I set up my mail server following the virtual users and domains with postfix debian etch tutorial. Everything seems to be working perfectly except smtp login (I can receive mail through pop no problem and local smtp delivery works.) Here's what the mail.log says: Code: Sep 16 19:57:32 my_hostname postfix/smtpd[20191]: connect from <my_ip>[<my_ip>] Sep 16 19:57:33 my_hostname postfix/smtpd[20191]: warning: SASL authentication failure: Password verification failed Sep 16 19:57:33 my_hostname postfix/smtpd[20191]: warning: <my_ip>[<my_ip>]: SASL PLAIN authentication failed: authentication failure Sep 16 19:57:33 my_hostname postfix/smtpd[20191]: warning: <my_ip>[<my_ip>]: SASL LOGIN authentication failed: authentication failure Sep 16 19:57:34 my_hostname postfix/smtpd[20191]: disconnect from <my_ip>[<my_ip>] auth.log says only this: Code: Sep 16 19:57:32 my_hostname postfix/smtpd[20191]: sql auxprop plugin using mysql engine I've seen a lot of authentication error threads on this forum but they all reported a specific error in the logs. I can't find anything besides 'authentication failed' so I don't know where to start looking for the problem. My /etc/default/saslauthd Code: root@my_hostname:~# cat /etc/default/saslauthd # This needs to be uncommented before saslauthd will be run automatically START=yes # You must specify the authentication mechanisms you wish to use. # This defaults to "pam" for PAM support, but may also include # "shadow" or "sasldb", like this: # MECHANISMS="pam shadow" MECHANISMS="pam" PARAMS="-m /var/spool/postfix/var/run/saslauthd -r" /etc/pam.d/smtp: Code: root@my_hostname:~# cat /etc/pam.d/smtp auth required pam_mysql.so user=mail_admin passwd=<passwd> host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1 account sufficient pam_mysql.so user=mail_admin passwd=<passwd> host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1 /etc/postfix/main.cf: Code: root@my_hostname:~# cat /etc/postfix/main.cf # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = mail.myhost.com mydomain = myhost.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = mail.myhost.com, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all notify_classes = resource, software, delay virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /home/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf virtual_create_maildirsize = yes virtual_mailbox_extended = yes virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = "The user you are trying to reach is over quota." virtual_overquota_bounce = yes proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings smtpd.conf: Code: root@my_hostname:~# cat /etc/postfix/sasl/smtpd.conf pwcheck_method: saslauthd mech_list: plain login log_level: 5 allow_plaintext: true auxprop_plugin: mysql sql_hostnames: 127.0.0.1 sql_user: mail_admin sql_passwd: <my password> sql_database: mail sql_select: select password from users where email = '%u' Everything looks the same as in the tutorial. I even re-generated my server certificate just to be sure. If anyone has any more ideas I'd be very grateful.
Your /etc/default/saslauthd is wrong. This is how it should look: http://www.howtoforge.com/virtual_users_and_domains_with_postfix_debian_etch_p3
The only significant difference I see there is the -c option (which enables caching.) The other two (MECH_OPTIONS="" and THREADS=5) are defaults. To be 100% sure I copied all the default options too so now my saslauthd looks like this: Code: root@my_host:~# cat /etc/default/saslauthd # This needs to be uncommented before saslauthd will be run automatically START=yes # You must specify the authentication mechanisms you wish to use. # This defaults to "pam" for PAM support, but may also include # "shadow" or "sasldb", like this: # MECHANISMS="pam shadow" MECHANISMS="pam" MECH_OPTIONS="" THREADS=5 PARAMS="-c -m /var/spool/postfix/var/run/saslauthd -r" But the error reported is exactly the same: Code: Sep 17 18:56:04 my_host postfix/smtpd[24417]: warning: SASL authentication failure: Password verification failed Sep 17 18:56:04 my_host postfix/smtpd[24417]: warning: my_ip[my_ip]: SASL PLAIN authentication failed: authentication failure Sep 17 18:56:04 my_host postfix/smtpd[24417]: warning: my_ip[my_ip]: SASL LOGIN authentication failed: authentication failure
It must be OPTIONS, not PARAMS: Code: # # Settings for saslauthd daemon # # Should saslauthd run automatically on startup? (default: no) START=yes # Which authentication mechanisms should saslauthd use? (default: pam) # # Available options in this Debian package: # getpwent -- use the getpwent() library function # kerberos5 -- use Kerberos 5 # pam -- use PAM # rimap -- use a remote IMAP server # shadow -- use the local shadow password file # sasldb -- use the local sasldb database file # ldap -- use LDAP (configuration is in /etc/saslauthd.conf) # # Only one option may be used at a time. See the saslauthd man page # for more information. # # Example: MECHANISMS="pam" MECHANISMS="pam" # Additional options for this mechanism. (default: none) # See the saslauthd man page for information about mech-specific options. MECH_OPTIONS="" # How many saslauthd processes should we run? (default: 5) # A value of 0 will fork a new process for each connection. THREADS=5 # Other options (default: -c) # See the saslauthd man page for information about these options. # # Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd" # Note: See /usr/share/doc/sasl2-bin/README.Debian OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
I'm not sure that's correct for my installation. When I change it from PARAMS to OPTIONS, this happens: Code: root@my_host:~# ps aux | grep saslau root 3499 0.0 0.0 30412 1648 ? Ss 00:47 0:00 /usr/sbin/saslauthd -a pam root 3500 0.0 0.0 30412 1640 ? S 00:47 0:00 /usr/sbin/saslauthd -a pam root 3501 0.0 0.0 30412 1640 ? S 00:47 0:00 /usr/sbin/saslauthd -a pam root 3502 0.0 0.0 30412 1640 ? S 00:47 0:00 /usr/sbin/saslauthd -a pam root 3503 0.0 0.0 29344 672 ? S 00:47 0:00 /usr/sbin/saslauthd -a pam And when I change it back to PARAMS: Code: root@my_host:~# ps aux | grep saslau root 3689 0.0 0.0 30312 1156 ? Ss 00:50 0:00 /usr/sbin/saslauthd -c -m /var/spool/postfix/var/run/saslauthd -r -a pam root 3690 0.0 0.0 30312 672 ? S 00:50 0:00 /usr/sbin/saslauthd -c -m /var/spool/postfix/var/run/saslauthd -r -a pam root 3691 0.0 0.0 30312 484 ? S 00:50 0:00 /usr/sbin/saslauthd -c -m /var/spool/postfix/var/run/saslauthd -r -a pam root 3692 0.0 0.0 30312 484 ? S 00:50 0:00 /usr/sbin/saslauthd -c -m /var/spool/postfix/var/run/saslauthd -r -a pam root 3693 0.0 0.0 30312 484 ? S 00:50 0:00 /usr/sbin/saslauthd -c -m /var/spool/postfix/var/run/saslauthd -r -a pam And either way I'm not getting authenticated.
Hi Hi, When you built your email server. That means you created your very own email address. For example if i built a mail server, i can make an email address called [email protected] If im way off, would you mind explaining the concept. Lindows