix/sasl/smtpd.conf file ?
Re: SASL LOGIN authentication failed: no mechanism available
Hi Chris, Thank you for the prompt reply, package its already installed. root@server:~# dpkg --get-selections | grep -i sasl2 libsasl2-2:amd64install libsasl2-modules:amd64install libsasl2-modules-db:amd64install sasl2-bininstall root@server:~# apt-get install libsasl2-modules Reading package lists... Done Building dependency tree Reading state information... Done libsasl2-modules is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 225 not upgraded. root@server:~# Any guidance will be appreciated! Christian Kivalo wrote: On 2017-02-09 09:09, Nick - ServerBuddies Support wrote: Hello guys, For some reason Im unable to send any email from this postfix server, Im getting the following error: Feb 9 03:00:35 buf postfix/smtpd[6424]: warning: SASL PLAIN authentication failed: no mechanism available For debian install the package libsasl2-modules
Re: SASL LOGIN authentication failed: no mechanism available
On 2017-02-09 09:09, Nick - ServerBuddies Support wrote: Hello guys, For some reason Im unable to send any email from this postfix server, Im getting the following error: Feb 9 03:00:35 buf postfix/smtpd[6424]: warning: SASL PLAIN authentication failed: no mechanism available For debian install the package libsasl2-modules -- Christian Kivalo
SASL LOGIN authentication failed: no mechanism available
Hello guys, For some reason Im unable to send any email from this postfix server, Im getting the following error: Feb 9 03:00:35 buf postfix/smtpd[6424]: warning: SASL PLAIN authentication failed: no mechanism available No more errors than the one below appears on logs. Im using rimap for checking valid mailbox accounts, receiving email through POP3/IMAP works just fine. Im able to get a Success when testing the mailbox with testsaslauth: # testsaslauthd -u t...@domain.tld -p passwd -f /var/spool/postfix/var/run/saslauthd/mux 0: OK "Success. Adding typos on file /etc/postfix/sasl/smtpd.conf doesnt return any error from postfix so Im wondering if its really loading it. Additionally, have tried to run saslauthd in debug/verbose mode when sending an email from my email client but I dont see any connection attempt or error in there, just the "no mechanism available" error on the postfix log. Below is my postconf, master.cf and saslauthd config, please let me know if you need further details to help me find the cause of the problem, any help is highly appreciated! root@server:~# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix inet_interfaces = all inet_protocols = all mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 mydestination = localhost.localdomain, localhost mynetworks = 138.128.20.50/32 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_recipient_restrictions = permit_mynetworks reject_invalid_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unknown_sender_domain reject_unauth_pipelining permit_sasl_authenticated reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf # cat /etc/postfix/sasl/smtpd.conf pwcheck_method: saslauthd mech_list: plain login auxprop_plugin: rimap log_level: 7 # cat /etc/default/saslauthd START=yes NAME=saslauthd MECHANISMS="rimap" #imap server address MECH_OPTIONS="localhost" OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r" root@server:~# cat /etc/postfix/master.cf # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp inet n - - - - smtpd #smtp inet n - - - 1 postscreen #smtpd pass - - - - - smtpd #dnsblog unix - - - - 0 dnsblog #tlsproxy unix - - - - 0 tlsproxy #submission inet n - - - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #smtps inet n - - - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd pickupunix n - - 60 1 pickup cleanup unix n - - -
Re: Show username for SASL LOGIN authentication failed:?
