SMTP Auth error *Resolved post #3* I'm sorry if I am being a bit dimm but I can't authenticate SMTP after following the Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin, ClamAV) tutorial almost word-for-word. Both pop and imap are working brilliantly, but when I come to enter my UN & PW (same ones for pop & imap auth) it is refused. Note: DNS & PortForwarding is set up correctly. A telnet localhost 25 returns correctly, it is just the un & pw that seem to be the problem. Thunderbird says: Here are some of my sasl files: /etc/default/saslauthd Code: # This needs to be uncommented before saslauthd will be run automatically START=yes # You must specify the authentication mechanisms you wish to use. # This defaults to "pam" for PAM support, but may also include # "shadow" or "sasldb", like this: # MECHANISMS="pam shadow" MECHANISMS="pam" PARAMS="-m /var/spool/postfix/var/run/saslauthd -r" /etc/init.d/saslauthd Code: #! /bin/sh ### BEGIN INIT INFO # Provides: saslauthd # Required-Start: $local_fs $remote_fs # Required-Stop: $local_fs $remote_fs # Default-Start: 2 3 4 5 # Default-Stop: S 0 1 6 # Short-Description: saslauthd startup script # Description: This script starts the saslauthd daemon. It is # configured using the file /etc/default/saslauthd. ### END INIT INFO # Author: Fabian Fagerholm <[email protected]> # # Based on previous work by Dima Barsky. # Do NOT "set -e" # PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/usr/sbin:/usr/bin:/sbin:/bin DESC="SASL Authentication Daemon" NAME=saslauthd DAEMON=/usr/sbin/$NAME DAEMON_ARGS="" SCRIPTNAME=/etc/init.d/$NAME FALLBACK_RUN_DIR=/var/run/$NAME EXIT_ERROR_CODE=1 # Exit if the daemon is not installed test -x "$DAEMON" || exit 0 # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME # Load the VERBOSE setting and other rcS variables [ -f /etc/default/rcS ] && . /etc/default/rcS # Define LSB log_* functions. # Depend on lsb-base (>= 3.0-6) to ensure that this file is present. . /lib/lsb/init-functions # Determine run directory and pid file location by looking for an -m option. RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'` if [ -z "$RUN_DIR" ]; then # No run directory defined in defaults file, use fallback RUN_DIR=$FALLBACK_RUN_DIR fi [B]PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"[/B] # If the daemon is not enabled, give the user a warning and then exit, # unless we are stopping the daemon if [ "$START" != "yes" -a "$1" != "stop" ]; then log_warning_msg "To enable $NAME, edit /etc/default/$NAME and set START=yes" exit 0 fi # If no mechanisms are defined, log this and exit if [ -z "$MECHANISMS" ]; then log_failure_msg "No mechanisms defined in /etc/default/$NAME," \ "not starting $NAME" exit $EXIT_ERROR_CODE fi # If there are mechanism options defined, prepare them for use with the -O flag if [ -n "$MECH_OPTIONS" ]; then MECH_OPTIONS="-O $MECH_OPTIONS" fi # If there is a threads option defined, prepare it for use with the -n flag if [ -n "$THREADS" ]; then THREAD_OPTIONS="-n $THREADS" fi # Construct argument string DAEMON_ARGS="$DAEMON_ARGS -a $MECHANISMS $MECH_OPTIONS $OPTIONS $THREAD_OPTIONS" # # Function that creates a directory with the specified # ownership and permissions # createdir() { # $1 = user # $2 = group # $3 = permissions (octal) # $4 = path to directory # In the future, use -P/-Z to have SE Linux enhancement. install -d --group="$2" --mode="$3" --owner="$1" "$4" } # # Function that starts the daemon/service # do_start() { # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started if dpkg-statoverride --list $RUN_DIR > /dev/null; then dir=`dpkg-statoverride --list $RUN_DIR` fi test -z "$dir" || createdir $dir start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \ --exec $DAEMON --test > /dev/null \ || return 1 start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \ --exec $DAEMON -- $DAEMON_ARGS \ || return 2 # Add code here, if necessary, that waits for the process to be ready # to handle requests from services started subsequently which depend # on this one. As a last resort, sleep for some time. } # # Function that stops the daemon/service # do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \ --pidfile $PIDFILE --name $NAME RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Wait for children to finish too if this is a daemon that forks # and if the daemon is only ever run from this initscript. # If the above conditions are not satisfied then add some other code # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 \ --exec $DAEMON [ "$?" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. rm -f $PIDFILE return "$RETVAL" } # # Function that sends a SIGHUP to the daemon/service # do_reload() { # # If the daemon can reload its configuration without # restarting (for example, when it is sent a SIGHUP), # then implement that here. # start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE \ --name $NAME return 0 } case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" do_start case "$?" in 0) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 1) [ "$VERBOSE" != no ] && log_progress_msg "(already running)" && \ log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 1) [ "$VERBOSE" != no ] && log_progress_msg "(not running)" && \ log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; #reload|force-reload) # # If do_reload() is not implemented then leave this commented out # and leave 'force-reload' as an alias for 'restart'. # #log_daemon_msg "Reloading $DESC" "$NAME" #do_reload #log_end_msg $? #;; restart|force-reload) # # If the "reload" option is implemented then remove the # 'force-reload' alias # log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 exit 3 ;; esac : /etc/pam.d/smtp Code: auth required pam_mysql.so user=mail_admin passwd=[B]CORRECT_PWD_REPLACED[/B] host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1 account sufficient pam_mysql.so user=mail_admin passwd=[B]CORRECT_PWD_REPLACED[/B] host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1 /etc/postfix/sasl/smtpd.conf Code: pwcheck_method: saslauthd mech_list: plain login allow_plaintext: true auxprop_plugin: mysql sql_hostnames: 127.0.0.1 sql_user: mail_admin sql_passwd: [B]CORRECT_PWD_REPLACED[/B] sql_database: mail sql_select: select password from users where email = '%u' Finally, my /etc/postfix/main.cf Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version #Lines for SASL smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = [B]MYDOMAIN[/B] smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_security_options = noanonymous # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = [B]MYDOMAIN[/B] alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = [B]MYDOMAIN[/B], localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /home/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 virtual_sasl_auth_enable = yes virtual_sasl_auth_clients = yes broken_sasl_auth_clients = yes smtpd_use_cert_file = /etc/postfix/smtpd.cert smtpd_use_key_file = /etc/postfix/smtpd.key transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf virtual_mailbox_extended = yes virtual_mailbox_limit_maips = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_mailbox_limit_message = "The user you are trying to reach is over their quota, sorry." virtual_overquota_bounce = yes proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps content_filter = amavis:[127.0.0.1]:10024 recieve_override_options = no_address_mappings virtual_create_maildirsize = yes virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf virtual_maildir_limit_message = "The user you are trying to reach is over quota." tail -f /var/log/mail.log - during SMTP attempt Code: Feb 20 22:22:26 CHANGED_DOMAIN postfix/smtpd[19346]: connect from 216.XXX.XXXXXXXXX[84.XXX.XXX.XXX] Feb 20 22:23:33 CHANGED_DOMAIN postfix/smtpd[19346]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory Feb 20 22:23:33 CHANGED_DOMAIN postfix/smtpd[19346]: warning: SASL authentication failure: Password verification failed Feb 20 22:23:33 CHANGED_DOMAIN postfix/smtpd[19346]: warning: 216.XXX.XXXXXXXXX[84.XXX.XXX.XXX]: SASL PLAIN authentication failed: generic failure Feb 20 22:23:34 CHANGED_DOMAIN postfix/smtpd[19346]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory Feb 20 22:23:34 CHANGED_DOMAIN postfix/smtpd[19346]: warning: 216.XXX.XXXXXXXXX[84.XXX.XXX.XXX]: SASL LOGIN authentication failed: generic failure Feb 20 22:24:22 CHANGED_DOMAIN postfix/smtpd[19346]: disconnect from 216.XXX.XXXXXXXXX[84.XXX.XXX.XXX]
It seems like postfix is unable to locate the saslauthd socket. If you are running postfix chrooted set this option Code: smtpd_sasl_path = /var/run/saslauthd If not chrooted then Code: smtpd_sasl_path = /var/spool/postfix/var/run/saslauthd
Resolved Thanks very much topdog but I noticed that in /etc/init.d/saslauthd I had Code: DAEMON_ARGS=" " so I replaced this with Code: DAEMON_ARGS=" -m /var/spool/postfix/var/run/saslauthd -r" et voila! Hope this helps someone else.
