CentOS 5.5

I read many posts regarding postfix+sasl on the net but no clue.
The maillog messages are

Aug 5 07:00:56 host2 postfix/smtpd[10018]: warning: SASL authentication failure: Password verification failed
Aug 5 07:00:56 host2 postfix/smtpd[10018]: warning: localhost.localdomain[127.0.0.1]: SASL PLAIN authentication failed: authentication failure

telnet localhost 25

telnet localhost 25

Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 xxx.xxxxxxxxxxx.net ESMTP Postfix
ehlo me
250-xxx.xxxxxxxxxxx.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

/usr/lib/sasl2/smtpd.conf

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN


/etc/sysconfig/saslauthd

Directory in which to place saslauthd’s listening socket, pid file, and so

on. This directory must already exist.

SOCKETDIR=/var/run/saslauthd

Mechanism to use when checking passwords. Run “saslauthd -v” to get a list

of which mechanism your installation was compiled with the ablity to use.

MECH=pam

Additional flags to pass to saslauthd on the command line. See saslauthd(8)

for the list of accepted flags.

FLAGS=

any direction to debug the problem of sasl authentication failure ?

my username creation pattern is username.domain

This server is ran for a few years and guy who managed this server was quit and I could not got much information from other colleagues.

I installed centos 5.8 and virtualmin on a virtual machine, sasl ran properly out of the box without special configuration.

When I compared the configurations files from them. Here are what my findings.

1. the postfix version is different. The VM is 2.3.3, the production server is 2.6.7

2. the postconf -n more or less are the same accept two lines
   production server
   
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases

VM

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases

I just used a utility called saslfinger to list sasl configuration
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/

There is a different of master.cf between production and virtual machine box

production

saslfinger -s
saslfinger - postfix Cyrus sasl configuration Sun Aug 5 15:16:53 HKT 2012
version: 1.0.2
mode: server-side SMTP AUTH

– basics –
Postfix: 2.6.7-20100608
System: CentOS release 5.5 (Final)

– smtpd is linked to –
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x004be000)

– active SMTP AUTH and TLS parameters for smtpd –
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous

– listing of /usr/lib/sasl2 –
total 3256
drwxr-xr-x 2 root root 4096 Mar 16 2011 .
drwxr-xr-x 88 root root 45056 Jan 17 2011 …
-rwxr-xr-x 1 root root 884 Mar 17 2010 libanonymous.la
-rwxr-xr-x 1 root root 14372 Mar 17 2010 libanonymous.so
-rwxr-xr-x 1 root root 14372 Mar 17 2010 libanonymous.so.2
-rwxr-xr-x 1 root root 14372 Mar 17 2010 libanonymous.so.2.0.22
-rwxr-xr-x 1 root root 870 Mar 17 2010 libcrammd5.la
-rwxr-xr-x 1 root root 16832 Mar 17 2010 libcrammd5.so
-rwxr-xr-x 1 root root 16832 Mar 17 2010 libcrammd5.so.2
-rwxr-xr-x 1 root root 16832 Mar 17 2010 libcrammd5.so.2.0.22
-rwxr-xr-x 1 root root 893 Mar 17 2010 libdigestmd5.la
-rwxr-xr-x 1 root root 47172 Mar 17 2010 libdigestmd5.so
-rwxr-xr-x 1 root root 47172 Mar 17 2010 libdigestmd5.so.2
-rwxr-xr-x 1 root root 47172 Mar 17 2010 libdigestmd5.so.2.0.22
-rwxr-xr-x 1 root root 933 Mar 17 2010 libgssapiv2.la
-rwxr-xr-x 1 root root 26496 Mar 17 2010 libgssapiv2.so
-rwxr-xr-x 1 root root 26496 Mar 17 2010 libgssapiv2.so.2
-rwxr-xr-x 1 root root 26496 Mar 17 2010 libgssapiv2.so.2.0.22
-rwxr-xr-x 1 root root 856 Mar 17 2010 liblogin.la
-rwxr-xr-x 1 root root 14752 Mar 17 2010 liblogin.so
-rwxr-xr-x 1 root root 14752 Mar 17 2010 liblogin.so.2
-rwxr-xr-x 1 root root 14752 Mar 17 2010 liblogin.so.2.0.22
-rwxr-xr-x 1 root root 856 Mar 17 2010 libplain.la
-rwxr-xr-x 1 root root 14848 Mar 17 2010 libplain.so
-rwxr-xr-x 1 root root 14848 Mar 17 2010 libplain.so.2
-rwxr-xr-x 1 root root 14848 Mar 17 2010 libplain.so.2.0.22
-rwxr-xr-x 1 root root 930 Mar 17 2010 libsasldb.la
-rwxr-xr-x 1 root root 905200 Mar 17 2010 libsasldb.so
-rwxr-xr-x 1 root root 905200 Mar 17 2010 libsasldb.so.2
-rwxr-xr-x 1 root root 905200 Mar 17 2010 libsasldb.so.2.0.22
-rw-r–r-- 1 root root 25 Mar 31 2010 Sendmail.conf
-rw-r–r-- 1 root root 49 Jan 14 2011 smtpd.conf

