SASL PLAIN authentication failed: authentication failure

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

SASL PLAIN authentication failed: authentication failure

Shams Fantar-4
Hi,

I know, there are a lot of posts about, but I don't manage to fix the
problem. Well, I have two domains, mail.domain.info and
mail.domain2.info. The problem comes from the authentication via pop.

The first domain (mail.domain.info) works, the authentication works
fine. But for the second domain (mail.domain2.info), it's not ok.

From mail.log : http://sfantar.linux62.org/postfix-problems/log-mail-log
The main.cf of postfix : http://sfantar.linux62.org/postfix-problems/main.cf
The sasl/smtpd.conf : http://sfantar.linux62.org/postfix-problems/smtpd.conf

I'm running debian etch.

Thank you for you help !

Regards,
--
Shams Fantar (Website : http://snurf.info)
My public GPG Key : http://snurf.info/sfantar.gpg
« A book is like a garden carried in the pocket. »
Reply | Threaded
Open this post in threaded view
|

Re: SASL PLAIN authentication failed: authentication failure

Patrick Ben Koetter
* Shams Fantar <[hidden email]>:

> Hi,
>
> I know, there are a lot of posts about, but I don't manage to fix the
> problem. Well, I have two domains, mail.domain.info and
> mail.domain2.info. The problem comes from the authentication via pop.
>
> The first domain (mail.domain.info) works, the authentication works
> fine. But for the second domain (mail.domain2.info), it's not ok.
>
> From mail.log : http://sfantar.linux62.org/postfix-problems/log-mail-log

You need to show verbose log. Set smtpd to log verbose in master.cf.

> The main.cf of postfix : http://sfantar.linux62.org/postfix-problems/main.cf

Why do you have this:

mydomain = mail.domain2.info
myhostname = mail.domain2.info


It should be:

mydomain = domain2.info
myhostname = mail.domain2.info


> The sasl/smtpd.conf : http://sfantar.linux62.org/postfix-problems/smtpd.conf

What do you get, if you run saslpasswd2?

Please post output from
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/ to this list (not
to a website). Run "saslfinger -s".

p@rick



--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply | Threaded
Open this post in threaded view
|

Re: SASL PLAIN authentication failed: authentication failure

Shams Fantar-4
Patrick Ben Koetter wrote:

> You need to show verbose log. Set smtpd to log verbose in master.cf.

I added :

"smtps     inet  n       -       -       -       -       smtpd -v" in my
master.cf file[1].

[1] : http://sfantar.linux62.org/postfix-problems/master.cf

>> The main.cf of postfix : http://sfantar.linux62.org/postfix-problems/main.cf
>
> Why do you have this:
>
> mydomain = mail.domain2.info
> myhostname = mail.domain2.info
>
>
> It should be:
>
> mydomain = domain2.info
> myhostname = mail.domain2.info

It's corrected.

>> The sasl/smtpd.conf : http://sfantar.linux62.org/postfix-problems/smtpd.conf
>
> What do you get, if you run saslpasswd2?

The help of the command. But with sasldblistusers2 :

[hidden email]: userPassword
[hidden email]: userPassword


>
> Please post output from
> http://postfix.state-of-mind.de/patrick.koetter/saslfinger/ to this list (not
> to a website). Run "saslfinger -s".

http://sfantar.linux62.org/postfix-problems/output

>
> p@rick
>

Regards,

--
Shams Fantar (Website : http://snurf.info)
My public GPG Key : http://snurf.info/sfantar.gpg
« A book is like a garden carried in the pocket. »
Reply | Threaded
Open this post in threaded view
|

Re: SASL PLAIN authentication failed: authentication failure

Shams Fantar-4
Shams Fantar wrote:

> Patrick Ben Koetter wrote:
>
>> You need to show verbose log. Set smtpd to log verbose in master.cf.
>
> I added :
>
> "smtps     inet  n       -       -       -       -       smtpd -v" in my
> master.cf file[1].
>
> [1] : http://sfantar.linux62.org/postfix-problems/master.cf
>
>>> The main.cf of postfix : http://sfantar.linux62.org/postfix-problems/main.cf
>> Why do you have this:
>>
>> mydomain = mail.domain2.info
>> myhostname = mail.domain2.info
>>
>>
>> It should be:
>>
>> mydomain = domain2.info
>> myhostname = mail.domain2.info
>
> It's corrected.
>
>>> The sasl/smtpd.conf : http://sfantar.linux62.org/postfix-problems/smtpd.conf
>> What do you get, if you run saslpasswd2?
>
> The help of the command. But with sasldblistusers2 :
>
> [hidden email]: userPassword
> [hidden email]: userPassword
>
>
>> Please post output from
>> http://postfix.state-of-mind.de/patrick.koetter/saslfinger/ to this list (not
>> to a website). Run "saslfinger -s".
>
> http://sfantar.linux62.org/postfix-problems/output
>
>> p@rick
>>
>
> Regards,
>

