ssmtp and spamassassin

I am running postfix, dovecot, and am now running spamassassin. When I got to receive mail, I get these errors in my maillog file:

Code:

 postfix/submission/smtpd[12415]: warning: unknown[<ip>]: SASL LOGIN authentication failed: <hash>
sSMTP[12413]: Authorization failed (535 5.7.8 Error: authentication failed: <hash>)
lost connection after AUTH from unknown[<ip>]
 disconnect from unknown[<ip>]
to=<email>, relay=spamassassin, delay=4.3, delays=0.28/0.01/0/4, dsn=5.3.0, status=bounced (Command died with status 1: "/usr/bin/spamc". Command output: sendmail: Authorization failed (535 5.7.8 Error: authentication failed: <hash>) )

 

If your mail system worked previously, and stopped working after spamassassin was installed, I guess the spamassassin configuration is wrong.

 

I would appreciate guidance on how to resolve this error.

 

For some reason, the password, decoded, is turning out to be: "Password:" Any ideas why?

 

UGFzc3dvcmQ6 decodes to "Password:" This is postfix not writing the used password into the logfile. Just some bots trying to log in. It is as old as the internet, everyone sees this attempts.

Which error?

This is just a warning, that someone tried to log in and used a wrong password. Was that you? -> Make sure to use the right password, if it is still not working, increase verbosity of logging. If it wasn't you, then everything is working as intended (unknown connection was not able to log in).

 

Here is verbose logging:

Code:

Feb 23 05:58:47 mail sSMTP[25404]: Creating SSL connection to host
Feb 23 05:58:47 mail postfix/submission/smtpd[25408]: connect from unknown[<IP>]
Feb 23 05:58:47 mail sSMTP[25404]: SSL connection using ECDHE-RSA-AES256-GCM-SHA384
Feb 23 05:58:47 mail dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Feb 23 05:58:47 mail dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
Feb 23 05:58:47 mail dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so
Feb 23 05:58:47 mail dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
Feb 23 05:58:47 mail dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat
Feb 23 05:58:47 mail dovecot: auth: Debug: auth client connected (pid=0)
Feb 23 05:58:47 mail dovecot: auth: Debug: client in: AUTH#0111#011LOGIN#011service=smtp#011nologin#011lip=<IP>#011rip=<IP>#011secured
Feb 23 05:58:47 mail dovecot: auth: Debug: client passdb out: CONT#<random value>
Feb 23 05:58:47 mail dovecot: auth: Debug: client in: CONT<hidden>
Feb 23 05:58:47 mail dovecot: auth: Debug: client passdb out: CONT#0111#<random value>
Feb 23 05:58:47 mail dovecot: auth: Debug: client in: CONT<hidden>
Feb 23 05:58:47 mail dovecot: auth-worker(25414): Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Feb 23 05:58:47 mail dovecot: auth-worker(25414): Debug: Module loaded: /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
Feb 23 05:58:47 mail dovecot: auth-worker(25414): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so
Feb 23 05:58:47 mail dovecot: auth-worker(25414): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
Feb 23 05:58:47 mail dovecot: auth-worker(25414): Debug: pam(<user email>,<IP>): lookup service=dovecot
Feb 23 05:58:47 mail dovecot: auth-worker(25414): Debug: pam(<user email>,<IP>): #1/1 style=1 msg=Password:
Feb 23 05:58:49 mail dovecot: auth-worker(25414): pam(<user email>,<IP>): unknown user
Feb 23 05:58:49 mail dovecot: auth-worker(25414): Debug: sql(<user email>,<IP>): query: SELECT email as user, password FROM virtual_users WHERE email='<user email>';
Feb 23 05:58:49 mail dovecot: auth-worker(25414): sql(<user email>,<IP>): Password mismatch
Feb 23 05:58:51 mail postfix/submission/smtpd[25408]: warning: unknown[<IP>]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Feb 23 05:58:51 mail dovecot: auth: Debug: client passdb out: FAIL#0111#011user=<user email>
Feb 23 05:58:51 mail sSMTP[25404]: Authorization failed (535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6)
Feb 23 05:58:51 mail postfix/submission/smtpd[25408]: lost connection after AUTH from unknown[<IP>]
Feb 23 05:58:51 mail postfix/submission/smtpd[25408]: disconnect from unknown[<IP>]
Feb 23 05:58:51 mail sSMTP[25422]: Creating SSL connection to host
Feb 23 05:58:51 mail postfix/submission/smtpd[25408]: connect from unknown[<IP>]
Feb 23 05:58:51 mail sSMTP[25422]: SSL connection using ECDHE-RSA-AES256-GCM-SHA384
Feb 23 05:58:51 mail dovecot: auth: Debug: client in: AUTH#0112#011LOGIN#011service=smtp#011nologin#011lip=<IP>#011rip=<IP>#011secured
Feb 23 05:58:55 mail dovecot: auth: Debug: client passdb out: CONT#0112#<random value>
Feb 23 05:58:55 mail dovecot: auth: Debug: client in: CONT<hidden>

I know my credentials are correct, because I can log in from else where. So maybe something is mis-configured? If so, how do I find out where that is?