Hi. On 09.06.2013 18:12, Charles Marcus wrote: On 2013-06-09 10:34 AM, Zhang Huangbin zhbmaillisto...@gmail.com wrote: On Sunday, June 9, 2013 at 10:09 PM, Charles Marcus wrote: Dovecot uses login_log_format_elements to determine what it logs for login attempts... you'll find the variables it supports here: http://wiki2.dovecot.org/Variables?highlight=%28login_log_format_elements%29 Mine (which logs the username) looks like: login_log_format_elements = user=%u method=%m rip=%r lport=%{lport} mpid=%e %c session=%{session} This works for IMAP/POP3/Managesieve services provided by Dovecot, and logged in Dovecot log file, but it won't appear in Postfix/Dovecot log files for SMTP service. Hmmm... well, I definitely see the usernames on my system (postfix+dovecot) for both successful and unsuccessful logins... successful login: 2013-06-09T10:50:38-04:00 myhost postfix-587/smtpd[5807]: E9482B73AF4: client=client.example.com[192.168.1.110], sasl_method=PLAIN, sasl_username=myu...@example.com bad password: 2013-06-09T11:02:38-04:00 myhost postfix-587/smtpd[5903]: connect from myclient.example.com[###.###.###.###] 2013-06-09T11:02:38-04:00 myhost dovecot: auth-worker(5904): sql(validu...@example.com,###.###.###.###): Password mismatch invalid username: 2013-06-09T11:01:45-04:00 myhost postfix-587/smtpd[5903]: connect from myclient.example.com[###.###.###.###] 2013-06-09T11:01:50-04:00 myhost dovecot: auth-worker(5904): sql(invalidu...@example.com,###.###.###.###): unknown user So, it is possible... I just enabled login_log_format_elements as: login_log_format_elements = user=%u method=%m rip=%r lport=%{lport} service=%s mpid=%e %c session=%{session} I get more info than usual (service, mpid, session) but still nothing for smtp. Clearly, I'm missing something. Probably my dovecot/postfix combo is too old.
Re: Show username for SASL LOGIN authentication failed:?
On 2013-06-10 4:57 PM, Bogdan Enache enachebog...@gmx.com wrote: Hi. On 09.06.2013 18:12, Charles Marcus wrote: On 2013-06-09 10:34 AM, Zhang Huangbin zhbmaillisto...@gmail.com wrote: On Sunday, June 9, 2013 at 10:09 PM, Charles Marcus wrote: Dovecot uses login_log_format_elements to determine what it logs for login attempts... you'll find the variables it supports here: http://wiki2.dovecot.org/Variables?highlight=%28login_log_format_elements%29 Mine (which logs the username) looks like: login_log_format_elements = user=%u method=%m rip=%r lport=%{lport} mpid=%e %c session=%{session} This works for IMAP/POP3/Managesieve services provided by Dovecot, and logged in Dovecot log file, but it won't appear in Postfix/Dovecot log files for SMTP service. Hmmm... well, I definitely see the usernames on my system (postfix+dovecot) for both successful and unsuccessful logins... successful login: 2013-06-09T10:50:38-04:00 myhost postfix-587/smtpd[5807]: E9482B73AF4: client=client.example.com[192.168.1.110], sasl_method=PLAIN, sasl_username=myu...@example.com bad password: 2013-06-09T11:02:38-04:00 myhost postfix-587/smtpd[5903]: connect from myclient.example.com[###.###.###.###] 2013-06-09T11:02:38-04:00 myhost dovecot: auth-worker(5904): sql(validu...@example.com,###.###.###.###): Password mismatch invalid username: 2013-06-09T11:01:45-04:00 myhost postfix-587/smtpd[5903]: connect from myclient.example.com[###.###.###.###] 2013-06-09T11:01:50-04:00 myhost dovecot: auth-worker(5904): sql(invalidu...@example.com,###.###.###.###): unknown user So, it is possible... I just enabled login_log_format_elements as: login_log_format_elements = user=%u method=%m rip=%r lport=%{lport} service=%s mpid=%e %c session=%{session} I get more info than usual (service, mpid, session) but still nothing for smtp. Clearly, I'm missing something. Probably my dovecot/postfix combo is too old. How old? Anyway, I just went back and looked, and I believe to get the username you also have to add: protocol smtp { auth_verbose = yes } But mine is 2.1.16, soon to be 2.2... -- Best regards, Charles
Re: Show username for SASL LOGIN authentication failed:?
Benny Pedersen: Bogdan Enache skrev den 2013-06-08 12:09: mx1 postfix/smtpd[1069]: warning: unknown[89.xx.xx.xx]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Which is perfectly normal. normal in what way ? i have seen this here aswell with that user But how can I also show the username that was tried in the logs? I want to see: 1. Which user keeps entering the wrong password. UGFzc3dvcmQ6 is a user that uses somekind of tor networking where port 25 is not gething direct, so we all see him using more then one ip in postfix In this universe, the string 'UGFzc3dvcmQ6' is the base64-encoded value of the string 'Password:'. Wietse
Re: Show username for SASL LOGIN authentication failed:?