Now, if I send a mail from sfantar AT nerim. net to [hidden email] :

"Relay access denied (in reply to RCPT TO command)"

But from [hidden email] to sfantar AT nerim. net, it's ok !




--
Shams Fantar (Website : http://snurf.info)
My public GPG Key : http://snurf.info/sfantar.gpg
« A book is like a garden carried in the pocket. »
Reply | Threaded
Open this post in threaded view
|

Re: SASL PLAIN authentication failed: authentication failure

Patrick Ben Koetter
In reply to this post by Shams Fantar-4
* Shams Fantar <[hidden email]>:
> Patrick Ben Koetter wrote:
>
> > You need to show verbose log. Set smtpd to log verbose in master.cf.
>
> I added :
>
> "smtps     inet  n       -       -       -       -       smtpd -v" in my
> master.cf file[1].

Wrong service. Make this line verbose and drop the '-o' options line. You
don't need it:

-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       -       -       -       smtpd
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject


Then test again and send the output from the verbose log to the list.


> [1] : http://sfantar.linux62.org/postfix-problems/master.cf
>
> >> The main.cf of postfix : http://sfantar.linux62.org/postfix-problems/main.cf
> >
> > Why do you have this:
> >
> > mydomain = mail.domain2.info
> > myhostname = mail.domain2.info
> >
> >
> > It should be:
> >
> > mydomain = domain2.info
> > myhostname = mail.domain2.info
>
> It's corrected.
>
> >> The sasl/smtpd.conf : http://sfantar.linux62.org/postfix-problems/smtpd.conf
> >
> > What do you get, if you run saslpasswd2?
>
> The help of the command. But with sasldblistusers2 :

Sorry, my fault.

>
> [hidden email]: userPassword
> [hidden email]: userPassword


How do you send the authentication string? Do you send the username only or
also the domainpart. It must (!) be with the domainpart.


> > Please post output from
> > http://postfix.state-of-mind.de/patrick.koetter/saslfinger/ to this list (not
> > to a website). Run "saslfinger -s".
>
> http://sfantar.linux62.org/postfix-problems/output

Try only this:

-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: plain login cram-md5 digest-md5 ntlm



And please send your debug output to the list and don't put it on a website.
It's a pain to go back and forth and people on this list are used to seeing
such information.

p@rick


--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply | Threaded
Open this post in threaded view
|

Re: SASL PLAIN authentication failed: authentication failure

Shams Fantar-4
Patrick Ben Koetter wrote:

> * Shams Fantar <[hidden email]>:
>> Patrick Ben Koetter wrote:
>>
>>> You need to show verbose log. Set smtpd to log verbose in master.cf.
>> I added :
>>
>> "smtps     inet  n       -       -       -       -       smtpd -v" in my
>> master.cf file[1].
>
> Wrong service. Make this line verbose and drop the '-o' options line. You
> don't need it:
>
> -- active services in /etc/postfix/master.cf --
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> smtp      inet  n       -       -       -       -       smtpd
>  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>
>
> Then test again and send the output from the verbose log to the list.

Sorry, but I don't undersand what you mean with which line... :-(

>
>> [1] : http://sfantar.linux62.org/postfix-problems/master.cf
>>
>>>> The main.cf of postfix : http://sfantar.linux62.org/postfix-problems/main.cf
>>> Why do you have this:
>>>
>>> mydomain = mail.domain2.info
>>> myhostname = mail.domain2.info
>>>
>>>
>>> It should be:
>>>
>>> mydomain = domain2.info
>>> myhostname = mail.domain2.info
>> It's corrected.
>>
>>>> The sasl/smtpd.conf : http://sfantar.linux62.org/postfix-problems/smtpd.conf
>>> What do you get, if you run saslpasswd2?
>> The help of the command. But with sasldblistusers2 :
>
> Sorry, my fault.
>
>> [hidden email]: userPassword
>> [hidden email]: userPassword
>
>
> How do you send the authentication string? Do you send the username only or
> also the domainpart. It must (!) be with the domainpart.

