Hi, This was originally posted alongside an ftp log-in problem ' cause i thought they might be related. So the background is that I can read mail (pop3) but not send mail. The mail client - Thunderbird - gives error that the SMTP server is rejecting the log-in and asks for username and password repeatedly. The mail log contains: As you see, it accepts the pop3 log-in but rejects the smtp This line looks suspicious: The same username/password is used for both read and send. I have tried it with both Plain and TLS authentication - both give the same result. Any thoughts? Thank you
Is saslauthd running? Run Code: ps aux to find out. What's the output if you issue a Code: telnet localhost 25 and then Code: ehlo localhost ?
I have the same problem, but as far as i can tell, all my config files are as the how to says they should be with no whitespace. I can login and retrieve messages with thunderbird using pop3, but then when i try to send with no encryption using the same username/password, it just keeps asking for thepassword again. The only anomaly in the system is that using webmin, i can't stop/start saslauthd successfully. Stopping it fails with 'not running' even though it shows up in the process list. starting fails too as there is one instance already there (that won't stop). If I kill all processes for saslauthd, then i can start it ok from webmin. here is the tail of my mail.log. All assistance greatly appreciated and THANK YOU for such a well written and helpful how to! Jan 13 16:12:49 inauraa1 courierpop3login: Connection, ip=[::ffff:88.108.81.10] Jan 13 16:12:49 inauraa1 courierpop3login: LOGIN, user=mattmyday.to, ip=[::ffff:88.108.81.10] Jan 13 16:12:49 inauraa1 courierpop3login: LOGOUT, user=mattmyday.to, ip=[::ffff:88.108.81.10], top=0, retr=0, time=0 Jan 13 16:13:02 inauraa1 postfix/smtpd[15305]: connect from 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10] Jan 13 16:13:03 inauraa1 postfix/smtpd[15305]: NOQUEUE: reject: RCPT from 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: 554 <mattinaura.net>: Relay access denied; from=<mattmyday.to> to=<mattinaura.net> proto=ESMTP helo=<[127.0.0.1]> Jan 13 16:13:06 inauraa1 postfix/smtpd[15305]: disconnect from 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10] Jan 13 16:13:23 inauraa1 postfix/smtpd[15305]: connect from 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10] Jan 13 16:13:31 inauraa1 postfix/smtpd[15305]: warning: SASL authentication problem: unknown password verifier Jan 13 16:13:31 inauraa1 postfix/smtpd[15305]: warning: SASL authentication failure: Password verification failed Jan 13 16:13:31 inauraa1 postfix/smtpd[15305]: warning: 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: SASL PLAIN authentication failed Jan 13 16:13:31 inauraa1 postfix/smtpd[15305]: warning: SASL authentication problem: unknown password verifier Jan 13 16:13:31 inauraa1 postfix/smtpd[15305]: warning: 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: SASL LOGIN authentication failed Jan 13 16:13:46 inauraa1 postfix/smtpd[15305]: warning: SASL authentication problem: unknown password verifier Jan 13 16:13:46 inauraa1 postfix/smtpd[15305]: warning: SASL authentication failure: Password verification failed Jan 13 16:13:46 inauraa1 postfix/smtpd[15305]: warning: 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: SASL PLAIN authentication failed Jan 13 16:13:46 inauraa1 postfix/smtpd[15305]: warning: SASL authentication problem: unknown password verifier Jan 13 16:13:46 inauraa1 postfix/smtpd[15305]: warning: 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: SASL LOGIN authentication failed Jan 13 16:15:00 inauraa1 postfix/smtpd[15305]: warning: SASL authentication problem: unknown password verifier Jan 13 16:15:00 inauraa1 postfix/smtpd[15305]: warning: SASL authentication failure: Password verification failed Jan 13 16:15:00 inauraa1 postfix/smtpd[15305]: warning: 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: SASL PLAIN authentication failed Jan 13 16:15:00 inauraa1 postfix/smtpd[15305]: warning: SASL authentication problem: unknown password verifier Jan 13 16:15:00 inauraa1 postfix/smtpd[15305]: warning: 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]: SASL LOGIN authentication failed Jan 13 16:15:06 inauraa1 postfix/smtpd[15305]: disconnect from 88-108-81-10.dynamic.dsl.as9105.com[88.108.81.10]
