SASL PLAIN authentication failed

Hi all,

I have trouble getting SMTP to work using SASL authentication.
I read all kinds of threads related to this problem but still can not solve it, it seems.

The Problem:

mail.log

[code:1]postfix/smtpd[24131]: connect from localhost[127.0.0.1]
postfix/smtpd[24131]: warning: SASL authentication failure: Password verification failed
postfix/smtpd[24131]: warning: localhost[127.0.0.1]: SASL PLAIN authentication failed
lost connection after AUTH from localhost[127.0.0.1]
disconnect from localhost[127.0.0.1][/code:1]

telnet

[code:1]telnet localhost 25
Trying ::1…
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
220 xxxxxxxxxxxx.net ESMTP Postfix
EHLO localhost
250-xxxxxxxxxxxx.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250 8BITMIME[/code:1]

My Configs:

smtpd.conf

[code:1]mech_list: PLAIN LOGIN[/code:1]

postconf -n

[code:1]command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = localhost.$mydomain, localhost, $mydomain, $myhostname
mydomain = XXXXXXXXXXX.net
mydomain_fallback = localhost
myhostname = XXXXXXXXXXX.net
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_pw_server_security_options = plain
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
[/code:1]

I am trying to get this to work now for the last 48 hours or so and don’t know anymore what to try and where to look.

Tony

EDIT: I should mention that I did read and follow the instructions here: http://www.virtualmin.com/faq/cat/virtualmin/68/#faq89<br><br>Post edited by: tony.p, at: 2007/08/14 16:43

Man says to his doctor, "Doctor, it hurts when I do this."

The kind old doctor replies, “Don’t do that!”

But, if you really do want to do that (the developer of Postfix recommends against it), you have to make the SASL socket file available within the chroot. It depends on your OS, as to where that file normally is…but you have to change the configuration in a few places to make it available within the chroot.

On Debian it’d be something like “/var/spool/postfix/var/run/saslauthd” (actually I think this is the default on Virtualmin systems, since Debian’s default Postfix runs in a chroot, and we try to stick to OS package policies as closely as possible, even if we think they’re maybe misguided). And this would be configured in /etc/default/saslauthd in the PARAMS variable.

Note that the location and directives used to configure this are different on [em]every[/em] distribution, and sometimes even different between versions of the same distro. saslauthd is a very poorly standardized piece of kit, and everybody sets it up a little bit differently (and many of its locations are compiled in and don’t exist in a default installation, so it’s not very discoverable either).

Hey Tony,

Looks like you’re on Ubuntu or Debian? We actually need to know specifically, even between those two systems, because SASL is different on every single platform [em]and[/em] version! It might be the postfix chroot problem, in either case. You have to jump through a couple of extra hoops to make SASL available within the chroot, which isn’t covered in that FAQ (I stopped updating the FAQ because the installer is supposed to set this up automatically on all supported platforms).

BTW-Was this system setup with the Pro install.sh? I seem to recall seeing several bits and pieces from you here that indicate maybe the virtualmin-base package failed to install or it’s postinstall script failed to run to completion, as it sounds like lots of stuff wasn’t configured out-of-the-box for you.

Hey Joe,

nope still running on OS X Server! Thought you would know…
sorry for that. And of course I did not use the auto install script or anything.

Cyrus-SASL was in my case already preinstalled by Apple, even though, I am missing saslauthd binary and service wich does not show up in my running process tree!? This is probably bad right? The only SASL directory I found was in /usr/lib/sasl2

Seems to include pretty much only all the libraries needed to run SASL2.

Tony

Hey Tony,

Ah! Right. I remember now. We have 600-ish paying customers and 4500 or so registered users here at Virtualmin.com (woohoo!), which means I’m having a hard time keeping up with who’s who. But now I recall that we have two Tony’s using oddball operating systems (a fellow named Anthony is our resident FreeBSD master, and I believe he also has run it on OS X, but I might be confusing him with you!). It’s hard to keep up with what everyone is doing.

saslauthd is definitely required. They might call it something else…but if no sasl binaries are running, things aren’t going to work. That’s probably the source of trouble, and where you ought to go next–figure out where it is, or how to get it installed.

Well I just installed cyrus-imapd & cyrus-sasl from darwinports/macports but could not find a way to put everything together. So that Webmin and Postfix wouldn’t use Cyrus and SASL that comes with the OSX installation.