With the domainpart.

>
>>> Please post output from
>>> http://postfix.state-of-mind.de/patrick.koetter/saslfinger/ to this list (not
>>> to a website). Run "saslfinger -s".
>> http://sfantar.linux62.org/postfix-problems/output
>
> Try only this:
>
> -- content of /etc/postfix/sasl/smtpd.conf --
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> mech_list: plain login cram-md5 digest-md5 ntlm
>

Jun  8 11:50:42 kaduma-hosting postfix/smtpd[17722]: warning: SASL
authentication failure: no secret in database
Jun  8 11:50:42 kaduma-hosting postfix/smtpd[17722]: warning: *****
[*****]: SASL CRAM-MD5 authentication failed: authentication failure
Jun  8 11:50:42 kaduma-hosting postfix/smtpd[17722]: warning: SASL
authentication failure: no secret in database
Jun  8 11:50:42 kaduma-hosting postfix/smtpd[17722]: warning: ***
[*****]: SASL NTLM authentication failed: authentication failure
Jun  8 11:50:42 kaduma-hosting postfix/smtpd[17722]: warning: SASL
authentication failure: Password verification failed
Jun  8 11:50:42 kaduma-hosting postfix/smtpd[17722]: warning:
*****[*****]: SASL PLAIN authentication failed: authentication failure
Jun  8 11:50:43 kaduma-hosting postfix/smtpd[17722]: warning:
*****[*****]: SASL LOGIN authentication failed: authentication failure


>
> And please send your debug output to the list and don't put it on a website.
> It's a pain to go back and forth and people on this list are used to seeing
> such information.
>

Ok.

> p@rick
>
>


--
Shams Fantar (Website : http://snurf.info)
My public GPG Key : http://snurf.info/sfantar.gpg
« A book is like a garden carried in the pocket. »
Reply | Threaded
Open this post in threaded view
|

Re: SASL PLAIN authentication failed: authentication failure

Patrick Ben Koetter
* Shams Fantar <[hidden email]>:

> Patrick Ben Koetter wrote:
> > * Shams Fantar <[hidden email]>:
> >> Patrick Ben Koetter wrote:
> >>
> >>> You need to show verbose log. Set smtpd to log verbose in master.cf.
> >> I added :
> >>
> >> "smtps     inet  n       -       -       -       -       smtpd -v" in my
> >> master.cf file[1].
> >
> > Wrong service. Make this line verbose and drop the '-o' options line. You
> > don't need it:
> >
> > -- active services in /etc/postfix/master.cf --
> > # service type  private unpriv  chroot  wakeup  maxproc command + args
> > #               (yes)   (yes)   (yes)   (never) (100)
> > smtp      inet  n       -       -       -       -       smtpd
> >  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> >
> >
> > Then test again and send the output from the verbose log to the list.
>
> Sorry, but I don't undersand what you mean with which line... :-(


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)

Before edit:
smtp      inet  n       -       -       -       -       smtpd
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject

After edit:
smtp      inet  n       -       n       -       -       smtpd -v

That makes 3 changes:

1. do not run smtpd chrooted (change chroot entry and add 'n')
2. add "-v" at end of line to run Postfix' smtpd-daemon verbose
3. remove line with options. They are already defined in main.cf


> > How do you send the authentication string? Do you send the username only or
> > also the domainpart. It must (!) be with the domainpart.
>
> With the domainpart.

Good.

