warning: localhost.localdomain[127.0.0.1]: SASL LOGIN authentication failed: no mecha

Hello
this is a debian with courier and saslauthd
Ispconfig 3.0.5.3
I have just upgraded from debian 6 to debian 7
All services are working fine, but sasl authetication:

warning: localhost.localdomain[127.0.0.1]: SASL LOGIN authentication failed: no mechanism available

Tell me which files do u need
this is saslfinger -s

Code:

saslfinger - postfix Cyrus sasl configuration sab 17 ago 2013, 18.49.48, BST
version: 1.0.4
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.9.6
System: Debian GNU/Linux 7 \n \l

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007f8c63913000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes


-- listing of /usr/lib/sasl2 --
totale 48
drwxr-xr-x  2 root root  4096 ago 17 17:37 .
drwxr-xr-x 53 root root 36864 ago 17 17:19 ..
-rw-r--r--  1 root root     4 ago 17 17:37 berkeley_db.active
-rw-r--r--  1 root root     4 giu  9 11:16 berkeley_db.txt

-- listing of /etc/postfix/sasl --
totale 12
drwxr-xr-x 2 root root 4096 ago 17 18:05 .
drwxr-xr-x 3 root root 4096 ago 17 18:47 ..
-rw-r--r-- 1 root root  273 ago 17 18:05 smtpd.conf




-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: dbispconfig
sql_select: select password from mail_user where email = '%u'



-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: dbispconfig
sql_select: select password from mail_user where email = '%u'




-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       -       -       -       smtpd
submission inet n       -       -       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
        -o smtp_fallback_relay=
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}


amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

-- mechanisms on localhost --
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN


-- end of saslfinger output --

 

Have you updated/reinstalled ISPConfig with "Reconfigure services: YES" after your distribution update? Should always do this.

 

i have no idea how to running saslauthd in debugging mode
reading /etc/default/saslauthd I see that I should start it by hand
so I did and here is the out put:

Code:

saslauthd -d -a pam -c -m /var/spool/postfix/var/run/saslauthd -r
saslauthd[7632] :main            : num_procs  : 5
saslauthd[7632] :main            : mech_option: NULL
saslauthd[7632] :main            : run_path   : /var/spool/postfix/var/run/saslauthd
saslauthd[7632] :main            : auth_mech  : pam
saslauthd[7632] :cache_alloc_mm  : mmaped shared memory segment on file: /var/spool/postfix/var/run/saslauthd/cache.mmap
saslauthd[7632] :cache_init      : bucket size: 96 bytes
saslauthd[7632] :cache_init      : stats size : 36 bytes
saslauthd[7632] :cache_init      : timeout    : 28800 seconds
saslauthd[7632] :cache_init      : cache table: 985828 total bytes
saslauthd[7632] :cache_init      : cache table: 1711 slots
saslauthd[7632] :cache_init      : cache table: 10266 buckets
saslauthd[7632] :cache_init_lock : flock file opened at /var/spool/postfix/var/run/saslauthd/cache.flock
saslauthd[7632] :ipc_init        : using accept lock file: /var/spool/postfix/var/run/saslauthd/mux.accept
saslauthd[7632] :detach_tty      : master pid is: 0
saslauthd[7632] :ipc_init        : listening on socket: /var/spool/postfix/var/run/saslauthd/mux
saslauthd[7632] :main            : using process model
saslauthd[7632] :have_baby       : forked child: 7633
saslauthd[7633] :get_accept_lock : acquired accept lock
saslauthd[7632] :have_baby       : forked child: 7634
saslauthd[7632] :have_baby       : forked child: 7635
saslauthd[7632] :have_baby       : forked child: 7636

very very very strange, when user try to send email by roudncube (it uses smtp authenticated and worked fine until 1 hour ago before upgrading) I cannot see anything in foregroud
I mean, I still see

Code:

saslauthd[7632] :have_baby       : forked child: 7636

and nothing more
it is like postfix is not calling saslauthd at all

strange, isn't it?

 

using testsaslauthd I was able to chack sasl authentication against PAM and this part is ok:

Code:

testsaslauthd -u maumar -r xxxx.it -s smtp  -p xxxxx
0: OK "Success."

and in foregroud output:

Code:

saslauthd[12021] :do_auth         : auth success: [[email protected]] [service=smtp] [realm=xxxxxxxx.it] [mech=pam]
saslauthd[12021] :do_request      : response: OK

Now, the issue is that postfix is not comunicating with saslauthd over mux socket

I follow a guide
http://www.jimmy.co.at/weblog/?p=52

that suggest to do this:

Code:

rm -r /var/run/saslauthd/
mkdir -p /var/spool/postfix/var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run
chgrp sasl /var/spool/postfix/var/run/saslauthd
adduser postfix sasl

but still postfix is not calling saslauthd over mux

please help

 

yes, this the issue:

Code:

/tmp/ispconfig3_install # cat ./install/tpl/sasl_smtpd2.conf.master
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: sql
sql_engine: mysql

I fixed this using:
http://www.debian.org/releases/wheezy/amd64/release-notes/ch-information.en.html#cyrus-sasl

Code:

 Configuration of SQL engine backends for Cyrus SASL, as provided in the libsasl2-modules-sql package, has changed from database specific configuration (e.g. mysql) to the generic sql auxprop plugin.

Configuration files for applications using SASL have to be updated, for example:

auxprop_plugin: mysql

should be replaced by:

auxprop_plugin: sql
sql_engine: mysql

In addition, the SQL query (if used) needs to have %u replaced with %u@%r, because user and realm are now provided separately. 

I do not => "Reconfigure services: YES"
as my configuration is hand modified, but in this case i shouldn't avoid it
blame on me!

 

[SOLVED] warning: localhost.localdomain[127.0.0.1]: SASL LOGIN authentication failed

this thread can be marked as SOLVED

 

Just for your information:
Since 3.5.0.3 you can put your modified postfix commands and other configs into /usr/local/ispconfig/server/conf-custom/install/
Just copy the file(s) from the ispconfig installer tpl dir to this location and make your modifications there.
These files are used on update instead of the installer files.
I use this for smtp_sender_restrictions, dovecot quota warnings and a modified apps vhost.

 

Hello Mario

meny thnx for this hints, it can save me a lot of troubles.

 

I am having the same problem.
I have a new install and I am unable to send out email through ISPConfig.

I currently go through my email gateway "ScrolloutF1"

 

I will set it up this afternoon. Thanks for getting back to me.

 

Well I am not sure what happened but I think all is well. Sorry about that.