Hi list. On 09.06.2013 03:35, LuKreme wrote: On 08 Jun 2013, at 04:09 , Bogdan Enache enachebog...@gmx.com wrote: But how can I also show the username that was tried in the logs? I want to see: 1. Which user keeps entering the wrong password. 2. What user is someone else trying to hijack. Are you using courier authlib? It has a DEBUG_LOGIN setting which will put the login AND password in the logs. I believe it will log incorrect password attempts as well. No, I'm using Dovecot SASL login. I have fail2ban installed and working (banning IPs for 1 hour after 10 incorrect passwords) 10? That seems overly generous. My fail2ban was set at 1 hour for 3 failed attempts and a day for 10. Unfortunately if I try lowering it from 10 to 3 I will receive like 20 phone calls a day about users that don't know how to check when CAPS LOCK is on or off. So I guess it's not easily doable using Dovecot SALS, right? Thanks!
Re: Show username for SASL LOGIN authentication failed:?
On 2013-06-08 6:09 AM, Bogdan Enache enachebog...@gmx.com wrote: But how can I also show the username that was tried in the logs? I want to see: 1. Which user keeps entering the wrong password. 2. What user is someone else trying to hijack. Since you left out the critical fact that you are using dovecot sasl, I didn't respond to this. Dovecot uses login_log_format_elements to determine what it logs for login attempts... you'll find the variables it supports here: http://wiki2.dovecot.org/Variables?highlight=%28login_log_format_elements%29 Mine (which logs the username) looks like: login_log_format_elements = user=%u method=%m rip=%r lport=%{lport} mpid=%e %c session=%{session} Hope this helps... Charles
Re: Show username for SASL LOGIN authentication failed:?
On Sunday, June 9, 2013 at 10:09 PM, Charles Marcus wrote: Dovecot uses login_log_format_elements to determine what it logs for login attempts... you'll find the variables it supports here: http://wiki2.dovecot.org/Variables?highlight=%28login_log_format_elements%29 Mine (which logs the username) looks like: login_log_format_elements = user=%u method=%m rip=%r lport=%{lport} mpid=%e %c session=%{session} This works for IMAP/POP3/Managesieve services provided by Dovecot, and logged in Dovecot log file, but it won't appear in Postfix/Dovecot log files for SMTP service. Zhang Huangbin iRedMail: free, open source mail server solution for Red Hat Enterprise Linux, CentOS, Scientific Linux, Debian, Ubuntu, openSUSE, FreeBSD, OpenBSD. http://www.iredmail.org/
Re: Show username for SASL LOGIN authentication failed:?
On Sun, 09 Jun 2013 16:44:13 +0300 Bogdan Enache articulated: Unfortunately if I try lowering it from 10 to 3 I will receive like 20 phone calls a day about users that don't know how to check when CAPS LOCK is on or off. 20 calls from 20,000 users would be insignificant. From 100 users, a troubling amount. Install an automated answering system to handle routine calls like that. As far as determining if the CAPS LOCK is set, there is one thing I have learned in life, You cannot fix stupid. You are always going to have a percentage of users who cannot chew gum and walk at the same time. -- Jerry ✌ postfix-u...@seibercom.net _ TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
Re: Show username for SASL LOGIN authentication failed:?
On 2013-06-09 10:34 AM, Zhang Huangbin zhbmaillisto...@gmail.com wrote: On Sunday, June 9, 2013 at 10:09 PM, Charles Marcus wrote: Dovecot uses login_log_format_elements to determine what it logs for login attempts... you'll find the variables it supports here: http://wiki2.dovecot.org/Variables?highlight=%28login_log_format_elements%29 Mine (which logs the username) looks like: login_log_format_elements = user=%u method=%m rip=%r lport=%{lport} mpid=%e %c session=%{session} This works for IMAP/POP3/Managesieve services provided by Dovecot, and logged in Dovecot log file, but it won't appear in Postfix/Dovecot log files for SMTP service. Hmmm... well, I definitely see the usernames on my system (postfix+dovecot) for both successful and unsuccessful logins... successful login: 2013-06-09T10:50:38-04:00 myhost postfix-587/smtpd[5807]: E9482B73AF4: client=client.example.com[192.168.1.110], sasl_method=PLAIN, sasl_username=myu...@example.com bad password: 2013-06-09T11:02:38-04:00 myhost postfix-587/smtpd[5903]: connect from myclient.example.com[###.###.###.###] 2013-06-09T11:02:38-04:00 myhost dovecot: auth-worker(5904): sql(validu...@example.com,###.###.###.###): Password mismatch invalid username: 2013-06-09T11:01:45-04:00 myhost postfix-587/smtpd[5903]: connect from myclient.example.com[###.###.###.###] 2013-06-09T11:01:50-04:00 myhost dovecot: auth-worker(5904): sql(invalidu...@example.com,###.###.###.###): unknown user So, it is possible...