> >>> Please post output from
> >>> http://postfix.state-of-mind.de/patrick.koetter/saslfinger/ to this list (not
> >>> to a website). Run "saslfinger -s".
> >> http://sfantar.linux62.org/postfix-problems/output
> >
> > Try only this:
> >
> > -- content of /etc/postfix/sasl/smtpd.conf --
> > pwcheck_method: auxprop
> > auxprop_plugin: sasldb
> > mech_list: plain login cram-md5 digest-md5 ntlm
> >
>
> Jun  8 11:50:42 kaduma-hosting postfix/smtpd[17722]: warning: SASL
> authentication failure: no secret in database
> Jun  8 11:50:42 kaduma-hosting postfix/smtpd[17722]: warning: *****
> [*****]: SASL CRAM-MD5 authentication failed: authentication failure
> Jun  8 11:50:42 kaduma-hosting postfix/smtpd[17722]: warning: SASL
> authentication failure: no secret in database
> Jun  8 11:50:42 kaduma-hosting postfix/smtpd[17722]: warning: ***
> [*****]: SASL NTLM authentication failed: authentication failure
> Jun  8 11:50:42 kaduma-hosting postfix/smtpd[17722]: warning: SASL
> authentication failure: Password verification failed
> Jun  8 11:50:42 kaduma-hosting postfix/smtpd[17722]: warning:
> *****[*****]: SASL PLAIN authentication failed: authentication failure
> Jun  8 11:50:43 kaduma-hosting postfix/smtpd[17722]: warning:
> *****[*****]: SASL LOGIN authentication failed: authentication failure

You run smtpd daemon chrooted and it can't find your sasldb database. I have
listed fix above in the master.cf advise.

p@rick

--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply | Threaded
Open this post in threaded view
|

Re: SASL PLAIN authentication failed: authentication failure

Shams Fantar-4

> -- active services in /etc/postfix/master.cf --
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
>
> Before edit:
> smtp      inet  n       -       -       -       -       smtpd
>  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>
> After edit:
> smtp      inet  n       -       n       -       -       smtpd -v
>
> That makes 3 changes:
>
> 1. do not run smtpd chrooted (change chroot entry and add 'n')
> 2. add "-v" at end of line to run Postfix' smtpd-daemon verbose
> 3. remove line with options. They are already defined in main.cf

Okay, so :

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n              -       -       smtpd -v
#submission inet n       -       -       -       -       smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# smtps     inet  n       -       -       -       -       smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628      inet  n       -       -       -       -       qmqpd


> You run smtpd daemon chrooted and it can't find your sasldb database. I have
> listed fix above in the master.cf advise.

Still the same error. :/ See the attached file.

>
> p@rick
>


--
Shams Fantar (Website : http://snurf.info)
My public GPG Key : http://snurf.info/sfantar.gpg
« A book is like a garden carried in the pocket. »

Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: connection established
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: master_notify: status 0
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: name_mask: resource
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: name_mask: software
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_create: SASL service=smtp, realm=mail.domain2.info
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: name_mask: noanonymous
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: connect from ********[************]
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_list_match: **********: no match
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_list_match: *************: no match
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_list_match: ************* : no match
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_list_match: *************: no match
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_hostname: *************** ~? 127.0.0.0/8
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_hostaddr: *************** ~? 127.0.0.0/8
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_list_match: *************: no match
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_list_match: ************: no match
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: send attr request = connect
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: send attr ident = smtp:************
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: private/anvil: wanted attribute: status
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: input attribute name: status
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: input attribute value: 0
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: private/anvil: wanted attribute: count
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: input attribute name: count
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: input attribute value: 1
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: private/anvil: wanted attribute: rate
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: input attribute name: rate
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: input attribute value: 1
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: private/anvil: wanted attribute: (list terminator)
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: input attribute name: (end)
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > ***********[*************]: 220 mail.domain2.info ESMTP Postfix
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: < **************[*************]: EHLO [192.168.1.12]
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > ****************[*************]: 250-mail.domain2.info
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > [*************]: 250-PIPELINING
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > [*************]: 250-SIZE 10240000
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > [*****]: 250-ETRN
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > [*]: 250-AUTH PLAIN NTLM LOGIN DIGEST-MD5 CRAM-MD5
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_list_match: **********: no match
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_list_match: *************: no match
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > [***********]: 250-AUTH=PLAIN NTLM LOGIN DIGEST-MD5 CRAM-MD5
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > [*****]: 250-ENHANCEDSTATUSCODES
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > [***********]: 250-8BITMIME
Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > [*************]: 250 DSN
Jun  8 12:08:21 kaduma-hosting postfix/smtpd[20032]: < [***********]: AUTH CRAM-MD5
Jun  8 12:08:21 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_first: sasl_method CRAM-MD5
Jun  8 12:08:21 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_auth_response: uncoded server challenge:
<[hidden email]>
Jun  8 12:08:21 kaduma-hosting postfix/smtpd[20032]: > ****************[*************]: 334
PDE4NTAxOTc2Ny40OTYwMjIxQG1haWwuY2l2aWwtZS1zZWN0aW9uLm9yZz4=
Jun  8 12:08:21 kaduma-hosting postfix/smtpd[20032]: < **************[*****]:
YWRtaW5AY2l2aWwtZS1zZWN0aW9uLm9yZyA1MTZlMDQ4OWJkNzhhYmE4ODI2YjQ2ZTJjOTc5OGNlOA==
Jun  8 12:08:21 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_next: decoded response: admin@[hidden email]
516e0489bd78aba8826b46e2c9798ce8
Jun  8 12:08:21 kaduma-hosting postfix/smtpd[20032]: warning: SASL authentication failure: no secret in database
Jun  8 12:08:21 kaduma-hosting postfix/smtpd[20032]: warning: ********[*******]: SASL CRAM-MD5 authentication failed: authentication
failure
Jun  8 12:08:21 kaduma-hosting postfix/smtpd[20032]: > **************[*************]: 535 5.7.0 Error: authentication failed: authentication failure
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: < ***************[*********]: AUTH NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_first: sasl_method NTLM, init_response
TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_first: decoded initial response NTLMSSP
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_auth_response: uncoded server challenge: NTLMSSP
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: > ***************[************]: 334
TlRMTVNTUAACAAAAMAAwADAAAAAFggIA85Ycxtp1mSEAAAAAAAAAAAAAAAAAAAAATQBBAkATAAuAEMASQBWAEkATAAtAEUALQBTAEUAQwBUAEkATwBOAC4ATwBSAEcA
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: < ****************[******]:
TlRMTVNTUAADAAAAGAAYAHwAAAAYABgAlAAAAAAAAABAAAAAMgAyAEAAAAAKAAoAcgAAAAAAAAAAAAAABYIAAGEAZABtAGkAbgBAAGMAaQB2AGkAbAAtAGUALQBzAGUAYwB0AGkAbwBuAC4AbwByAGcAYwByAGEAbgBlAMzgQYfl1bfcRyjmUkqcYy64mlXxYc/rdczgQYfl1bfcRyjmUkqcYy64mlXxYc/rdQ==
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_next: decoded response: NTLMSSP
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: warning: SASL authentication failure: no secret in database
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: warning: *******[*****]: SASL NTLM authentication failed: authentication failure
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: > **************[*********]: 535 5.7.0 Error: authentication failed: authentication failure
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: < *************[******]: AUTH PLAIN AGFkbWluQGNpdmlsLWUtc2VjdGlvbi5vcmcAbXJqbXJyc3M=
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_first: sasl_method PLAIN, init_response
AGFkbWluQGNpdmlsLWUtc2VjdGlvbi5vcmcAbXJqbXJyc3M=
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_first: decoded initial response
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: warning: SASL authentication failure: Password verification failed
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: warning: **********[**********]: SASL PLAIN authentication failed: authentication
failure
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: > ***************[*******]: 535 5.7.0 Error: authentication failed: authentication failure
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: < ***************[**************]: AUTH LOGIN
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_first: sasl_method LOGIN
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_auth_response: uncoded server challenge: Username:
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: > ***********[**********]: 334 VXNlcm5hbWU6
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: < ********[*****************]: YWRtaW5AY2l2aWwtZS1zZWN0aW9uLm9yZw==
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_next: decoded response: [hidden email].
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_auth_response: uncoded server challenge: Password:
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: > ***********[**************]: 334 UGFzc3dvcmQ6
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: < ********************[****]: bXJqbXJyc3M=
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_next: decoded response: ********
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: warning: **********[*********]: SASL LOGIN authentication failed: authentication
failure
Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: > *************[*********]: 535 5.7.0 Error: authentication failed: authentication failure

Reply | Threaded
Open this post in threaded view
|

Re: SASL PLAIN authentication failed: authentication failure

Patrick Ben Koetter
* Shams Fantar <[hidden email]>:
> # ==========================================================================
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> # ==========================================================================
> smtp      inet  n       -       n              -       -       smtpd -v

yes. correct.


> > You run smtpd daemon chrooted and it can't find your sasldb database. I have
> > listed fix above in the master.cf advise.
>
> Still the same error. :/ See the attached file.

Please show the permissions for /etc/sasldb2.

