postfix auth problem (sasl)

Discussion in 'Installation/Configuration' started by lerra, Mar 6, 2006.

  1. lerra

    lerra New Member

    Hi! I cant use my postfix to send mail, i get this when i try to send it in the logs:

    Mar 6 08:44:01 caveguard postfix/smtpd[4915]: setting up TLS connection from xxxx[xxx]
    Mar 6 08:44:01 caveguard postfix/smtpd[4915]: TLS connection established from xxxx[xxx]: TLSv1 with ciith cipher RC4-MD5 (128/128 bits)
    Mar 6 08:44:01 caveguard postfix/smtpd[4915]: connect from xxxx[xxx]
    Mar 6 08:44:01 caveguard postfix/smtpd[4915]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
    Mar 6 08:44:01 caveguard postfix/smtpd[4915]: warning: xxxx[xxx]: SASL LOGIN authentication failed
    Mar 6 08:44:01 caveguard postfix/smtpd[4915]: warning: Read failed in network_biopair_interop with errno=0: num_read=0, want_read=5
    Mar 6 08:44:01 caveguard postfix/smtpd[4915]: lost connection after AUTH from xxxx[xxx]
    Mar 6 08:44:01 caveguard postfix/smtpd[4915]: disconnect from xxxx[xxx]
    Mar 6 08:44:06 caveguard postfix/smtpd[4915]: setting up TLS connection from xxxx[xxx]


    Anybody that knows what to do? What coud be the problem? I see that the TLS phase works, but when it try to identify the user it cant find db

    Here is some other configs:
    caveguard:~# cat /etc/default/saslauthd
    # This needs to be uncommented before saslauthd will be run automatically
    START=yes

    PARAMS="-m /var/spool/postfix/var/run/saslauthd"

    # You must specify the authentication mechanisms you wish to use.
    # This defaults to "pam" for PAM support, but may also include
    # "shadow" or "sasldb", like this:
    # MECHANISMS="pam shadow"

    MECHANISMS="pam"
    #PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"

    and fro my main.cnf:
    smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

    And
    caveguard:~# cat /etc/postfix/sasl/smtpd.conf
    pwcheck_method: saslauthd
    mech_list: plain login
    allow_plaintext: true

    Any tip?
     
  2. falko

    falko Super Moderator ISPConfig Developer

    saslauthd isn't running. Start it:
    Code:
    /etc/init.d/saslauthd start
     
  3. lerra

    lerra New Member

    <quote>
    caveguard:~# /etc/init.d/saslauthd start
    Starting SASL Authentication Daemon: /usr/sbin/saslauthd already running.
    </quote>
     
  4. falko

    falko Super Moderator ISPConfig Developer

    Then try
    Code:
    /etc/init.d/saslauthd restart
     
  5. lerra

    lerra New Member

    Still the same error:)
     
  6. falko

    falko Super Moderator ISPConfig Developer

    Which distribution do you use?
     
  7. lerra

    lerra New Member

    Debian sarge 3.1 amd64. Followd your howto in perfect setup for debian 3.1
     
  8. falko

    falko Super Moderator ISPConfig Developer

  9. lerra

    lerra New Member

    Still the same error:(
     
  10. falko

    falko Super Moderator ISPConfig Developer

    Please post the output of
    Code:
    ps aux|grep sasl
     
  11. lerra

    lerra New Member

    caveguard:~# ps aux|grep sasl
    root 25783 0.0 0.1 31788 1268 ? Ss Mar06 0:00 /usr/sbin/saslauthd -m /var/spool/postfix/var/run/saslauthd -a pam
    root 25784 0.0 0.0 31788 844 ? S Mar06 0:00 /usr/sbin/saslauthd -m /var/spool/postfix/var/run/saslauthd -a pam
    root 25785 0.0 0.0 31788 780 ? S Mar06 0:00 /usr/sbin/saslauthd -m /var/spool/postfix/var/run/saslauthd -a pam
    root 25786 0.0 0.0 31788 780 ? S Mar06 0:00 /usr/sbin/saslauthd -m /var/spool/postfix/var/run/saslauthd -a pam
    root 25787 0.0 0.0 31788 780 ? S Mar06 0:00 /usr/sbin/saslauthd -m /var/spool/postfix/var/run/saslauthd -a pam
    root 5932 0.0 0.0 2696 508 pts/0 S+ 01:07 0:00 grep sasl
    caveguard:~#
     
  12. lerra

    lerra New Member

    coud u find anything? A nother problem that i have too is the webmail that is a package for ispconfig, gives me

    Warning: Header may not contain more than a single header, new line detected. in /home/admispconfig/ispconfig/web/webmail/inc/inc.php on line 136

    here and there...and on logout it gives

    Warning: Header may not contain more than a single header, new line detected. in /home/admispconfig/ispconfig/web/webmail/inc/inc.php on line 136

    Warning: Cannot modify header information - headers already sent by (output started at /home/admispconfig/ispconfig/web/webmail/inc/inc.php:136) in /home/admispconfig/ispconfig/web/webmail/logout.php on line 73
     
    Last edited: Mar 7, 2006
  13. falko

    falko Super Moderator ISPConfig Developer

    Looks ok. What's the exact error message from your mail log?