No, I'm configuring a miniserver at a remote ISP. It's Debian sarge 3.1 and it was clean when i got it, but i did a bit of fiddling about using non-standard apt sources trying to get a php accelerator installed. The first time i tried the how-to i ended up not having sasl or tls running at all, for no good reason. I amended sources.list to be just the normal entries and ran apt-get --purge remove postfix postfix-tls, then did the same for courier* and started again from scratch, leaving me where i am now. I am a bit suspicious that it seems to be a sasl problem when it was sasl that i overlooked from the purge (as it would have taken my apache configuration with it). I'm thinking maybe i might have a non-standard version. When I ran the how-to both times, I didn't get asked the suExec question as described in the beginning, or which webserver i would like to configure automatically. I installed Apache2 before i looked at this tutorial, which brought openssl and sasl with it, so what i was contemplating was backing up my website and apache2 config files, then purging the whole lot and starting from scratch. Would you recommend this and will the initial big apt-get command install apache2 as part of the process when i run it again?
Which tutorial are you talking about? Please post the URL. I guess you mean this one: http://www.howtoforge.com/virtual_postfix_mysql_quota_courier Which Postfix version are you running? You can find out by running Code: postconf -d | grep mail_version
Sorry, should have mentioned the tutorial, yes it is that one. Thanks for writing it! root@inauraa1:~# postconf -d | grep mail_version mail_version = 2.1.5 root@inauraa1:~#
The Postfix version is ok. I suggest that you compare all your configuration files with the files in the tutorial, especially /etc/pam.d/smtp.
Had another look and couldn't find any differences. Deleted /etc/pam.d/smtp and re-copied the text from the tutorial into a new file, but still no luck. I've purged the whole lot now and will see if I have any luck third time around. Thanks for the advice anyway!
I started again and got up to the end of page 2 but found the same problem. However at the beginning, i had trouble with mysql. The stadard mysql-server would not start: Starting MySQL database server: mysqld...failed. Please take a look at the syslog. /usr/bin/mysqladmin: connect to server at 'localhost' failed error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)' Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists! so i installed mysql-common-4.1 and mysql-server-4.1 instead. Could this be the trouble? do i need to run everything again from the start with mysql-server-4.1 and mysql-client-4.1 in the apt-get command instead in order for the pam stuff to be configured correctly?
Its not a good idea to install other packages then the ones mentioned in the howtos. Its better to try to find the errors instead. Did you get any errors in the mysql error log?
OK, I've now messed about with mysql so that it is the right version. Seems i was getting that error because i hadn't purged the database structure when i downgraded, so i did that and rebuilt the necessary tables as per the tutorial and mysql is now running. root@inauraa1:~# netstat -tap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:imaps *:* LISTEN 9048/couriertcpd tcp 0 0 *op3s *:* LISTEN 9069/couriertcpd tcp 0 0 localhost:10024 *:* LISTEN 11260/amavisd (mast tcp 0 0 localhost:mysql *:* LISTEN 8857/mysqld tcp 0 0 *op3 *:* LISTEN 9056/couriertcpd tcp 0 0 *:imap2 *:* LISTEN 9035/couriertcpd tcp 0 0 *:sunrpc *:* LISTEN 11419/portmap tcp 0 0 *:www *:* LISTEN 5069/apache2 tcp 0 0 *:ssh *:* LISTEN 1080/sshd tcp 0 0 inauraa1.miniserve:9111 *:* LISTEN 1108/php4 tcp 0 0 *ostgresql *:* LISTEN 2145/postmaster tcp 0 0 *:smtp *:* LISTEN 1229/master tcp 0 0 *:12121 *:* LISTEN 20281/perl tcp 0 0 *:https *:* LISTEN 5069/apache2 tcp 0 0 inauraa1.miniserve:9111 webcache-01.swgfl:48699 CLOSE_WAIT 1108/php4 tcp 0 0 inauraa1.miniserver:ssh host-84-9-130-65.b:1199 ESTABLISHED6972/0 tcp 0 0 inauraa1.miniserve:9111 host-84-9-129-229.:3239 CLOSE_WAIT 1108/php4 tcp 0 0 inauraa1.miniserve:9111 88-108-81-10.dynam:1395 