Read but not send mail

Hi,
This was originally posted alongside an ftp log-in problem ' cause i thought they might be related.

So the background is that I can read mail (pop3) but not send mail.
The mail client - Thunderbird - gives error that the SMTP server is rejecting the log-in and asks for username and password repeatedly.

The mail log contains:

As you see, it accepts the pop3 log-in but rejects the smtp

This line looks suspicious:

The same username/password is used for both read and send.

I have tried it with both Plain and TLS authentication - both give the same result.

Any thoughts?

Thank you

 

Is saslauthd running? Run

Code:

ps aux

to find out.
What's the output if you issue a

Code:

telnet localhost 25

and then

Code:

ehlo localhost

?

 

Hi Falko,

Yes

Thanks

 

I have the same problem, but as far as i can tell, all my config files are as the how to says they should be with no whitespace. I can login and retrieve messages with thunderbird using pop3, but then when i try to send with no encryption using the same username/password, it just keeps asking for thepassword again.

The only anomaly in the system is that using webmin, i can't stop/start saslauthd successfully. Stopping it fails with 'not running' even though it shows up in the process list. starting fails too as there is one instance already there (that won't stop). If I kill all processes for saslauthd, then i can start it ok from webmin.

here is the tail of my mail.log. All assistance greatly appreciated and THANK YOU for such a well written and helpful how to!

Jan 13 16:12:49 inauraa1 courierpop3login: Connection, ip=[::ffff:88.108.81.10]
Jan 13 16:12:49 inauraa1 courierpop3login: LOGIN, user=mattmyday.to, ip=[::ffff:88.108.81.10]
Jan 13 16:12:49 inauraa1 courierpop3login: LOGOUT, user=mattmyday.to, ip=[::ffff:88.108.81.10], top=0, retr=0, time=0
Jan 13 16:13:02 inauraa1 postfix/smtpd[15305]: connect from 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]
Jan 13 16:13:03 inauraa1 postfix/smtpd[15305]: NOQUEUE: reject: RCPT from 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: 554 <mattinaura.net>: Relay access denied; from=<mattmyday.to> to=<mattinaura.net> proto=ESMTP helo=<[127.0.0.1]>
Jan 13 16:13:06 inauraa1 postfix/smtpd[15305]: disconnect from 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]
Jan 13 16:13:23 inauraa1 postfix/smtpd[15305]: connect from 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]
Jan 13 16:13:31 inauraa1 postfix/smtpd[15305]: warning: SASL authentication problem: unknown password verifier
Jan 13 16:13:31 inauraa1 postfix/smtpd[15305]: warning: SASL authentication failure: Password verification failed
Jan 13 16:13:31 inauraa1 postfix/smtpd[15305]: warning: 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: SASL PLAIN authentication failed
Jan 13 16:13:31 inauraa1 postfix/smtpd[15305]: warning: SASL authentication problem: unknown password verifier
Jan 13 16:13:31 inauraa1 postfix/smtpd[15305]: warning: 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: SASL LOGIN authentication failed
Jan 13 16:13:46 inauraa1 postfix/smtpd[15305]: warning: SASL authentication problem: unknown password verifier
Jan 13 16:13:46 inauraa1 postfix/smtpd[15305]: warning: SASL authentication failure: Password verification failed
Jan 13 16:13:46 inauraa1 postfix/smtpd[15305]: warning: 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: SASL PLAIN authentication failed
Jan 13 16:13:46 inauraa1 postfix/smtpd[15305]: warning: SASL authentication problem: unknown password verifier
Jan 13 16:13:46 inauraa1 postfix/smtpd[15305]: warning: 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: SASL LOGIN authentication failed
Jan 13 16:15:00 inauraa1 postfix/smtpd[15305]: warning: SASL authentication problem: unknown password verifier
Jan 13 16:15:00 inauraa1 postfix/smtpd[15305]: warning: SASL authentication failure: Password verification failed
Jan 13 16:15:00 inauraa1 postfix/smtpd[15305]: warning: 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: SASL PLAIN authentication failed
Jan 13 16:15:00 inauraa1 postfix/smtpd[15305]: warning: SASL authentication problem: unknown password verifier
Jan 13 16:15:00 inauraa1 postfix/smtpd[15305]: warning: 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: SASL LOGIN authentication failed
Jan 13 16:15:06 inauraa1 postfix/smtpd[15305]: disconnect from 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]

