SMTP Auth not working

Discussion in 'General' started by newz2000, Apr 7, 2008.

  1. newz2000

    newz2000 New Member

    Hello, I'm having a problem with smtp auth. I'm not able to use it. I'm using the perfect setup for Ubuntu 6.06 (Dapper).

    When I telnet to my host on port 25 and do EHLO I see that AUTH LOGIN and PLAIN are supported but when I try to use it I continually get an error that the password is wrong. I've tried with and without TLS, no change.

    There's a very good chance I don't know how to use this. I'm using the same login information that I use for pop3. Do I instead need to use a different format such as [email protected], and if so what should domain.com be? (I've tried a few things without success)

    Should failed logins be logged somewhere? If so, where should I look? Any help is appreciated.

    I've confirmed that saslauthd is running. Here's what it says:

    Code:
    # This needs to be uncommented before saslauthd will be run automatically
    START=yes
    
    PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
    
    # You must specify the authentication mechanisms you wish to use.
    # This defaults to "pam" for PAM support, but may also include
    # "shadow" or "sasldb", like this:
    # MECHANISMS="pam shadow"
    
    MECHANISMS="pam"
    postconf -n says:

    Code:
    postconf -n
    alias_database = hash:/etc/aliases
    alias_maps = hash:/etc/aliases
    append_dot_mydomain = no
    biff = no
    broken_sasl_auth_clients = yes
    config_directory = /etc/postfix
    inet_interfaces = all
    inet_protocols = ipv4
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    mydestination = /etc/postfix/local-host-names
    myhostname = mydomain.net
    mynetworks = 127.0.0.0/8 192.168.99.0/24
    myorigin = /etc/mailname
    recipient_delimiter = +
    relayhost = 
    smtp_tls_note_starttls_offer = yes
    smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
    smtp_use_tls = yes
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = 
    smtpd_sasl_security_options = noanonymous
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_auth_only = no
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
    smtpd_tls_session_cache_timeout = 3600s
    smtpd_use_tls = yes
    tls_random_source = dev:/dev/urandom
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Please restart postfix. then look at the end of the file /var/log/mail.log and see if there are any errors.
     
  3. newz2000

    newz2000 New Member

    No errors unfortunately. :-(

    When I restart these show up in the logs:

    Code:
    Apr  7 21:51:15 hosting postfix/master[30554]: terminating on signal 15
    Apr  7 21:51:16 hosting postfix/master[30857]: daemon started -- version 2.2.10, configuration /etc/postfix
    
    Immediately afterwards I simply see normal log messages. When I try to login I get a message like this in the log:

    Code:
    Apr  7 21:55:00 hosting postfix/smtpd[31067]: warning: hostname[75.170.xxx.xxx]: SASL LOGIN authentication failed
     
  4. falko

    falko Super Moderator Howtoforge Staff

    What's in /etc/init.d/saslauthd and /etc/postfix/sasl/smtpd.conf?
     
  5. newz2000

    newz2000 New Member

    Thanks for helping, here are the two files:

    Code:
    cat /etc/postfix/sasl/smtpd.conf 
    pwcheck_method: saslauthd
    mech_list: plain login

    Code:
    cat /etc/init.d/saslauthd 
    #!/bin/sh -e
    
    NAME=saslauthd
    DAEMON="/usr/sbin/${NAME}"
    DESC="SASL Authentication Daemon"
    DEFAULTS=/etc/default/saslauthd
    PWDIR=/var/run/saslauthd
    PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"
    
    createdir() {
    # $1 = user
    # $2 = group
    # $3 = permissions (octal)
    # $4 = path to directory
            [ -d "$4" ] || mkdir -p "$4"
            chown -c -h "$1:$2" "$4"
            chmod -c "$3" "$4"
    }
    
    test -f "${DAEMON}" || exit 0
    
    # Source defaults file; edit that file to configure this script.
    if [ -e "${DEFAULTS}" ]; then
        . "${DEFAULTS}"
    fi
    
    # If we're not to start the daemon, simply exit
    if [ "${START}" != "yes" ]; then
        exit 0
    fi
    
    # If we have no mechanisms defined
    if [ "x${MECHANISMS}" = "x" ]; then
        echo "You need to configure ${DEFAULTS} with mechanisms to be used"
        exit 0
    fi
    
    # Add our mechanimsms with the necessary flag
    PARAMS="${PARAMS} -a ${MECHANISMS}"
    
    START="--start --quiet --pidfile ${PIDFILE} --startas ${DAEMON} --name ${NAME} -- ${PARAMS}"
    
    # Consider our options
    case "${1}" in
      start)
            echo -n "Starting ${DESC}: "
    	dir=`dpkg-statoverride --list $PWDIR`
    	test -z "$dir" || createdir $dir
    	if start-stop-daemon ${START} >/dev/null 2>&1 ; then
    		echo "${NAME}."
    	else
    		if start-stop-daemon --test ${START} >/dev/null 2>&1; then
    			echo "(failed)."
    			exit 1
    		else
    			echo "${DAEMON} already running."
    			exit 0
    		fi
    	fi
            ;;
      stop)
            echo -n "Stopping ${DESC}: "
            if start-stop-daemon --stop --quiet --pidfile "${PIDFILE}" \
    		--startas ${DAEMON} --retry 10 --name ${NAME} \
    		>/dev/null 2>&1 ; then
    			echo "${NAME}."
    	else
    		if start-stop-daemon --test ${START} >/dev/null 2>&1; then
    			echo "(not running)."
    			exit 0
    		else
    			echo "(failed)."
    			exit 1
    		fi
    	fi
            ;;
      restart|force-reload)
      	$0 stop
    	exec $0 start
            ;;
      *)
            echo "Usage: /etc/init.d/${NAME} {start|stop|restart|force-reload}" >&2
            exit 1
            ;;
    esac
    
    exit 0
    
     
  6. falko

    falko Super Moderator Howtoforge Staff

    Please run
    Code:
    postconf -e 'smtpd_sasl_local_domain ='
    postconf -e 'smtpd_sasl_auth_enable = yes'
    postconf -e 'smtpd_sasl_security_options = noanonymous'
    postconf -e 'broken_sasl_auth_clients = yes'
    /etc/init.d/postfix restart
    and try again.
     
  7. newz2000

    newz2000 New Member

    it works! thanks.

    Can you explain to me what we did here?
     
  8. falko

    falko Super Moderator Howtoforge Staff

    I guess you're using Outlook or Outlook Express. There's a bug in these programs, therefore we need
    Code:
    broken_sasl_auth_clients = yes
    in the main.cf.
     
  9. newz2000

    newz2000 New Member

    Actually I was testing with Evolution 2.22.1 (From Ubuntu Hardy). Maybe the list of broken imap clients is a bit bigger than expected. But either way, it makes sense to do anything necessary to allow Outlook and OE to work since so many people use them. Thanks again.
     
  10. wuptydu

    wuptydu New Member

    I tried the same changes as above and no help.

    No errors when restarting postfix.
     
  11. falko

    falko Super Moderator Howtoforge Staff

    Any errors in your mail log?
     
  12. wuptydu

    wuptydu New Member

    And now suddenly it works, but thanks anyway :D
     

Share This Page