Show username for SASL LOGIN authentication failed:?
Hi. When an user inputs an incorrect password, I have the following message in the logs: mx1 postfix/smtpd[1069]: warning: unknown[89.xx.xx.xx]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Which is perfectly normal. But how can I also show the username that was tried in the logs? I want to see: 1. Which user keeps entering the wrong password. 2. What user is someone else trying to hijack. I need this because a user of mine was hijacked a few days ago. I have fail2ban installed and working (banning IPs for 1 hour after 10 incorrect passwords), but looking through the logs in the last month I realized this might have been a distributed attack actually. Running postfix 2.5.9. Thanks!
Re: Show username for SASL LOGIN authentication failed:?
Bogdan Enache: Hi. When an user inputs an incorrect password, I have the following message in the logs: mx1 postfix/smtpd[1069]: warning: unknown[89.xx.xx.xx]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Which is perfectly normal. 'UGFzc3dvcmQ6' decodes into 'Password:'. That's part of the SASL LOGIN protocol. There are a dozen different protocols, and those protocols are implemented by the Cyrus SASL library or Dovecot authentication server. Postfix normally retrieves the username from the Cyrus SASL library AFTER successful authentication. The libsasl documentation does not promise that such information is available after login failure. But how can I also show the username that was tried in the logs? I want to see: 1. Which user keeps entering the wrong password. 2. What user is someone else trying to hijack. This requires adding code that looks up the username after authentication failure, and finding out whether that information is available at all. Another approach would be to rate-limit AUTH commands (by duplicating the code for rate-limiting the STARTTLS command). That would stop a dictionary attack from one bad client, but not from a botnet. Or, one could run a network sniffer and rip the information from the TCP packets. Wietse
Re: Show username for SASL LOGIN authentication failed:?
On 08 Jun 2013, at 04:09 , Bogdan Enache enachebog...@gmx.com wrote: But how can I also show the username that was tried in the logs? I want to see: 1. Which user keeps entering the wrong password. 2. What user is someone else trying to hijack. Are you using courier authlib? It has a DEBUG_LOGIN setting which will put the login AND password in the logs. I believe it will log incorrect password attempts as well. I have fail2ban installed and working (banning IPs for 1 hour after 10 incorrect passwords) 10? That seems overly generous. My fail2ban was set at 1 hour for 3 failed attempts and a day for 10. -- NO ONE WANTS TO HEAR FROM MY ARMPITS Bart chalkboard Ep. 3F01
Re: Show username for SASL LOGIN authentication failed:?
Bogdan Enache skrev den 2013-06-08 12:09: mx1 postfix/smtpd[1069]: warning: unknown[89.xx.xx.xx]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Which is perfectly normal. normal in what way ? i have seen this here aswell with that user But how can I also show the username that was tried in the logs? I want to see: 1. Which user keeps entering the wrong password. UGFzc3dvcmQ6 is a user that uses somekind of tor networking where port 25 is not gething direct, so we all see him using more then one ip in postfix 2. What user is someone else trying to hijack. UGFzc3dvcmQ6 is the user that try to use your postfix to sendmail, it does not matter if that user is not local, its the auth you see trying being abused on your host i have seen at most 10 failed logins here for that user, so pretty common here as well i have limited it here to remove sasl auth on port 25, and on port 587 i have limited ipranges to just be the networking users is on, this stops it very well for me I need this because a user of mine was hijacked a few days ago. I have fail2ban installed and working (banning IPs for 1 hour after 10 incorrect passwords), but looking through the logs in the last month I realized this might have been a distributed attack actually. UGFzc3dvcmQ6 make a fail2ban rule to catch this in logs, and make it perm firewalled, not just let fail2ban do its work Running postfix 2.5.9. pretty old :) -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it