 

No, I'm configuring a miniserver at a remote ISP. It's Debian sarge 3.1 and it was clean when i got it, but i did a bit of fiddling about using non-standard apt sources trying to get a php accelerator installed.

The first time i tried the how-to i ended up not having sasl or tls running at all, for no good reason. I amended sources.list to be just the normal entries and ran apt-get --purge remove postfix postfix-tls, then did the same for courier* and started again from scratch, leaving me where i am now.

I am a bit suspicious that it seems to be a sasl problem when it was sasl that i overlooked from the purge (as it would have taken my apache configuration with it). I'm thinking maybe i might have a non-standard version.

When I ran the how-to both times, I didn't get asked the suExec question as described in the beginning, or which webserver i would like to configure automatically. I installed Apache2 before i looked at this tutorial, which brought openssl and sasl with it, so what i was contemplating was backing up my website and apache2 config files, then purging the whole lot and starting from scratch. Would you recommend this and will the initial big apt-get command install apache2 as part of the process when i run it again?

 

Which tutorial are you talking about? Please post the URL. I guess you mean this one: http://www.howtoforge.com/virtual_postfix_mysql_quota_courier

Which Postfix version are you running? You can find out by running

Code:

postconf -d | grep mail_version

 

Sorry, should have mentioned the tutorial, yes it is that one. Thanks for writing it!

root@inauraa1:~# postconf -d | grep mail_version
mail_version = 2.1.5
root@inauraa1:~#

 

The Postfix version is ok. I suggest that you compare all your configuration files with the files in the tutorial, especially /etc/pam.d/smtp.

 

Had another look and couldn't find any differences. Deleted /etc/pam.d/smtp and re-copied the text from the tutorial into a new file, but still no luck. I've purged the whole lot now and will see if I have any luck third time around. Thanks for the advice anyway!

 

I started again and got up to the end of page 2 but found the same problem. However at the beginning, i had trouble with mysql. The stadard mysql-server would not start:

Starting MySQL database server: mysqld...failed.
Please take a look at the syslog.
/usr/bin/mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)'
Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists!

so i installed mysql-common-4.1 and mysql-server-4.1 instead. Could this be the trouble? do i need to run everything again from the start with mysql-server-4.1 and mysql-client-4.1 in the apt-get command instead in order for the pam stuff to be configured correctly?

 

Please post the output of

Code:

netstat -tap

and also the content of /etc/hosts.

 

OK, I've now messed about with mysql so that it is the right version. Seems i was getting that error because i hadn't purged the database structure when i downgraded, so i did that and rebuilt the necessary tables as per the tutorial and mysql is now running.