 

I am still not sure what you try to do and how you do it. In the first post you wrote something about receiving. Now you post a log about sending a mail. You have an "unknown user" error.
You did not write if this is the first setup or if it worked before and you changed something?
You have not posted any config files (have you followed a guide, etc..). It could be that the format of your username does not fit what dovecot expects but with the provided information I can't help you. The only thing would be to search google for your error and suggest these solutions. But that you can do for yourself.
Can you send mails with the same credentials with a different client? Do you use ssmtp on localhost?

 

So this happens when I receive mail (ie I send an email from gmail, to this personal email server).
Here is the tutorial that I followed: https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mariadb-on-centos-7/.
And yes, I can send e-mails from my personal server.

 

Your log does not show the attempt from a remote server to send mails to you. It shows a client trying to send mails from your server and is denied because of a wrong password.

 

ok, I have a feeling these issues are related. I thought sending emails works, but it looks like installing spamassasin may have broke that too. As for receiving an email, here is what I get:

Code:

Mar  1 08:00:26 mail postfix/smtpd[10241]: connect from mail-yw1-f41.google.com[209.85.161.41]
Mar  1 08:00:27 mail postfix/smtpd[10241]: 79F7960823: client=mail-yw1-f41.google.com[209.85.161.41]
Mar  1 08:00:27 mail postfix/cleanup[10252]: 79F7960823: <myip>ssage-id=<<id>@mail.gmail.com>
Mar  1 08:00:27 mail postfix/qmgr[29134]: 79F7960823: from=<[email protected]>, size=3277, nrcpt=1 (queue active)
Mar  1 08:00:27 mail spamd[19454]: spamd: connection from localhost [::1]:42066 to port 783, fd 6
Mar  1 08:00:27 mail spamd[19454]: spamd: setuid to spamd succeeded
Mar  1 08:00:27 mail spamd[19454]: spamd: processing <myip>ssage <<id>@mail.gmail.com> for spamd:5001
Mar  1 08:00:27 mail postfix/smtpd[10241]: disconnect from mail-yw1-f41.google.com[209.85.161.41]
Mar  1 08:00:27 mail spamd[19454]: spamd: clean <myip>ssage (0.1/5.0) for spamd:5001 in 0.2 seconds, 3250 bytes.
Mar  1 08:00:27 mail spamd[19454]: spamd: result: . 0 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_<myip>SSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS scanti<myip>=0.2,size=3250,user=spamd,uid=5001,required_score=5.0,rhost=localhost,raddr=::1,rport=42066,mid=<<id>@mail.gmail.com>,autolearn=no autolearn_force=no
Mar  1 08:00:27 mail sSMTP[10258]: Creating SSL connection to host
Mar  1 08:00:28 mail postfix/submission/smtpd[10260]: connect from unknown[<myip>]
Mar  1 08:00:28 mail sSMTP[10258]: SSL connection using ECDHE-RSA-AES256-GCM-SHA384
Mar  1 08:00:28 mail dovecot: auth: Debug: auth client connected (pid=0)
Mar  1 08:00:28 mail dovecot: auth: Debug: client in: AUTH#0111#011LOGIN#011service=smtp#011nologin#011lip=<myip>#011rip=<myip>#011secured
Mar  1 08:00:28 mail dovecot: auth: Debug: client passdb out: CONT#0111#<value>
Mar  1 08:00:28 mail dovecot: auth: Debug: client in: CONT<hidden>
Mar  1 08:00:28 mail dovecot: auth: Debug: client passdb out: CONT#0111#<value>
Mar  1 08:00:28 mail dovecot: auth: Debug: client in: CONT<hidden>
Mar  1 08:00:28 mail dovecot: auth-worker(22911): Debug: pam([email protected],<myip>): lookup service=dovecot
Mar  1 08:00:28 mail dovecot: auth-worker(22911): Debug: pam([email protected],<myip>): #1/1 style=1 msg=Password:
Mar  1 08:00:28 mail spamd[19451]: prefork: child states: II
Mar  1 08:00:29 mail dovecot: auth-worker(22911): pam([email protected],<myip>): unknown user
Mar  1 08:00:29 mail dovecot: auth-worker(22911): Debug: sql([email protected],<myip>): query: SELECT email as user, password FROM virtual_users WHERE email='[email protected]';
Mar  1 08:00:29 mail dovecot: auth-worker(22911): sql([email protected],<myip>): Password mismatch
Mar  1 08:00:31 mail postfix/submission/smtpd[10260]: warning: unknown[<myip>]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Mar  1 08:00:31 mail dovecot: auth: Debug: client passdb out: FAIL#0111#[email protected]
Mar  1 08:00:31 mail sSMTP[10258]: Authorization failed (535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6)
Mar  1 08:00:31 mail postfix/submission/smtpd[10260]: lost connection after AUTH from unknown[<myip>]
Mar  1 08:00:31 mail postfix/submission/smtpd[10260]: disconnect from unknown[<myip>]
Mar  1 08:00:31 mail postfix/pipe[10257]: 79F7960823: to=<[email protected]>, relay=spamassassin, delay=4, delays=0.29/0.01/0/3.7, dsn=5.3.0, status=bounced (Command died with status 1: "/usr/bin/spamc". Command output: sendmail: Authorization failed (535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6) )
Mar  1 08:00:31 mail postfix/cleanup[10252]: 6CF2260825: <myip>ssage-id=<<id>@mydomain.com>
Mar  1 08:00:31 mail postfix/qmgr[29134]: 6CF2260825: from=<>, size=5224, nrcpt=1 (queue active)
Mar  1 08:00:31 mail postfix/bounce[10264]: 79F7960823: sender non-delivery notification: 6CF2260825
Mar  1 08:00:31 mail postfix/qmgr[29134]: 79F7960823: removed

