I have trouble getting SMTP to work using SASL authentication.
I read all kinds of threads related to this problem but still can not solve it, it seems.
The Problem:
mail.log
[code:1]postfix/smtpd[24131]: connect from localhost[127.0.0.1]
postfix/smtpd[24131]: warning: SASL authentication failure: Password verification failed
postfix/smtpd[24131]: warning: localhost[127.0.0.1]: SASL PLAIN authentication failed
lost connection after AUTH from localhost[127.0.0.1]
disconnect from localhost[127.0.0.1][/code:1]
telnet
[code:1]telnet localhost 25
Trying ::1…
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
220 xxxxxxxxxxxx.net ESMTP Postfix
EHLO localhost 250-xxxxxxxxxxxx.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250 8BITMIME[/code:1]
Man says to his doctor, "Doctor, it hurts when I do this."
The kind old doctor replies, “Don’t do that!”
But, if you really do want to do that (the developer of Postfix recommends against it), you have to make the SASL socket file available within the chroot. It depends on your OS, as to where that file normally is…but you have to change the configuration in a few places to make it available within the chroot.
On Debian it’d be something like “/var/spool/postfix/var/run/saslauthd” (actually I think this is the default on Virtualmin systems, since Debian’s default Postfix runs in a chroot, and we try to stick to OS package policies as closely as possible, even if we think they’re maybe misguided). And this would be configured in /etc/default/saslauthd in the PARAMS variable.
Note that the location and directives used to configure this are different on [em]every[/em] distribution, and sometimes even different between versions of the same distro. saslauthd is a very poorly standardized piece of kit, and everybody sets it up a little bit differently (and many of its locations are compiled in and don’t exist in a default installation, so it’s not very discoverable either).
Looks like you’re on Ubuntu or Debian? We actually need to know specifically, even between those two systems, because SASL is different on every single platform [em]and[/em] version! It might be the postfix chroot problem, in either case. You have to jump through a couple of extra hoops to make SASL available within the chroot, which isn’t covered in that FAQ (I stopped updating the FAQ because the installer is supposed to set this up automatically on all supported platforms).
BTW-Was this system setup with the Pro install.sh? I seem to recall seeing several bits and pieces from you here that indicate maybe the virtualmin-base package failed to install or it’s postinstall script failed to run to completion, as it sounds like lots of stuff wasn’t configured out-of-the-box for you.
nope still running on OS X Server! Thought you would know…
sorry for that. And of course I did not use the auto install script or anything.
Cyrus-SASL was in my case already preinstalled by Apple, even though, I am missing saslauthd binary and service wich does not show up in my running process tree!? This is probably bad right? The only SASL directory I found was in /usr/lib/sasl2
Seems to include pretty much only all the libraries needed to run SASL2.
Ah! Right. I remember now. We have 600-ish paying customers and 4500 or so registered users here at Virtualmin.com (woohoo!), which means I’m having a hard time keeping up with who’s who. But now I recall that we have two Tony’s using oddball operating systems (a fellow named Anthony is our resident FreeBSD master, and I believe he also has run it on OS X, but I might be confusing him with you!). It’s hard to keep up with what everyone is doing.
saslauthd is definitely required. They might call it something else…but if no sasl binaries are running, things aren’t going to work. That’s probably the source of trouble, and where you ought to go next–figure out where it is, or how to get it installed.
Well I just installed cyrus-imapd & cyrus-sasl from darwinports/macports but could not find a way to put everything together. So that Webmin and Postfix wouldn’t use Cyrus and SASL that comes with the OSX installation.
Is there any way to let Webmin know what CYRUS & SASL install it should use?
I am having the same problem on a CentOS 5.2 (just installed).
I have changed the authentication to be: username@domain , I can retrieve emails but no delivery.
Upon delivery the messages as below:
Mar 8 01:45:55 I057 postfix/smtpd[20964]: connect from **************
Mar 8 01:45:57 I057 postfix/smtpd[20964]: warning: **************: SASL LOGIN authentication failed: authentication failure
Mar 8 01:45:57 I057 postfix/smtpd[20964]: lost connection after AUTH from **************
Mar 8 01:45:57 I057 postfix/smtpd[20964]: disconnect from **************
I am having the same problem on a CentOS 5.2 (just installed).
I have changed the authentication to be: username@domain , I can retrieve emails but no delivery.
Not the same problem. But, a very easy solution to be found in the FAQ:
SASL LOGIN authentication failed
Hello…the last 3 days i have been trying to figure out why the clients cannot authenticate succesfull with no results. I have attach a log file with all the relevants.
I am using Postfix 2.5.6-1…
and Cyrus:2.1.22-19…
Many thanks for your quick reply. I have perform the change as you advice but unfortunetelly with no result. However, i get a new error in the lof file which is: Error: authentication failed: generic failure
I believe the the user cannot log in via other means. I didn’t configure POP yet because I want first the SMTP to work authentication succesfully. Could you please tell me an alternative method that I can test that?
However, I believe that the users that I added with command ‘saslpasswd2’ cannot authenticate. Do you have any recomentations or any advice how to solve this problem?