root@inauraa1:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:imaps *:* LISTEN 9048/couriertcpd
tcp 0 0 *op3s *:* LISTEN 9069/couriertcpd
tcp 0 0 localhost:10024 *:* LISTEN 11260/amavisd (mast
tcp 0 0 localhost:mysql *:* LISTEN 8857/mysqld
tcp 0 0 *op3 *:* LISTEN 9056/couriertcpd
tcp 0 0 *:imap2 *:* LISTEN 9035/couriertcpd
tcp 0 0 *:sunrpc *:* LISTEN 11419/portmap
tcp 0 0 *:www *:* LISTEN 5069/apache2
tcp 0 0 *:ssh *:* LISTEN 1080/sshd
tcp 0 0 inauraa1.miniserve:9111 *:* LISTEN 1108/php4
tcp 0 0 *ostgresql *:* LISTEN 2145/postmaster
tcp 0 0 *:smtp *:* LISTEN 1229/master
tcp 0 0 *:12121 *:* LISTEN 20281/perl
tcp 0 0 *:https *:* LISTEN 5069/apache2
tcp 0 0 inauraa1.miniserve:9111 webcache-01.swgfl:48699 CLOSE_WAIT 1108/php4
tcp 0 0 inauraa1.miniserver:ssh host-84-9-130-65.b:1199 ESTABLISHED6972/0
tcp 0 0 inauraa1.miniserve:9111 host-84-9-129-229.:3239 CLOSE_WAIT 1108/php4
tcp 0 0 inauraa1.miniserve:9111 88-108-81-10.dynam:1395 CLOSE_WAIT 1108/php4
tcp 0 0 inauraa1.miniserve:9111 88-108-81-10.dynam:1396 CLOSE_WAIT 1108/php4
tcp 0 0 inauraa1.miniserve:9111 host-84-9-129-229.:3244 CLOSE_WAIT 1108/php4
tcp 0 0 inauraa1.miniserve:9111 webcache-16.swgfl:56470 CLOSE_WAIT 1108/php4
tcp 0 0 inauraa1.miniserve:9111 webcache-20.swgfl:50075 CLOSE_WAIT 1108/php4

/etc/hosts
127.0.0.1 localhost localhost.localdomain

# The following lines are desirable for IPv6 capable hosts
# (added automatically by netbase upgrade)

::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

(I added localhost.localdomain after reading a thread that suggested doing this in response to this problem (i think on this site) but that alone didn't work.) Anyway, now, the SASL issue appears to be gone and the logs no longer say that this is happening, but instead, I'm getting a 'relay access denied' error:

Jan 15 20:15:09 inauraa1 courierpop3login: LOGIN, user=matt at myday.to, ip=[::ffff:84.9.130.65]
Jan 15 20:15:10 inauraa1 courierpop3login: LOGOUT, user=matt at myday.to, ip=[::ffff:84.9.130.65], top=0, retr=0, time=1
Jan 15 20:15:32 inauraa1 postfix/smtpd[9078]: connect from host-84-9-130-65.bulldogdsl.com[84.9.130.65]
Jan 15 20:15:38 inauraa1 postfix/smtpd[9078]: NOQUEUE: reject: RCPT from host-84-9-130-65.bulldogdsl.com[84.9.130.65]: 554 <matt at inaura.net>: Relay access denied; from=<matt at myday.to> to=<matt at inaura.net> proto=ESMTP helo=<[127.0.0.1]>
Jan 15 20:15:38 inauraa1 postfix/smtpd[9078]: disconnect from host-84-9-130-65.bulldogdsl.com[84.9.130.65]
Jan 15 20:24:55 inauraa1 courierpop3login: Connection, ip=[::ffff:84.9.130.65]
Jan 15 20:24:55 inauraa1 courierpop3login: LOGIN, user=matt at myday.to, ip=[::ffff:84.9.130.65]
Jan 15 20:24:55 inauraa1 courierpop3login: LOGOUT, user=matt at myday.to, ip=[::ffff:84.9.130.65], top=0, retr=0, time=0
Jan 15 20:25:10 inauraa1 postfix/smtpd[9124]: connect from host-84-9-130-65.bulldogdsl.com[84.9.130.65]
Jan 15 20:25:11 inauraa1 postfix/smtpd[9124]: NOQUEUE: reject: RCPT from host-84-9-130-65.bulldogdsl.com[84.9.130.65]: 554 <upmytree at gmail.com>: Relay access denied; from=<matt at myday.to> to=<upmytree at gmail.com> proto=ESMTP helo=<[127.0.0.1]>
Jan 15 20:25:11 inauraa1 postfix/smtpd[9124]: disconnect from host-84-9-130-65.bulldogdsl.com[84.9.130.65]

the the mysql tables currently have only two entries: myday.to in domains and matt at myday.to in users.


here is main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = mail.myday.to
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.myday.to, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
transport_maps = mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps

Thanks for continuing assistance. Much appreciated.