 

Redo the "Testing" section of your guide. Verify that the recipient has the corresponding entry.
If yes, set option "auth_debug_passwords=yes" and see if the password is correct (do you have some strange special characters?) Try with a very simple password.

 

I get this error right away: " send-mail: Authorization failed (535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6)"
As a side note, I learned that logging into mariadb, the username "[email protected]" vs "user@localhost" is different". I did a "SELECT host, user FROM mysql.user;", and noticed this. I also noticed I have several users in there, and was wondering how that could be, but I guess that's because the "host" field is different for each user.
Here is my dovecot-sql.conf.ext file:
driver = mysql
connect = host=localhost dbname=<server db name> user=<user> password=<password>
default_pass_scheme = SHA512-CRYPT
password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';
I ran the "query" command in mariadb, and it returned the right record.

 

So the credentials in your dovecot file for mysql are correct (127.0.0.1 instead of localhost?), and your mail user exists in the database ("SELECT * FROM mailserver.virtual_users;")? Your password is actually saved as "SHA512-CRYPT" (Hash begins with $6$)

1. Verify, your user is recognized with "doveadm user [email protected]"
2. Verify that you get the same password hash as database with "doveadm pw -s SHA512-CRYPT"

 

Yes and yes.
1. this worked fine.
2. It asks me for my "new password" twice. I did this several times, and it seems to always return a different hash value... is it suppose to do this?

 

Strange, I don't know why you get an "unknown user" error then

Yes, my fault. The hashes are salted.
You can verify your password in the database with "doveadm pw -t 'hash' "
(the ticks ( ' ) are important around the hash)

 

I put in upon the prompt "{SHA512-CRYPT}value.here", taken from the output in my maillog file from this line: mail dovecot: auth-worker(3914): Debug: sql(<email>,<ip>): SHA512-CRYPT() != '<value.here>'
But it just errors out, saying "Fatal: Missing {scheme} prefix from hash"

 

Should work like this for pw "test":

Code:

doveadm pw -p test -t '{SHA512-CRYPT}$6$IJR44psm9VBHRMkD$YaqRN4VYvl0opow4bhBGsuXpE4uH/whFvv0AMvTJnMSWjwntIiPGsuokaOYNgf9f7iuRUvDoRorHK3R6UFPlH1'

Prints hash and "(verified)"

Has created with:

Code:

doveadm pw -s SHA512-CRYPT -p test
{SHA512-CRYPT}$6$IJR44psm9VBHRMkD$YaqRN4VYvl0opow4bhBGsuXpE4uH/whFvv0AMvTJnMSWjwntIiPGsuokaOYNgf9f7iuRUvDoRorHK3R6UFPlH1

 

ok, so I took the value from maillog, and put in the password I am using in the file, and it says "verified".

 

Have you compared this to the value in the database? If that is correct, I don't know oO

 

Yes, it does match what I have.