CLOSE_WAIT 1108/php4 tcp 0 0 inauraa1.miniserve:9111 88-108-81-10.dynam:1396 CLOSE_WAIT 1108/php4 tcp 0 0 inauraa1.miniserve:9111 host-84-9-129-229.:3244 CLOSE_WAIT 1108/php4 tcp 0 0 inauraa1.miniserve:9111 webcache-16.swgfl:56470 CLOSE_WAIT 1108/php4 tcp 0 0 inauraa1.miniserve:9111 webcache-20.swgfl:50075 CLOSE_WAIT 1108/php4 /etc/hosts 127.0.0.1 localhost localhost.localdomain # The following lines are desirable for IPv6 capable hosts # (added automatically by netbase upgrade) ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts (I added localhost.localdomain after reading a thread that suggested doing this in response to this problem (i think on this site) but that alone didn't work.) Anyway, now, the SASL issue appears to be gone and the logs no longer say that this is happening, but instead, I'm getting a 'relay access denied' error: Jan 15 20:15:09 inauraa1 courierpop3login: LOGIN, user=matt at myday.to, ip=[::ffff:84.9.130.65] Jan 15 20:15:10 inauraa1 courierpop3login: LOGOUT, user=matt at myday.to, ip=[::ffff:84.9.130.65], top=0, retr=0, time=1 Jan 15 20:15:32 inauraa1 postfix/smtpd[9078]: connect from host-84-9-130-65.bulldogdsl.com[84.9.130.65] Jan 15 20:15:38 inauraa1 postfix/smtpd[9078]: NOQUEUE: reject: RCPT from host-84-9-130-65.bulldogdsl.com[84.9.130.65]: 554 <matt at inaura.net>: Relay access denied; from=<matt at myday.to> to=<matt at inaura.net> proto=ESMTP helo=<[127.0.0.1]> Jan 15 20:15:38 inauraa1 postfix/smtpd[9078]: disconnect from host-84-9-130-65.bulldogdsl.com[84.9.130.65] Jan 15 20:24:55 inauraa1 courierpop3login: Connection, ip=[::ffff:84.9.130.65] Jan 15 20:24:55 inauraa1 courierpop3login: LOGIN, user=matt at myday.to, ip=[::ffff:84.9.130.65] Jan 15 20:24:55 inauraa1 courierpop3login: LOGOUT, user=matt at myday.to, ip=[::ffff:84.9.130.65], top=0, retr=0, time=0 Jan 15 20:25:10 inauraa1 postfix/smtpd[9124]: connect from host-84-9-130-65.bulldogdsl.com[84.9.130.65] Jan 15 20:25:11 inauraa1 postfix/smtpd[9124]: NOQUEUE: reject: RCPT from host-84-9-130-65.bulldogdsl.com[84.9.130.65]: 554 <upmytree at gmail.com>: Relay access denied; from=<matt at myday.to> to=<upmytree at gmail.com> proto=ESMTP helo=<[127.0.0.1]> Jan 15 20:25:11 inauraa1 postfix/smtpd[9124]: disconnect from host-84-9-130-65.bulldogdsl.com[84.9.130.65] the the mysql tables currently have only two entries: myday.to in domains and matt at myday.to in users. here is main.cf: # See /usr/share/postfix/main.cf.dist for a commented, more complete version smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h myhostname = mail.myday.to alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = mail.myday.to, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all virtual_alias_domains = virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /home/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_use_tls = yes smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key transport_maps = mysql:/etc/postfix/mysql-virtual_transports.cf virtual_create_maildirsize = yes virtual_mailbox_extended = yes virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = "The user you are trying to reach is over quota." virtual_overquota_bounce = yes proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps Thanks for continuing assistance. Much appreciated. Matt edit: removed @ to stop spam bots
I guess you mixed something up. Did you use the virtual mysql howto together with ISPConfig? ISPConfig does not support postfix + mySQL. The postfix main.cf is completely incompatible with ISPConfig, you will have to use one of the perfect setup howtos listed on the ISPConfig documentation page: http://www.ispconfig.org/documentation.htm
P.S. auth.log says this: Jan 15 23:17:35 inauraa1 postfix/smtpd[10386]: sql_select option missing Jan 15 23:17:35 inauraa1 postfix/smtpd[10386]: auxpropfunc error no mechanism available Jan 15 23:17:35 inauraa1 postfix/smtpd[10386]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
I'm not using ISPConfig. should I be? I use webmin for some things as the ISP supplied it. There's a limit to how far i can follow the perfect setup tutorial as I'm administering a remote miniserver and can't reinstall from scratch. Can you recommend a way to get the server to that state using SSH so i can start from scratch?