$ ls -la /etc/sasldb2

On Debian, the user postfix must be in the sasl group. Is the user postfix in
the group sasl?

$ id postfix


AND ... change the password for admin@[hidden email]. You changed the
hostname and many other things in the log, but not the password sent by
admin@[hidden email]. It's not in clear, but base64 encoded after the
LOGIN section.

p@rick



>
> >
> > p@rick
> >
>
>
> --
> Shams Fantar (Website : http://snurf.info)
> My public GPG Key : http://snurf.info/sfantar.gpg
> « A book is like a garden carried in the pocket. »

> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: connection established
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: master_notify: status 0
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: name_mask: resource
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: name_mask: software
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_create: SASL service=smtp, realm=mail.domain2.info
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: name_mask: noanonymous
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: connect from ********[************]
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_list_match: **********: no match
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_list_match: *************: no match
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_list_match: ************* : no match
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_list_match: *************: no match
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_hostname: *************** ~? 127.0.0.0/8
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_hostaddr: *************** ~? 127.0.0.0/8
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_list_match: *************: no match
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_list_match: ************: no match
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: send attr request = connect
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: send attr ident = smtp:************
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: private/anvil: wanted attribute: status
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: input attribute name: status
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: input attribute value: 0
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: private/anvil: wanted attribute: count
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: input attribute name: count
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: input attribute value: 1
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: private/anvil: wanted attribute: rate
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: input attribute name: rate
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: input attribute value: 1
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: private/anvil: wanted attribute: (list terminator)
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: input attribute name: (end)
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > ***********[*************]: 220 mail.domain2.info ESMTP Postfix
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: < **************[*************]: EHLO [192.168.1.12]
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > ****************[*************]: 250-mail.domain2.info
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > [*************]: 250-PIPELINING
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > [*************]: 250-SIZE 10240000
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > [*****]: 250-ETRN
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > [*]: 250-AUTH PLAIN NTLM LOGIN DIGEST-MD5 CRAM-MD5
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_list_match: **********: no match
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: match_list_match: *************: no match
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > [***********]: 250-AUTH=PLAIN NTLM LOGIN DIGEST-MD5 CRAM-MD5
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > [*****]: 250-ENHANCEDSTATUSCODES
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > [***********]: 250-8BITMIME
> Jun  8 12:07:38 kaduma-hosting postfix/smtpd[20032]: > [*************]: 250 DSN
> Jun  8 12:08:21 kaduma-hosting postfix/smtpd[20032]: < [***********]: AUTH CRAM-MD5
> Jun  8 12:08:21 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_first: sasl_method CRAM-MD5
> Jun  8 12:08:21 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_auth_response: uncoded server challenge:
> <[hidden email]>
> Jun  8 12:08:21 kaduma-hosting postfix/smtpd[20032]: > ****************[*************]: 334
> PDE4NTAxOTc2Ny40OTYwMjIxQG1haWwuY2l2aWwtZS1zZWN0aW9uLm9yZz4=
> Jun  8 12:08:21 kaduma-hosting postfix/smtpd[20032]: < **************[*****]:
> YWRtaW5AY2l2aWwtZS1zZWN0aW9uLm9yZyA1MTZlMDQ4OWJkNzhhYmE4ODI2YjQ2ZTJjOTc5OGNlOA==
> Jun  8 12:08:21 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_next: decoded response: admin@[hidden email]
> 516e0489bd78aba8826b46e2c9798ce8
> Jun  8 12:08:21 kaduma-hosting postfix/smtpd[20032]: warning: SASL authentication failure: no secret in database
> Jun  8 12:08:21 kaduma-hosting postfix/smtpd[20032]: warning: ********[*******]: SASL CRAM-MD5 authentication failed: authentication
> failure
> Jun  8 12:08:21 kaduma-hosting postfix/smtpd[20032]: > **************[*************]: 535 5.7.0 Error: authentication failed: authentication failure
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: < ***************[*********]: AUTH NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_first: sasl_method NTLM, init_response
> TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_first: decoded initial response NTLMSSP
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_auth_response: uncoded server challenge: NTLMSSP
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: > ***************[************]: 334
> TlRMTVNTUAACAAAAMAAwADAAAAAFggIA85Ycxtp1mSEAAAAAAAAAAAAAAAAAAAAATQBBAkATAAuAEMASQBWAEkATAAtAEUALQBTAEUAQwBUAEkATwBOAC4ATwBSAEcA
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: < ****************[******]:
> TlRMTVNTUAADAAAAGAAYAHwAAAAYABgAlAAAAAAAAABAAAAAMgAyAEAAAAAKAAoAcgAAAAAAAAAAAAAABYIAAGEAZABtAGkAbgBAAGMAaQB2AGkAbAAtAGUALQBzAGUAYwB0AGkAbwBuAC4AbwByAGcAYwByAGEAbgBlAMzgQYfl1bfcRyjmUkqcYy64mlXxYc/rdczgQYfl1bfcRyjmUkqcYy64mlXxYc/rdQ==
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_next: decoded response: NTLMSSP
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: warning: SASL authentication failure: no secret in database
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: warning: *******[*****]: SASL NTLM authentication failed: authentication failure
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: > **************[*********]: 535 5.7.0 Error: authentication failed: authentication failure
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: < *************[******]: AUTH PLAIN AGFkbWluQGNpdmlsLWUtc2VjdGlvbi5vcmcAbXJqbXJyc3M=
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_first: sasl_method PLAIN, init_response
> AGFkbWluQGNpdmlsLWUtc2VjdGlvbi5vcmcAbXJqbXJyc3M=
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_first: decoded initial response
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: warning: SASL authentication failure: Password verification failed
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: warning: **********[**********]: SASL PLAIN authentication failed: authentication
> failure
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: > ***************[*******]: 535 5.7.0 Error: authentication failed: authentication failure
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: < ***************[**************]: AUTH LOGIN
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_first: sasl_method LOGIN
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_auth_response: uncoded server challenge: Username:
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: > ***********[**********]: 334 VXNlcm5hbWU6
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: < ********[*****************]: YWRtaW5AY2l2aWwtZS1zZWN0aW9uLm9yZw==
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_next: decoded response: [hidden email].
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_auth_response: uncoded server challenge: Password:
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: > ***********[**************]: 334 UGFzc3dvcmQ6
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: < ********************[****]: bXJqbXJyc3M=
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: xsasl_cyrus_server_next: decoded response: ********
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: warning: **********[*********]: SASL LOGIN authentication failed: authentication
> failure
> Jun  8 12:08:22 kaduma-hosting postfix/smtpd[20032]: > *************[*********]: 535 5.7.0 Error: authentication failed: authentication failure
>


