Hi, I'm desperately trying to authenticate via sasl2 through postfix installed on a Debian Sarge. I wanted to use sasldb authentication, so I created a test account : login:test password:test with no realm info. TLS support in postfix is not activated at the moment. Here's the output for a local telnet test: Code: # telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. 220 mysmtp.mydomain.tld ESMTP (Debian/GNU) ehlo localhost 250-mysmtp.mydomain.tld 250-PIPELINING PLAIN 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250 8BITMIME AUTH PLAIN dGVzdAB0ZXN0AHRlc3Q= 535 Error: authentication failed mail.log says : Code: warning: SASL authentication failure: Password verification failed warning: localhost.localdomain[127.0.0.1]: SASL PLAIN authentication failed The account has been tested OK as far as saslauthd is concerned: Code: # testsaslauthd -u test -p test -f /var/spool/postfix/var/run/saslauthd/mux 0: OK "Success." Everything works fine in the chrooted postscript when configured to ask for shadow passwords (MECHANISMS="shadow" in /etc/default/saslauthd and pwcheck_method: saslauthd in /etc/postfix/sasl/smtpd.conf) but no way to make it work with MECHANISMS="sasldb" and pwcheck_method: auxprop. Thanks for any assistance to solve this problem. I already spent a couple of days tearing my hair off on this issue, but I could not find neither any valuable info on the internet nor any workaround on my own. Sorry for all the code provided... Here is my main.cf: Code: smtpd_banner = $myhostname ESMTP (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h myhostname = mysmtp.mydomain.tld mydomain = mydomain.tld alias_maps = hash:/etc/postfix/aliases alias_database = hash:/etc/postfix/aliases myorigin = $mydomain mydestination = $myhostname, $mydomain, localhost relayhost = mynetworks = 127.0.0.0/8 home_mailbox = Maildir/ mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 51200000 recipient_delimiter = + inet_interfaces = $myhostname, localhost smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender # Use amavis filtering content_filter=smtp-amavis:[127.0.0.1]:10024 # Reject exe attachement files header_checks = regexp:/etc/postfix/header_checks # SASL support (SMPTP AUTH) smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous # smtpd_sasl_application_name = smtpd broken_sasl_auth_clients = yes # SSL / TLS identification key files # smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key # smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt # smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem # SSL / TLS support parameters # smtpd_tls_auth_only = no # smtpd_use_tls = yes # smtpd_tls_loglevel = 1 # smtpd_tls_ask_ccert = yes # smtpd_tls_received_header = yes # smtpd_tls_session_cache_timeout = 3600s # tls_random_source = dev:/dev/urandom and my master.cf: Code: smtp inet n - - - - smtpd #submission inet n - - - - smtpd # -o smtpd_etrn_restrictions=reject #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - - 300 1 qmgr #qmgr fifo n - - 300 1 oqmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - - - - smtp relay unix - - - - - smtp # -o smtp_helo_timeout=5 # -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil # # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # maildrop. See the Postfix MAILDROP_README file for details. # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} # only used by postfix-tls tlsmgr fifo - - n 300 1 tlsmgr smtps inet n - y - - smtpd -v -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes 587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookup=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.1/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 and finally my /etc/postfix/sasl/smtpd.conf: Code: pwcheck_method: auxprop mech_list: plain login auxprop_plugin: sasldb2
Same problem as Keulu Hello! I have the same problem as Keulu here and I can't find any solution to the problem. I had a completely new installation of Debian 3.1 when starting to install according to the "Perfect Setup" for the correct version of Debian. I followed every step by copying and pasting, but still the SMTP AUTH functionality doesn't work. Everytime I try to connect with the client (Microsoft Outlook Express & others) the password isn't accepted. In the logfile I get the following error everytime I try to authenticate a user: Aug 28 09:57:10 postfix/smtpd[12365]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory I have checked with testsaslauthd and it responds OK. I have set password with saslpasswd2 to no awail. What else can I try? Can I do other checks to see if everything is working? Since the logfile is referring to that smtpd is unable to connect to saslauthd is there anything I can do to make sure it is connecting? How does it connect? Is it using a pipe or a socket? If the pipe is known perhaps one can try that, manually? I am out of options right now. I have checked every place on Internet I can find that discuss this problem. It was so easy for version 3.0 of Debian. Everything worked directly. Please help!
Please make sure saslauthd is started. What's the output of Code: ps aux | grep saslauthd ? Also make sure saslauthd is chrooted correctly (as Postfix is running chrooted), as described in the tutorial. Compare your /etc/default/saslauthd and /etc/init.d/saslauthd with the ones from the tutorial.
Hello, thanks for the reply! I just got it working... I changed in my client from port 465 tcp to use port 25 tcp. In the earlier version I had to use port 465 and not 25 to get it working. Why is it different now??
I guess the process on port 465 isn't running chrooted, as is the process on port 25. You can check in /etc/postfix/master.cf.