    Take a look at this thread: http://www.howtoforge.com/forums/showthread.php?t=2842
     
  14. todvard

    todvard ISPConfig Developer ISPConfig Developer

    what are the outputs of:
    Code:
    dpkg -l | grep sasl
    ls -la /var/spool/postfix/var/run/saslauthd
    
     
  15. lerra

    lerra New Member

    Todvard:

    caveguard:~# dpkg -l | grep sasl
    ii libsasl2 2.1.19-1.5 Authentication abstraction library
    ii libsasl2-modul 2.1.19-1.5 Pluggable Authentication Modules for SASL
    ii sasl2-bin 2.1.19-1.5 Programs for manipulating the SASL users dat
    caveguard:~# ls -la /var/spool/postfix/var/run/saslauthd
    total 12
    drwxr-xr-x 2 root sasl 4096 Mar 6 22:58 .
    drwxr-xr-x 3 root root 4096 Jan 22 13:41 ..
    srwxrwxrwx 1 root root 0 Mar 6 22:58 mux
    -rw------- 1 root root 0 Mar 6 22:58 mux.accept
    -rw------- 1 root root 6 Mar 6 22:58 saslauthd.pid
    caveguard:~#




    falko:

    Mar 6 08:44:01 caveguard postfix/smtpd[4915]: setting up TLS connection from xxxx[xxx]
    Mar 6 08:44:01 caveguard postfix/smtpd[4915]: TLS connection established from xxxx[xxx]: TLSv1 with ciith cipher RC4-MD5 (128/128 bits)
    Mar 6 08:44:01 caveguard postfix/smtpd[4915]: connect from xxxx[xxx]
    Mar 6 08:44:01 caveguard postfix/smtpd[4915]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
    Mar 6 08:44:01 caveguard postfix/smtpd[4915]: warning: xxxx[xxx]: SASL LOGIN authentication failed
    Mar 6 08:44:01 caveguard postfix/smtpd[4915]: warning: Read failed in network_biopair_interop with errno=0: num_read=0, want_read=5
    Mar 6 08:44:01 caveguard postfix/smtpd[4915]: lost connection after AUTH from xxxx[xxx]
    Mar 6 08:44:01 caveguard postfix/smtpd[4915]: disconnect from xxxx[xxx]
    Mar 6 08:44:06 caveguard postfix/smtpd[4915]: setting up TLS connection from xxxx[xxx]
     
  16. todvard

    todvard ISPConfig Developer ISPConfig Developer

    what is the content of /etc/postfix/master.cf file?
    Code:
    cat /etc/postfix/master.cf
     
  17. lerra

    lerra New Member

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version

    smtpd_banner = $myhostname ESMTP $mail_name
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    myhostname = mail.infonavia.se
    #myhostname = infonavia.se
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = mail.infonavia.se, localhost.localdomain, localhost.localdomain, localhost
    relayhost =
    mynetworks = 127.0.0.0/8
    mailbox_command =
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all

    smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtpd_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom

    virtual_maps = hash:/etc/postfix/virtusertable

    mydestination = /etc/postfix/local-host-names
    home_mailbox = Maildir/
     
  18. falko

    falko Super Moderator ISPConfig Developer

    todvard asked for master.cf, not main.cf... ;)
     
  19. lerra

    lerra New Member

    Haha, sorry, was tierd yesterday;)

    Here it goes:

    # ==========================================================================
    # service type private unpriv chroot wakeup maxproc command + args
    # (yes) (yes) (yes) (never) (100)
    # ==========================================================================
    smtp inet n - - - - smtpd
    #submission inet n - - - - smtpd
    # -o smtpd_etrn_restrictions=reject
    #628 inet n - - - - qmqpd
    pickup fifo n - - 60 1 pickup
    cleanup unix n - - - 0 cleanup
    qmgr fifo n - - 300 1 qmgr
    #qmgr fifo n - - 300 1 oqmgr
    rewrite unix - - - - - trivial-rewrite
    bounce unix - - - - 0 bounce
    defer unix - - - - 0 bounce
    trace unix - - - - 0 bounce
    verify unix - - - - 1 verify
    flush unix n - - 1000? 0 flush
    proxymap unix - - n - - proxymap
    smtp unix - - - - - smtp
    relay unix - - - - - smtp
    # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq unix n - - - - showq
    error unix - - - - - error
    local unix - n n - - local
    virtual unix - n n - - virtual
    lmtp unix - - n - - lmtp
    anvil unix - - n - 1 anvil
    #
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    #
    maildrop unix - n n - - pipe
    flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
    uucp unix - n n - - pipe
    flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    ifmail unix - n n - - pipe
    flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp unix - n n - - pipe
    flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
    scalemail-backend unix - n n - 2 pipe
    flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}

    # only used by postfix-tls
    tlsmgr fifo - - n 300 1 tlsmgr
    smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
    587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
     
  20. todvard

    todvard ISPConfig Developer ISPConfig Developer

    seems ok to me. last questions from me :)
    Code:
    ls -la /var/spool/postfix/etc/
    ls -Rla /var/spool/postfix/usr/
     

Share This Page