Read but not send mail

Discussion in 'HOWTO-Related Questions' started by briggers, Sep 15, 2005.

  1. briggers

    briggers New Member

    Hi,
    This was originally posted alongside an ftp log-in problem ' cause i thought they might be related.

    So the background is that I can read mail (pop3) but not send mail.
    The mail client - Thunderbird - gives error that the SMTP server is rejecting the log-in and asks for username and password repeatedly.

    The mail log contains:
    As you see, it accepts the pop3 log-in but rejects the smtp

    This line looks suspicious:
    The same username/password is used for both read and send.

    I have tried it with both Plain and TLS authentication - both give the same result.

    Any thoughts?

    Thank you
     
  2. falko

    falko Super Moderator Howtoforge Staff

    Is saslauthd running? Run
    Code:
    ps aux
    to find out.
    What's the output if you issue a
    Code:
    telnet localhost 25
    and then
    Code:
    ehlo localhost
    ?
     
  3. briggers

    briggers New Member

    Hi Falko,

    Yes
    Thanks
     
  4. mattg

    mattg New Member

    I have the same problem, but as far as i can tell, all my config files are as the how to says they should be with no whitespace. I can login and retrieve messages with thunderbird using pop3, but then when i try to send with no encryption using the same username/password, it just keeps asking for thepassword again.

    The only anomaly in the system is that using webmin, i can't stop/start saslauthd successfully. Stopping it fails with 'not running' even though it shows up in the process list. starting fails too as there is one instance already there (that won't stop). If I kill all processes for saslauthd, then i can start it ok from webmin.

    here is the tail of my mail.log. All assistance greatly appreciated and THANK YOU for such a well written and helpful how to!

    Jan 13 16:12:49 inauraa1 courierpop3login: Connection, ip=[::ffff:88.108.81.10]
    Jan 13 16:12:49 inauraa1 courierpop3login: LOGIN, user=mattmyday.to, ip=[::ffff:88.108.81.10]
    Jan 13 16:12:49 inauraa1 courierpop3login: LOGOUT, user=mattmyday.to, ip=[::ffff:88.108.81.10], top=0, retr=0, time=0
    Jan 13 16:13:02 inauraa1 postfix/smtpd[15305]: connect from 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]
    Jan 13 16:13:03 inauraa1 postfix/smtpd[15305]: NOQUEUE: reject: RCPT from 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: 554 <mattinaura.net>: Relay access denied; from=<mattmyday.to> to=<mattinaura.net> proto=ESMTP helo=<[127.0.0.1]>
    Jan 13 16:13:06 inauraa1 postfix/smtpd[15305]: disconnect from 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]
    Jan 13 16:13:23 inauraa1 postfix/smtpd[15305]: connect from 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]
    Jan 13 16:13:31 inauraa1 postfix/smtpd[15305]: warning: SASL authentication problem: unknown password verifier
    Jan 13 16:13:31 inauraa1 postfix/smtpd[15305]: warning: SASL authentication failure: Password verification failed
    Jan 13 16:13:31 inauraa1 postfix/smtpd[15305]: warning: 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: SASL PLAIN authentication failed
    Jan 13 16:13:31 inauraa1 postfix/smtpd[15305]: warning: SASL authentication problem: unknown password verifier
    Jan 13 16:13:31 inauraa1 postfix/smtpd[15305]: warning: 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: SASL LOGIN authentication failed
    Jan 13 16:13:46 inauraa1 postfix/smtpd[15305]: warning: SASL authentication problem: unknown password verifier
    Jan 13 16:13:46 inauraa1 postfix/smtpd[15305]: warning: SASL authentication failure: Password verification failed
    Jan 13 16:13:46 inauraa1 postfix/smtpd[15305]: warning: 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: SASL PLAIN authentication failed
    Jan 13 16:13:46 inauraa1 postfix/smtpd[15305]: warning: SASL authentication problem: unknown password verifier
    Jan 13 16:13:46 inauraa1 postfix/smtpd[15305]: warning: 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: SASL LOGIN authentication failed
    Jan 13 16:15:00 inauraa1 postfix/smtpd[15305]: warning: SASL authentication problem: unknown password verifier
    Jan 13 16:15:00 inauraa1 postfix/smtpd[15305]: warning: SASL authentication failure: Password verification failed
    Jan 13 16:15:00 inauraa1 postfix/smtpd[15305]: warning: 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: SASL PLAIN authentication failed
    Jan 13 16:15:00 inauraa1 postfix/smtpd[15305]: warning: SASL authentication problem: unknown password verifier
    Jan 13 16:15:00 inauraa1 postfix/smtpd[15305]: warning: 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: SASL LOGIN authentication failed
    Jan 13 16:15:06 inauraa1 postfix/smtpd[15305]: disconnect from 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]
     
    Last edited: Apr 20, 2006
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Which linux distribution do you use? have you used one of the perfect setup howtos?
     