Is there any way to let Webmin know what CYRUS & SASL install it should use?

Tony

I am having the same problem on a CentOS 5.2 (just installed).
I have changed the authentication to be: username@domain , I can retrieve emails but no delivery.

Upon delivery the messages as below:

sasl looks to be configured fine.

/usr/lib/sasl2/smtpd.conf

Any idea?

Not the same problem. But, a very easy solution to be found in the FAQ:

http://www.virtualmin.com/component/option,com_openwiki/Itemid,48/id,frequently_asked_questions/#what_s_the_deal_with_in_mailbox_usernames

Perfect,
Thank you Joe!
It worked just fine!

SASL LOGIN authentication failed
Hello…the last 3 days i have been trying to figure out why the clients cannot authenticate succesfull with no results. I have attach a log file with all the relevants.
I am using Postfix 2.5.6-1…
and Cyrus:2.1.22-19…

Please help…
Thanks in advance! [file name=SASL_LOGIN_authentication_failed.txt size=4966]http://www.virtualmin.com/components/com_fireboard/uploaded/files/SASL_LOGIN_authentication_failed.txt[/file]

[root@xxxx ~]# more /usr/lib/sasl2/smtpd.conf
pwcheck_method:auxprop
auxprop_plugin:sasldb
mech_list:PLAIN LOGIN

This is wrong. smtpd.conf should contain:

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

Many thanks for your quick reply. I have perform the change as you advice but unfortunetelly with no result. However, i get a new error in the lof file which is: Error: authentication failed: generic failure

I have attached the new log file.

Again thanks a lot for your help.
John [file name=authentication_failed_generic_failure.txt size=5140]http://www.virtualmin.com/components/com_fireboard/uploaded/files/authentication_failed_generic_failure.txt[/file]

You have to have saslauthd running.

My mistake…I have start it but again I get an error. See attached log file. [file name=log_file.txt size=19276]http://www.virtualmin.com/components/com_fireboard/uploaded/files/log_file.txt[/file]

One of the possible causes of this could be the parameters saslauthd is running with.

If the username has an @ in it, for example, you have to be running saslauthd with -r.

There’s some info on that here:

http://www.virtualmin.com/documentation/id,frequently_asked_questions/#what_s_the_deal_with_in_mailbox_usernames

I am still try to find what i do wrong. I was try everything and still no result. What is the correct command?

1. saslpasswd2 -c -u mydomain.com.xx -a smtpauth test
2. saslpasswd2 -c -u mydomain.com.xx -a smtpd test2

Anyhow, I test both and I get the same error from both. In addition, i add FLAG=r. See attached log file3 to see the steps that i perform.

Please help!!

Thanks in advance,
John [file name=LOG_FILE3.txt size=27817]http://www.virtualmin.com/components/com_fireboard/uploaded/files/LOG_FILE3.txt[/file]

Hmm, what’s listed in your attachment is “FLAGS=r”, whereas, I think you’ll need:

FLAGS=-r

If you type:

ps auxw | grep saslauthd

What output do you get?
-Eric

Hi…I add -r (FLAG =-r) and I restart saslauthd but unfortunetely i am still get the following error:

SASL PLAIN authentication failed: authentication failure
xxxx postfix/smtpd[29338]: > unknown[A.B.C.D]: 535 5.7.8 Error: authentication failed: authentication failure

I run the command "ps auxw | grep saslauthd" and the result are on the attach log file. Also you can find the last portion of the maillog.

I cannot understand what am doing wrong!!!
Thanks for your help.
John [file name=log_file4.txt size=6308]http://www.virtualmin.com/components/com_fireboard/uploaded/files/log_file4.txt[/file]

Interesting

I do just want to verify – is this user able to log in via other means – say, using IMAP/POP, or perhaps using the Usermin Webmail?

I’m just looking to check that the authentication info for this user is working as expected.
-Eric

Hello,

I believe the the user cannot log in via other means. I didn’t configure POP yet because I want first the SMTP to work authentication succesfully. Could you please tell me an alternative method that I can test that?

However, I believe that the users that I added with command ‘saslpasswd2’ cannot authenticate. Do you have any recomentations or any advice how to solve this problem?

Thanks a lot for your help!
John