--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply | Threaded
Open this post in threaded view
|

Re: SASL PLAIN authentication failed: authentication failure

Shams Fantar-4
Patrick Ben Koetter wrote:

>
> Please show the permissions for /etc/sasldb2.
>
> $ ls -la /etc/sasldb2
>
> On Debian, the user postfix must be in the sasl group. Is the user postfix in
> the group sasl?
>
> $ id postfix
>
>
> AND ... change the password for admin@[hidden email]. You changed the
> hostname and many other things in the log, but not the password sent by
> admin@[hidden email]. It's not in clear, but base64 encoded after the
> LOGIN section.

Problem fixed. It was just a problem with the permissions for
/etc/sasldb2 ; it was just necessary to chmod 644 /etc/sasldb2

> p@rick
>

Thank and see you,

--
Shams Fantar (Website : http://snurf.info)
My public GPG Key : http://snurf.info/sfantar.gpg
« A book is like a garden carried in the pocket. »
Reply | Threaded
Open this post in threaded view
|

Re: SASL PLAIN authentication failed: authentication failure

Jorey Bump
Shams Fantar wrote, at 06/08/2008 07:03 AM:

> Patrick Ben Koetter wrote:
>
>> Please show the permissions for /etc/sasldb2.
>>
>> $ ls -la /etc/sasldb2
>>
>> On Debian, the user postfix must be in the sasl group. Is the user postfix in
>> the group sasl?
>>
>> $ id postfix
>>
>> AND ... change the password for admin@[hidden email]. You changed the
>> hostname and many other things in the log, but not the password sent by
>> admin@[hidden email]. It's not in clear, but base64 encoded after the
>> LOGIN section.
>
> Problem fixed. It was just a problem with the permissions for
> /etc/sasldb2 ; it was just necessary to chmod 644 /etc/sasldb2

It's inappropriate to make a file that contains passwords
world-readable. This file should only be readable by the owner or group
that needs to access it. If you're not sure what this means, provide the
information Patrick requested.