  6. mattg

    mattg New Member

    No, I'm configuring a miniserver at a remote ISP. It's Debian sarge 3.1 and it was clean when i got it, but i did a bit of fiddling about using non-standard apt sources trying to get a php accelerator installed.

    The first time i tried the how-to i ended up not having sasl or tls running at all, for no good reason. I amended sources.list to be just the normal entries and ran apt-get --purge remove postfix postfix-tls, then did the same for courier* and started again from scratch, leaving me where i am now.

    I am a bit suspicious that it seems to be a sasl problem when it was sasl that i overlooked from the purge (as it would have taken my apache configuration with it). I'm thinking maybe i might have a non-standard version.

    When I ran the how-to both times, I didn't get asked the suExec question as described in the beginning, or which webserver i would like to configure automatically. I installed Apache2 before i looked at this tutorial, which brought openssl and sasl with it, so what i was contemplating was backing up my website and apache2 config files, then purging the whole lot and starting from scratch. Would you recommend this and will the initial big apt-get command install apache2 as part of the process when i run it again?
     
  7. falko

    falko Super Moderator Howtoforge Staff

  8. mattg

    mattg New Member

    Sorry, should have mentioned the tutorial, yes it is that one. Thanks for writing it!

    root@inauraa1:~# postconf -d | grep mail_version
    mail_version = 2.1.5
    root@inauraa1:~#
     
  9. falko

    falko Super Moderator Howtoforge Staff

    The Postfix version is ok. I suggest that you compare all your configuration files with the files in the tutorial, especially /etc/pam.d/smtp.
     
  10. mattg

    mattg New Member

    Had another look and couldn't find any differences. Deleted /etc/pam.d/smtp and re-copied the text from the tutorial into a new file, but still no luck. I've purged the whole lot now and will see if I have any luck third time around. Thanks for the advice anyway! :)
     
  11. mattg

    mattg New Member

    I started again and got up to the end of page 2 but found the same problem. However at the beginning, i had trouble with mysql. The stadard mysql-server would not start:

    Starting MySQL database server: mysqld...failed.
    Please take a look at the syslog.
    /usr/bin/mysqladmin: connect to server at 'localhost' failed
    error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)'
    Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists!

    so i installed mysql-common-4.1 and mysql-server-4.1 instead. Could this be the trouble? do i need to run everything again from the start with mysql-server-4.1 and mysql-client-4.1 in the apt-get command instead in order for the pam stuff to be configured correctly?
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer


    Its not a good idea to install other packages then the ones mentioned in the howtos. Its better to try to find the errors instead. Did you get any errors in the mysql error log?
     
  13. falko

    falko Super Moderator Howtoforge Staff

    Please post the output of
    Code:
    netstat -tap
    and also the content of /etc/hosts.
     
  14. mattg

    mattg New Member

    OK, I've now messed about with mysql so that it is the right version. Seems i was getting that error because i hadn't purged the database structure when i downgraded, so i did that and rebuilt the necessary tables as per the tutorial and mysql is now running.

