SASL authentication failed; cannot authenticate to server

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

SASL authentication failed; cannot authenticate to server

Matt Rude-3
Hello, Im trying to implement SASL in SMTP so I can relay all my
outbound mail via my ISP's system

I am running Postfix 2.5.2 (compiled from source) on a Fedora 8 system.

I compiled postfix like this:

make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -I/usr/local/include/sasl \
-DUSE_SASL_AUTH -DUSE_CYRUS_SASL  -DDEF_SERVER_SASL_TYPE=\"dovecot\" -DUSE_TLS' \
'AUXLIBS=-L/usr/lib/mysql -L/usr/local/lib -lmysqlclient -lz -lm -lssl -lcrypto -lsasl2'

My log shows:
Jun 25 20:18:10 postfix/smtp[6741]: A6CD28F666D:
to=<[hidden email]>, relay=smtp.comcast.net[76.96.30.117]:587,
delay=0.68, delays=0.06/0.03/0.59/0, dsn=4.7.0, stat
us=deferred (SASL authentication failed; cannot authenticate to server
smtp.comcast.net[76.96.30.117]: no mechanism available)

postconf -n:
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = scan:127.0.0.1:10025
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 9
debug_peer_list = smtp.comcast.net
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
local_recipient_maps = $alias_maps
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = mattrude.com
myhostname = samantha.mattrude.com
mynetworks = 192.168.0.0/16, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.5.2/README_FILES
receive_override_options = no_address_mappings
relay_domains = mysql:/etc/postfix/mysql_relay_domains_maps.cf
relayhost = [smtp.comcast.net]:587
sample_directory = /usr/share/doc/postfix-2.5.2/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
show_user_unknown_table_name = no
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_sasl_tls_security_options =
smtp_tls_note_starttls_offer = yes
smtpd_hard_error_limit = ${stress?1}${stress:20}
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks  
permit_sasl_authenticated    reject_unauth_destination  
reject_invalid_helo_hostname   reject_unknown_sender_domain  
reject_non_fqdn_recipient   reject_non_fqdn_sender
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_type = dovecot
smtpd_timeout = ${stress?10}${stress:300}
smtpd_tls_cert_file = /etc/postfix/smtpd.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 5
smtpd_tls_security_level = none
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:1000
virtual_mailbox_base = /var/spool/virtualmailboxes
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 1000
virtual_uid_maps = static:1000


saslfinger -c

saslfinger - postfix Cyrus sasl configuration Wed Jun 25 20:16:18 CDT 2008
version: 1.0.2
mode: client-side SMTP AUTH

-- basics --
Postfix: 2.5.2
System: Fedora release 8 (Werewolf)

-- smtp is linked to --
    libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x078a6000)

-- active SMTP AUTH and TLS parameters for smtp --
relayhost = [smtp.comcast.net]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_sasl_tls_security_options =
smtp_tls_note_starttls_offer = yes


-- listing of /usr/lib/sasl --
total 76
drwxr-xr-x   2 root root  4096 2008-06-25 01:10 .
drwxr-xr-x 104 root root 57344 2008-06-25 19:29 ..
-rw-r--r--   1 root root    71 2008-06-25 01:10 smtpd.conf

-- listing of /usr/lib/sasl2 --
total 168
drwxr-xr-x   2 root root  4096 2008-06-25 19:29 .
drwxr-xr-x 104 root root 57344 2008-06-25 19:29 ..
-rwxr-xr-x   1 root root   849 2007-11-07 14:44 libntlm.la
-rwxr-xr-x   1 root root 31672 2007-11-07 14:44 libntlm.so
-rwxr-xr-x   1 root root 31672 2007-11-07 14:44 libntlm.so.2
-rwxr-xr-x   1 root root 31672 2007-11-07 14:44 libntlm.so.2.0.22