SASL LOGIN authentication failed: Invalid authentication mechanism
I am trying to get SASL (with dovecot) setup on postfix 2.6.6 and receiving this warning: warning: domain.tld[ip.add.re.ss]: SASL LOGIN authentication failed: Invalid authentication mechanism There are a number of successful SASL attempts, but a large number of these warnings are occurring as well. Postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 default_destination_recipient_limit = 1000 default_process_limit = 1000 html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 52224000 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain myhostname = osmtp-3.airstreamcomm.net mynetworks = $config_directory/mynetworks newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES recipient_bcc_maps = hash:/etc/postfix/recipient_bcc relayhost = omrcd1.parcel-airstreamcomm.net sample_directory = /usr/share/doc/postfix-2.6.6/samples sender_bcc_maps = hash:/etc/postfix/sender_bcc sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_data_done_timeout = 900s smtp_data_init_timeout = 900s smtp_data_xfer_timeout = 900s smtp_helo_timeout = 900s smtp_mail_timeout = 900s smtp_tls_note_starttls_offer = yes smtpd_client_event_limit_exceptions = static:all smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access mysql:/etc/postfix/authb4smtp.cf, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, permit smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.crt smtpd_tls_key_file = /etc/pki/tls/private/postfix.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550
Re: SASL LOGIN authentication failed: Invalid authentication mechanism
* l...@airstreamcomm.net l...@airstreamcomm.net: I am trying to get SASL (with dovecot) setup on postfix 2.6.6 and receiving this warning: warning: domain.tld[ip.add.re.ss]: SASL LOGIN authentication failed: Invalid authentication mechanism The client attempts to use a mechanism Postfix does not offer. Actually it is dovecot - acting as SASL service - who offers a list of mechanisms to Postfix and Postfix just passes it on. Take a list at $auth_mechanisms in /etc/dovecot/conf.d/10-auth.conf and see if you can match what your clients ask for. p@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
Re: SASL LOGIN authentication failed: Invalid authentication mechanism
l...@airstreamcomm.net: I am trying to get SASL (with dovecot) setup on postfix 2.6.6 and receiving this warning: ?warning: domain.tld[ip.add.re.ss]: SASL LOGIN authentication failed: This means that the client sent an AUTH LOGIN command, i.e. a request to use the LOGIN authentication method. Invalid authentication mechanism This means that Postfix SMTP daemon rejects the LOGIN authentication method, because it's not on the list of methods that the Dovecot server is configured to support. Wietse
Re: SASL LOGIN authentication failed: Invalid authentication mechanism
On 8/17/12 3:17 PM, Patrick Ben Koetter wrote: * l...@airstreamcomm.net l...@airstreamcomm.net: I am trying to get SASL (with dovecot) setup on postfix 2.6.6 and receiving this warning: warning: domain.tld[ip.add.re.ss]: SASL LOGIN authentication failed: Invalid authentication mechanism The client attempts to use a mechanism Postfix does not offer. Actually it is dovecot - acting as SASL service - who offers a list of mechanisms to Postfix and Postfix just passes it on. Take a list at $auth_mechanisms in /etc/dovecot/conf.d/10-auth.conf and see if you can match what your clients ask for. p@rick Thanks that did the trick.