    root@inauraa1:~# netstat -tap
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 *:imaps *:* LISTEN 9048/couriertcpd
    tcp 0 0 *:pop3s *:* LISTEN 9069/couriertcpd
    tcp 0 0 localhost:10024 *:* LISTEN 11260/amavisd (mast
    tcp 0 0 localhost:mysql *:* LISTEN 8857/mysqld
    tcp 0 0 *:pop3 *:* LISTEN 9056/couriertcpd
    tcp 0 0 *:imap2 *:* LISTEN 9035/couriertcpd
    tcp 0 0 *:sunrpc *:* LISTEN 11419/portmap
    tcp 0 0 *:www *:* LISTEN 5069/apache2
    tcp 0 0 *:ssh *:* LISTEN 1080/sshd
    tcp 0 0 inauraa1.miniserve:9111 *:* LISTEN 1108/php4
    tcp 0 0 *:postgresql *:* LISTEN 2145/postmaster
    tcp 0 0 *:smtp *:* LISTEN 1229/master
    tcp 0 0 *:12121 *:* LISTEN 20281/perl
    tcp 0 0 *:https *:* LISTEN 5069/apache2
    tcp 0 0 inauraa1.miniserve:9111 webcache-01.swgfl:48699 CLOSE_WAIT 1108/php4
    tcp 0 0 inauraa1.miniserver:ssh host-84-9-130-65.b:1199 ESTABLISHED6972/0
    tcp 0 0 inauraa1.miniserve:9111 host-84-9-129-229.:3239 CLOSE_WAIT 1108/php4
    tcp 0 0 inauraa1.miniserve:9111 88-108-81-10.dynam:1395 CLOSE_WAIT 1108/php4
    tcp 0 0 inauraa1.miniserve:9111 88-108-81-10.dynam:1396 CLOSE_WAIT 1108/php4
    tcp 0 0 inauraa1.miniserve:9111 host-84-9-129-229.:3244 CLOSE_WAIT 1108/php4
    tcp 0 0 inauraa1.miniserve:9111 webcache-16.swgfl:56470 CLOSE_WAIT 1108/php4
    tcp 0 0 inauraa1.miniserve:9111 webcache-20.swgfl:50075 CLOSE_WAIT 1108/php4

    /etc/hosts
    127.0.0.1 localhost localhost.localdomain

    # The following lines are desirable for IPv6 capable hosts
    # (added automatically by netbase upgrade)

    ::1 ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    ff02::3 ip6-allhosts

    (I added localhost.localdomain after reading a thread that suggested doing this in response to this problem (i think on this site) but that alone didn't work.) Anyway, now, the SASL issue appears to be gone and the logs no longer say that this is happening, but instead, I'm getting a 'relay access denied' error:

    Jan 15 20:15:09 inauraa1 courierpop3login: LOGIN, user=matt at myday.to, ip=[::ffff:84.9.130.65]
    Jan 15 20:15:10 inauraa1 courierpop3login: LOGOUT, user=matt at myday.to, ip=[::ffff:84.9.130.65], top=0, retr=0, time=1
    Jan 15 20:15:32 inauraa1 postfix/smtpd[9078]: connect from host-84-9-130-65.bulldogdsl.com[84.9.130.65]
    Jan 15 20:15:38 inauraa1 postfix/smtpd[9078]: NOQUEUE: reject: RCPT from host-84-9-130-65.bulldogdsl.com[84.9.130.65]: 554 <matt at inaura.net>: Relay access denied; from=<matt at myday.to> to=<matt at inaura.net> proto=ESMTP helo=<[127.0.0.1]>
    Jan 15 20:15:38 inauraa1 postfix/smtpd[9078]: disconnect from host-84-9-130-65.bulldogdsl.com[84.9.130.65]
    Jan 15 20:24:55 inauraa1 courierpop3login: Connection, ip=[::ffff:84.9.130.65]
    Jan 15 20:24:55 inauraa1 courierpop3login: LOGIN, user=matt at myday.to, ip=[::ffff:84.9.130.65]
    Jan 15 20:24:55 inauraa1 courierpop3login: LOGOUT, user=matt at myday.to, ip=[::ffff:84.9.130.65], top=0, retr=0, time=0
    Jan 15 20:25:10 inauraa1 postfix/smtpd[9124]: connect from host-84-9-130-65.bulldogdsl.com[84.9.130.65]
    Jan 15 20:25:11 inauraa1 postfix/smtpd[9124]: NOQUEUE: reject: RCPT from host-84-9-130-65.bulldogdsl.com[84.9.130.65]: 554 <upmytree at gmail.com>: Relay access denied; from=<matt at myday.to> to=<upmytree at gmail.com> proto=ESMTP helo=<[127.0.0.1]>
    Jan 15 20:25:11 inauraa1 postfix/smtpd[9124]: disconnect from host-84-9-130-65.bulldogdsl.com[84.9.130.65]

    the the mysql tables currently have only two entries: myday.to in domains and matt at myday.to in users.


    here is main.cf:

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version

    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    myhostname = mail.myday.to
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = mail.myday.to, localhost, localhost.localdomain
    relayhost =
    mynetworks = 127.0.0.0/8
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    virtual_alias_domains =
    virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /home/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    smtpd_use_tls = yes
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    transport_maps = mysql:/etc/postfix/mysql-virtual_transports.cf
    virtual_create_maildirsize = yes
    virtual_mailbox_extended = yes
    virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps

    Thanks for continuing assistance. Much appreciated.