– listing of /etc/sasl2 –
total 24
drwxr-xr-x 2 root root 4096 Mar 17 2010 .
drwxr-xr-x 107 root root 12288 Aug 5 14:06 …

– content of /usr/lib/sasl2/smtpd.conf –
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

– active services in /etc/postfix/master.cf –

service type private unpriv chroot wakeup maxproc command + args

(yes) (yes) (yes) (never) (100)

smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache

– mechanisms on localhost –
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN

– end of saslfinger output –

virtual machine box

saslfinger -s
saslfinger - postfix Cyrus sasl configuration Sun Aug 5 15:17:22 HKT 2012
version: 1.0.2
mode: server-side SMTP AUTH

– basics –
Postfix: 2.3.3
System: CentOS release 5.8 (Final)

– smtpd is linked to –
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00c71000)

– active SMTP AUTH and TLS parameters for smtpd –
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous

– listing of /usr/lib/sasl –
total 52
drwxr-xr-x 2 root root 4096 Aug 5 11:04 .
drwxr-xr-x 84 root root 45056 Aug 5 11:04 …

– listing of /usr/lib/sasl2 –
total 3260
drwxr-xr-x 2 root root 4096 Aug 5 11:04 .
drwxr-xr-x 84 root root 45056 Aug 5 11:04 …
-rwxr-xr-x 1 root root 884 Mar 17 2010 libanonymous.la
-rwxr-xr-x 1 root root 14372 Mar 17 2010 libanonymous.so
-rwxr-xr-x 1 root root 14372 Mar 17 2010 libanonymous.so.2
-rwxr-xr-x 1 root root 14372 Mar 17 2010 libanonymous.so.2.0.22
-rwxr-xr-x 1 root root 870 Mar 17 2010 libcrammd5.la
-rwxr-xr-x 1 root root 16832 Mar 17 2010 libcrammd5.so
-rwxr-xr-x 1 root root 16832 Mar 17 2010 libcrammd5.so.2
-rwxr-xr-x 1 root root 16832 Mar 17 2010 libcrammd5.so.2.0.22
-rwxr-xr-x 1 root root 893 Mar 17 2010 libdigestmd5.la
-rwxr-xr-x 1 root root 47172 Mar 17 2010 libdigestmd5.so
-rwxr-xr-x 1 root root 47172 Mar 17 2010 libdigestmd5.so.2
-rwxr-xr-x 1 root root 47172 Mar 17 2010 libdigestmd5.so.2.0.22
-rwxr-xr-x 1 root root 933 Mar 17 2010 libgssapiv2.la
-rwxr-xr-x 1 root root 26496 Mar 17 2010 libgssapiv2.so
-rwxr-xr-x 1 root root 26496 Mar 17 2010 libgssapiv2.so.2
-rwxr-xr-x 1 root root 26496 Mar 17 2010 libgssapiv2.so.2.0.22
-rwxr-xr-x 1 root root 856 Mar 17 2010 liblogin.la
-rwxr-xr-x 1 root root 14752 Mar 17 2010 liblogin.so
-rwxr-xr-x 1 root root 14752 Mar 17 2010 liblogin.so.2
-rwxr-xr-x 1 root root 14752 Mar 17 2010 liblogin.so.2.0.22
-rwxr-xr-x 1 root root 856 Mar 17 2010 libplain.la
-rwxr-xr-x 1 root root 14848 Mar 17 2010 libplain.so
-rwxr-xr-x 1 root root 14848 Mar 17 2010 libplain.so.2
-rwxr-xr-x 1 root root 14848 Mar 17 2010 libplain.so.2.0.22
-rwxr-xr-x 1 root root 930 Mar 17 2010 libsasldb.la
-rwxr-xr-x 1 root root 905200 Mar 17 2010 libsasldb.so
-rwxr-xr-x 1 root root 905200 Mar 17 2010 libsasldb.so.2
-rwxr-xr-x 1 root root 905200 Mar 17 2010 libsasldb.so.2.0.22
-rw-r–r-- 1 root root 25 Aug 12 2011 Sendmail.conf
-rw-r–r-- 1 root root 49 Aug 4 15:32 smtpd.conf
-rw-r–r-- 1 root root 49 Aug 4 14:37 smtpd.conf.rpmnew

– listing of /etc/sasl2 –
total 24
drwxr-xr-x 2 root root 4096 Mar 17 2010 .
drwxr-xr-x 98 root root 12288 Aug 5 15:10 …

– content of /usr/lib/sasl2/smtpd.conf –
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

– active services in /etc/postfix/master.cf –

service type private unpriv chroot wakeup maxproc command + args

(yes) (yes) (yes) (never) (100)

smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes
submission inet n - n - - smtpd
smtps inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

– mechanisms on localhost –
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN

– end of saslfinger output –

As we can see there are options are comment out in master.cf in virtual machine box