We were thinking this because you posted this in the ISPConfig Installation/Configuration forum and therefore led us on the completely wrong track... I'll move it to the normal Installation/Configuration forum now. Ok, you're using this tutorial: http://www.howtoforge.com/virtual_postfix_mysql_quota_courier I suggest you compare all the configuration files from the tutorial with your own ones, I guess there's a typo or something like that in one of them. Also have a look here: http://www.howtoforge.com/forums/showthread.php?t=2011 http://www.howtoforge.com/forums/showthread.php?t=861
OK, I've checked the files again using vi on an FC4 box and found a couple of ^M characters at the end of lines, which I've removed. still no luck though. testsaslauthd -u <account> -p <password> gives me this : connect() : No such file or directory ps waux | grep saslauthd gives me: root 12237 0.0 0.2 1616 464 pts/0 S+ 13:12 0:00 grep saslauthd I don't think saslauthd is running properly, but not sure how to get it going again. saslauthd start gives me this: saslauthd start saslauthd[12238] :main : no authentication mechanism specified usage: saslauthd [options] option information: -a <authmech> Selects the authentication mechanism to use. -c Enable credential caching. -d Debugging (don't detach from tty, implies -V) -r Combine the realm with the login before passing to authentication mechanism Ex. login: "foo" realm: "bar" will get passed as login: "foo@bar" The realm name is passed untouched. -O <option> Optional argument to pass to the authentication mechanism. -l Disable accept() locking. Increases performance, but may not be compatible with some operating systems. -m <path> Alternate path for the saslauthd working directory, must be absolute. -n <procs> Number of worker processes to create. -s <kilobytes> Size of the credential cache (in kilobytes) -t <seconds> Timeout for items in the credential cache (in seconds) -v Display version information and available mechs -V Enable verbose logging -h Display this message. saslauthd 2.1.19 authentication mechanisms: sasldb getpwent kerberos4 kerberos5 pam rimap shadow ldap seems not possible to restart it
Also, I tried the instructions in the threads you mentioned, but no luck - my pam.d/smtp file is exactly as it should be. I found a load more of the ^M characters in all of the mysql-virtual* files after the passwords and stuff and got rid of them, but still the same error except now with this added: inauraa1 postfix/smtpd[17805]: sql_select option missing Jan 16 16:56:47 inauraa1 postfix/smtpd[17805]: auxpropfunc error no mechanism available Jan 16 16:56:47 inauraa1 postfix/smtpd[17805]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql Jan 16 16:58:34 inauraa1 saslauthd[17721]: (pam_unix) check pass; user unknown Jan 16 16:58:35 inauraa1 saslauthd[17721]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Jan 16 16:58:37 inauraa1 saslauthd[17721]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module Jan 16 16:58:37 inauraa1 saslauthd[17721]: do_auth : auth failure: [service=imap] [realm=] [mech=pam] [reason=PAM auth error]