    Matt

    edit: removed @ to stop spam bots
     
    Last edited: Jan 16, 2006
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess you mixed something up. Did you use the virtual mysql howto together with ISPConfig? ISPConfig does not support postfix + mySQL.

    The postfix main.cf is completely incompatible with ISPConfig, you will have to use one of the perfect setup howtos listed on the ISPConfig documentation page:

    http://www.ispconfig.org/documentation.htm
     
  16. mattg

    mattg New Member

    P.S.
    auth.log says this:

    Jan 15 23:17:35 inauraa1 postfix/smtpd[10386]: sql_select option missing
    Jan 15 23:17:35 inauraa1 postfix/smtpd[10386]: auxpropfunc error no mechanism available
    Jan 15 23:17:35 inauraa1 postfix/smtpd[10386]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
     
  17. mattg

    mattg New Member

    I'm not using ISPConfig. should I be? I use webmin for some things as the ISP supplied it. There's a limit to how far i can follow the perfect setup tutorial as I'm administering a remote miniserver and can't reinstall from scratch. Can you recommend a way to get the server to that state using SSH so i can start from scratch?
     
  18. falko

    falko Super Moderator Howtoforge Staff

    We were thinking this because you posted this in the ISPConfig Installation/Configuration forum and therefore led us on the completely wrong track... I'll move it to the normal Installation/Configuration forum now.

    Ok, you're using this tutorial: http://www.howtoforge.com/virtual_postfix_mysql_quota_courier
    I suggest you compare all the configuration files from the tutorial with your own ones, I guess there's a typo or something like that in one of them.
    Also have a look here:
    http://www.howtoforge.com/forums/showthread.php?t=2011
    http://www.howtoforge.com/forums/showthread.php?t=861
     
  19. mattg

    mattg New Member

    OK, I've checked the files again using vi on an FC4 box and found a couple of ^M characters at the end of lines, which I've removed. still no luck though. testsaslauthd -u <account> -p <password> gives me this :

    connect() : No such file or directory

    ps waux | grep saslauthd gives me:

    root 12237 0.0 0.2 1616 464 pts/0 S+ 13:12 0:00 grep saslauthd

    I don't think saslauthd is running properly, but not sure how to get it going again. saslauthd start gives me this:

    saslauthd start
    saslauthd[12238] :main : no authentication mechanism specified
    usage: saslauthd [options]

    option information:
    -a <authmech> Selects the authentication mechanism to use.
    -c Enable credential caching.
    -d Debugging (don't detach from tty, implies -V)
    -r Combine the realm with the login before passing to authentication mechanism
    Ex. login: "foo" realm: "bar" will get passed as login: "foo@bar"
    The realm name is passed untouched.
    -O <option> Optional argument to pass to the authentication
    mechanism.
    -l Disable accept() locking. Increases performance, but
    may not be compatible with some operating systems.
    -m <path> Alternate path for the saslauthd working directory,
    must be absolute.
    -n <procs> Number of worker processes to create.
    -s <kilobytes> Size of the credential cache (in kilobytes)
    -t <seconds> Timeout for items in the credential cache (in seconds)
    -v Display version information and available mechs
    -V Enable verbose logging
    -h Display this message.

    saslauthd 2.1.19
    authentication mechanisms: sasldb getpwent kerberos4 kerberos5 pam rimap shadow ldap

    seems not possible to restart it
     
  20. mattg

    mattg New Member

    Also, I tried the instructions in the threads you mentioned, but no luck - my pam.d/smtp file is exactly as it should be. I found a load more of the ^M characters in all of the mysql-virtual* files after the passwords and stuff and got rid of them, but still the same error except now with this added:

    inauraa1 postfix/smtpd[17805]: sql_select option missing
    Jan 16 16:56:47 inauraa1 postfix/smtpd[17805]: auxpropfunc error no mechanism available
    Jan 16 16:56:47 inauraa1 postfix/smtpd[17805]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
    Jan 16 16:58:34 inauraa1 saslauthd[17721]: (pam_unix) check pass; user unknown
    Jan 16 16:58:35 inauraa1 saslauthd[17721]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
    Jan 16 16:58:37 inauraa1 saslauthd[17721]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module
    Jan 16 16:58:37 inauraa1 saslauthd[17721]: do_auth : auth failure: [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
     

Share This Page