Matt

edit: removed @ to stop spam bots

 

P.S.
auth.log says this:

Jan 15 23:17:35 inauraa1 postfix/smtpd[10386]: sql_select option missing
Jan 15 23:17:35 inauraa1 postfix/smtpd[10386]: auxpropfunc error no mechanism available
Jan 15 23:17:35 inauraa1 postfix/smtpd[10386]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql

 

I'm not using ISPConfig. should I be? I use webmin for some things as the ISP supplied it. There's a limit to how far i can follow the perfect setup tutorial as I'm administering a remote miniserver and can't reinstall from scratch. Can you recommend a way to get the server to that state using SSH so i can start from scratch?

 

We were thinking this because you posted this in the ISPConfig Installation/Configuration forum and therefore led us on the completely wrong track... I'll move it to the normal Installation/Configuration forum now.

Ok, you're using this tutorial: http://www.howtoforge.com/virtual_postfix_mysql_quota_courier
I suggest you compare all the configuration files from the tutorial with your own ones, I guess there's a typo or something like that in one of them.
Also have a look here:
http://www.howtoforge.com/forums/showthread.php?t=2011
http://www.howtoforge.com/forums/showthread.php?t=861

 

OK, I've checked the files again using vi on an FC4 box and found a couple of ^M characters at the end of lines, which I've removed. still no luck though. testsaslauthd -u <account> -p <password> gives me this :

connect() : No such file or directory

ps waux | grep saslauthd gives me:

root 12237 0.0 0.2 1616 464 pts/0 S+ 13:12 0:00 grep saslauthd

I don't think saslauthd is running properly, but not sure how to get it going again. saslauthd start gives me this:

saslauthd start
saslauthd[12238] :main : no authentication mechanism specified
usage: saslauthd [options]

option information:
-a <authmech> Selects the authentication mechanism to use.
-c Enable credential caching.
-d Debugging (don't detach from tty, implies -V)
-r Combine the realm with the login before passing to authentication mechanism
Ex. login: "foo" realm: "bar" will get passed as login: "foo@bar"
The realm name is passed untouched.
-O <option> Optional argument to pass to the authentication
mechanism.
-l Disable accept() locking. Increases performance, but
may not be compatible with some operating systems.
-m <path> Alternate path for the saslauthd working directory,
must be absolute.
-n <procs> Number of worker processes to create.
-s <kilobytes> Size of the credential cache (in kilobytes)
-t <seconds> Timeout for items in the credential cache (in seconds)
-v Display version information and available mechs
-V Enable verbose logging
-h Display this message.

saslauthd 2.1.19
authentication mechanisms: sasldb getpwent kerberos4 kerberos5 pam rimap shadow ldap

seems not possible to restart it

 

Also, I tried the instructions in the threads you mentioned, but no luck - my pam.d/smtp file is exactly as it should be. I found a load more of the ^M characters in all of the mysql-virtual* files after the passwords and stuff and got rid of them, but still the same error except now with this added:

inauraa1 postfix/smtpd[17805]: sql_select option missing
Jan 16 16:56:47 inauraa1 postfix/smtpd[17805]: auxpropfunc error no mechanism available
Jan 16 16:56:47 inauraa1 postfix/smtpd[17805]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
Jan 16 16:58:34 inauraa1 saslauthd[17721]: (pam_unix) check pass; user unknown
Jan 16 16:58:35 inauraa1 saslauthd[17721]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jan 16 16:58:37 inauraa1 saslauthd[17721]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module
Jan 16 16:58:37 inauraa1 saslauthd[17721]: do_auth : auth failure: [service=imap] [realm=] [mech=pam] [reason=PAM auth error]