Re: SASL LOGIN authentication failed: Invalid authentication mechanism
On Fri, Aug 17, 2012 at 04:20:38PM -0400, Wietse Venema wrote: l...@airstreamcomm.net: I am trying to get SASL (with dovecot) setup on postfix 2.6.6 and receiving this warning: ?warning: domain.tld[ip.add.re.ss]: SASL LOGIN authentication failed: This means that the client sent an AUTH LOGIN command, i.e. a request to use the LOGIN authentication method. It's perhaps also worthy of note to mention that the client is broken. It should not attempt to use an unlisted AUTH mechanism. Invalid authentication mechanism This means that Postfix SMTP daemon rejects the LOGIN authentication method, because it's not on the list of methods that the Dovecot server is configured to support. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
SASL LOGIN authentication failed generic failure on localhost
Hullo Users, I setting up a mailserver with smtp authentication and the backend database is mysql 5.1.53 with pam_mysql and cyrus-sasl2 2.1.23 on slackware linux 13.1.When i telnet to test my server side authenication it gives me the error below: rootxx:/etc/postfix# postconf -a cyrus dovecot root@:/etc/postfix# saslauthd -v saslauthd 2.1.23 authentication mechanisms: getpwent pam rimap shadow ldap Error from maillog file x postfix/smtpd[1475]: xsasl_cyrus_server_next: decoded response: x postfix/smtpd[1475]: warning: SASL authentication failure: All-whitespace username. x postfix/smtpd[1475]: warning: localhost[127.0.0.1]: SASL LOGIN authentication failed: generic failure x postfix/smtpd[1475]: localhost[127.0.0.1]: 535.5.7.8 Error: authentication failed: generic failure. on doing a testsaslauthd : #testsaslauthd -u mkk@mydomain -p password -f /var/state/saslauthd/mux -s smtp 0: OK Success. When i do a Check for server-side SMTP AUTH configuration. I get the output below: #saslfinger -s -- content of /usr/lib64/sasl2/smtpd.conf -- #Global Parameters log_level: 7 allow_plaintext: true pwcheck_method: auxprop auxprop_plugin: mysql mech_list: plain login sql_engine: mysql sql_database: postfix sql_user: --- replaced --- sql_hostnames:127.0.0.1 sql_passwd: --- replaced --- sql_select: select password from mailbox where username='%u' AND active ='1' #sql_select: select password from mailbox where username='%u@%r' AND active ='1' # - saslauthd parameters-# saslauthd_path : /var/state/saslauthd/mux -- content of /usr/local/lib/sasl2/smtpd.conf -- #Global Parameters log_level: 7 allow_plaintext: true pwcheck_method: auxprop auxprop_plugin: sql mech_list: plain login sql_engine: mysql sql_database: postfix sql_user: --- replaced --- sql_hostnames:127.0.0.1 sql_passwd: --- replaced --- sql_select: select password from mailbox where username='%u' AND active ='1' #sql_select: select password from mailbox where username='%u@%r' AND active ='1' # - saslauthd parameters-# saslauthd_path : /var/state/saslauthd/mux -- active services in /etc/postfix/master.cf -- # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) smtp inet n - n - - smtpd -v pickupfifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgrunix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounceunix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verifyunix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o smtp_fallback_relay= showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scacheunix - - n - 1 scache maildrop unix - n n - - pipe flags=ODRhu user=popmail:popmail argv=/usr/bin/maildrop -w 90 -d ${user}@${nexthop} ${extension} ${recipient} ${user} ${nexthop} cyrus unix - n n - - pipe user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} old-cyrus unix - n n - - pipe flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} -- mechanisms on localhost -- 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN -- end of saslfinger output -- Fellow users how can i fix this.All advice is highly welocme. Thanx in advance
Re: SASL LOGIN authentication failed generic failure on localhost
* kibirango moses kibsmo...@gmail.com: Hullo Users, I setting up a mailserver with smtp authentication and the backend database is mysql 5.1.53 with pam_mysql and cyrus-sasl2 2.1.23 on slackware linux 13.1.When i telnet to test my server side authenication it gives me the error below: rootxx:/etc/postfix# postconf -a cyrus dovecot root@:/etc/postfix# saslauthd -v saslauthd 2.1.23 authentication mechanisms: getpwent pam rimap shadow ldap Error from maillog file x postfix/smtpd[1475]: xsasl_cyrus_server_next: decoded response: x postfix/smtpd[1475]: warning: SASL authentication failure: All-whitespace username. x postfix/smtpd[1475]: warning: localhost[127.0.0.1]: SASL LOGIN authentication failed: generic failure x postfix/smtpd[1475]: localhost[127.0.0.1]: 535.5.7.8 Error: authentication failed: generic failure. on doing a testsaslauthd : #testsaslauthd -u mkk@mydomain -p password -f /var/state/saslauthd/mux -s smtp 0: OK Success. When i do a Check for server-side SMTP AUTH configuration. I get the output below: #saslfinger -s -- content of /usr/lib64/sasl2/smtpd.conf -- #Global Parameters You are using this chain: postfix - libsasl - saslauthd - pam - pam_mysql However you configured /usr/lib64/sasl2/smtpd.conf to go this way: postfix - libsasl - mysql Try this in /usr/lib64/sasl2/smtpd.conf: pwcheck_method: saslauthd mech_list: plain login -- content of /usr/local/lib/sasl2/smtpd.conf -- remove /usr/local/lib/sasl2/smtpd.conf. You should not need it. p@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): http://postfix.state-of-mind.de/patrick.koetter/saslfinger/