-- listing of /usr/local/lib/sasl2 --
total 1928
drwxr-xr-x 2 root root   4096 2008-06-24 23:41 .
drwxr-xr-x 5 root root   4096 2008-06-24 23:40 ..
-rwxr-xr-x 1 root root    695 2008-06-24 23:40 libanonymous.la
-rwxr-xr-x 1 root root  54946 2008-06-24 23:40 libanonymous.so
-rwxr-xr-x 1 root root  54946 2008-06-24 23:40 libanonymous.so.2
-rwxr-xr-x 1 root root  54946 2008-06-24 23:40 libanonymous.so.2.0.22
-rwxr-xr-x 1 root root    683 2008-06-24 23:40 libcrammd5.la
-rwxr-xr-x 1 root root  61028 2008-06-24 23:40 libcrammd5.so
-rwxr-xr-x 1 root root  61028 2008-06-24 23:40 libcrammd5.so.2
-rwxr-xr-x 1 root root  61028 2008-06-24 23:40 libcrammd5.so.2.0.22
-rwxr-xr-x 1 root root    713 2008-06-24 23:40 libdigestmd5.la
-rwxr-xr-x 1 root root 125702 2008-06-24 23:40 libdigestmd5.so
-rwxr-xr-x 1 root root 125702 2008-06-24 23:40 libdigestmd5.so.2
-rwxr-xr-x 1 root root 125702 2008-06-24 23:40 libdigestmd5.so.2.0.22
-rwxr-xr-x 1 root root    763 2008-06-24 23:40 libgssapiv2.la
-rwxr-xr-x 1 root root  79257 2008-06-24 23:40 libgssapiv2.so
-rwxr-xr-x 1 root root  79257 2008-06-24 23:40 libgssapiv2.so.2
-rwxr-xr-x 1 root root  79257 2008-06-24 23:40 libgssapiv2.so.2.0.22
-rwxr-xr-x 1 root root    668 2008-06-24 23:40 libotp.la
-rwxr-xr-x 1 root root 120658 2008-06-24 23:40 libotp.so
-rwxr-xr-x 1 root root 120658 2008-06-24 23:40 libotp.so.2
-rwxr-xr-x 1 root root 120658 2008-06-24 23:40 libotp.so.2.0.22
-rwxr-xr-x 1 root root    679 2008-06-24 23:40 libplain.la
-rwxr-xr-x 1 root root  56128 2008-06-24 23:40 libplain.so
-rwxr-xr-x 1 root root  56128 2008-06-24 23:40 libplain.so.2
-rwxr-xr-x 1 root root  56128 2008-06-24 23:40 libplain.so.2.0.22
-rwxr-xr-x 1 root root    700 2008-06-24 23:40 libsasldb.la
-rwxr-xr-x 1 root root 103244 2008-06-24 23:40 libsasldb.so
-rwxr-xr-x 1 root root 103244 2008-06-24 23:40 libsasldb.so.2
-rwxr-xr-x 1 root root 103244 2008-06-24 23:40 libsasldb.so.2.0.22
drwxr-xr-x 2 root root   4096 2008-06-25 19:29 sasl2

-- listing of /etc/sasl2 --
total 24
drwxr-xr-x   2 root root  4096 2007-11-07 14:44 .
drwxr-xr-x 120 root root 12288 2008-06-25 19:29 ..


-- permissions for /etc/postfix/sasl_passwd --
-rw-r--r-- 1 root root 34 2008-05-24 02:51 /etc/postfix/sasl_passwd

-- permissions for /etc/postfix/sasl_passwd.db --
-rw-r--r-- 1 root root 12288 2008-05-24 02:51 /etc/postfix/sasl_passwd.db

/etc/postfix/sasl_passwd.db is up to date.

-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       n       -       -       smtpd
    -o smtp_tls_security_level=encrypt
        -o content_filter=spamassassin


submission inet n       -       n       -       -       smtpd
        -o smtpd_tls_security_level=encrypt
        -o smtpd_sasl_auth_enable=yes
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject

2525      inet  n    -    n    -    -    smtpd
        -o content_filter=spamassassin

52525     inet  n    -    n    -    -    smtpd
        -o content_filter=spamassassin

scan      unix  -       -       n       -       16      smtp
        -o smtp_send_xforward_command=yes
    -o smtp_sasl_auth_enable=no


vacation  unix    -    n    n    -    -    pipe
    flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f
${sender} ${recipient}

127.0.0.1:10026 inet  n -       n       -       16      smtpd
        -o content_filter=
        -o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks_style=host
        -o smtpd_authorized_xforward_hosts=127.0.0.0/8

pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
    -o fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache      unix    -    -    n    -    1    scache

spamassassin  unix -     n       n       -       -       pipe
      flags=Rq user=nobody argv=/usr/bin/spamc -u ${recipient} -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}

policy     unix  -       n       n       -       -       spawn
        user=nobody argv=/usr/local/bin/policyd-spf

retry     unix  -       -       n       -       -       error
proxywrite unix -       -       n       -       1       proxymap

-- mechanisms on smtp.comcast.net --
  <--- this has never finished --->

And here's the log entrys




signature.asc (267 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SASL authentication failed; cannot authenticate to server

Gerry Massat
Matt Rude wrote:

> Hello, Im trying to implement SASL in SMTP so I can relay all my
> outbound mail via my ISP's system
>
> I am running Postfix 2.5.2 (compiled from source) on a Fedora 8 system.
>
> I compiled postfix like this:
>
> make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql
> -I/usr/local/include/sasl \
> -DUSE_SASL_AUTH -DUSE_CYRUS_SASL  -DDEF_SERVER_SASL_TYPE=\"dovecot\"
> -DUSE_TLS' \
> 'AUXLIBS=-L/usr/lib/mysql -L/usr/local/lib -lmysqlclient -lz -lm -lssl
> -lcrypto -lsasl2'
>
> My log shows:
> Jun 25 20:18:10 postfix/smtp[6741]: A6CD28F666D:
> to=<[hidden email]>, relay=smtp.comcast.net[76.96.30.117]:587,
> delay=0.68, delays=0.06/0.03/0.59/0, dsn=4.7.0, stat
> us=deferred (SASL authentication failed; cannot authenticate to server
> smtp.comcast.net[76.96.30.117]: no mechanism available)
>
> postconf -n:

--8><-- snip

> relayhost = [smtp.comcast.net]:587
do you have the following in /etc/postfix/sasl_passwd
[smtp.comcast.net]:587  userid:password
?  sasl_password has to have the same value as your relayhost, including
the brackets.  I had the exact same problem with the same with the same isp!

> saslfinger -c
>
> saslfinger - postfix Cyrus sasl configuration Wed Jun 25 20:16:18 CDT
> 2008
> version: 1.0.2
> mode: client-side SMTP AUTH
>
> -- basics --
> Postfix: 2.5.2
> System: Fedora release 8 (Werewolf)
>
> -- smtp is linked to --
>    libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x078a6000)
>
> -- active SMTP AUTH and TLS parameters for smtp --
> relayhost = [smtp.comcast.net]:587
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_sasl_security_options =
> smtp_sasl_tls_security_options =
> smtp_tls_note_starttls_offer = yes
>
>
> -- listing of /usr/lib/sasl --
> total 76
> drwxr-xr-x   2 root root  4096 2008-06-25 01:10 .
> drwxr-xr-x 104 root root 57344 2008-06-25 19:29 ..
> -rw-r--r--   1 root root    71 2008-06-25 01:10 smtpd.conf
>
> -- listing of /usr/lib/sasl2 --
> total 168
> drwxr-xr-x   2 root root  4096 2008-06-25 19:29 .
> drwxr-xr-x 104 root root 57344 2008-06-25 19:29 ..
> -rwxr-xr-x   1 root root   849 2007-11-07 14:44 libntlm.la
> -rwxr-xr-x   1 root root 31672 2007-11-07 14:44 libntlm.so
> -rwxr-xr-x   1 root root 31672 2007-11-07 14:44 libntlm.so.2
> -rwxr-xr-x   1 root root 31672 2007-11-07 14:44 libntlm.so.2.0.22
>
> -- listing of /usr/local/lib/sasl2 --
> total 1928
> drwxr-xr-x 2 root root   4096 2008-06-24 23:41 .
> drwxr-xr-x 5 root root   4096 2008-06-24 23:40 ..
> -rwxr-xr-x 1 root root    695 2008-06-24 23:40 libanonymous.la
> -rwxr-xr-x 1 root root  54946 2008-06-24 23:40 libanonymous.so
> -rwxr-xr-x 1 root root  54946 2008-06-24 23:40 libanonymous.so.2
> -rwxr-xr-x 1 root root  54946 2008-06-24 23:40 libanonymous.so.2.0.22
> -rwxr-xr-x 1 root root    683 2008-06-24 23:40 libcrammd5.la
> -rwxr-xr-x 1 root root  61028 2008-06-24 23:40 libcrammd5.so
> -rwxr-xr-x 1 root root  61028 2008-06-24 23:40 libcrammd5.so.2
> -rwxr-xr-x 1 root root  61028 2008-06-24 23:40 libcrammd5.so.2.0.22
> -rwxr-xr-x 1 root root    713 2008-06-24 23:40 libdigestmd5.la
> -rwxr-xr-x 1 root root 125702 2008-06-24 23:40 libdigestmd5.so
> -rwxr-xr-x 1 root root 125702 2008-06-24 23:40 libdigestmd5.so.2
> -rwxr-xr-x 1 root root 125702 2008-06-24 23:40 libdigestmd5.so.2.0.22
> -rwxr-xr-x 1 root root    763 2008-06-24 23:40 libgssapiv2.la
> -rwxr-xr-x 1 root root  79257 2008-06-24 23:40 libgssapiv2.so
> -rwxr-xr-x 1 root root  79257 2008-06-24 23:40 libgssapiv2.so.2
> -rwxr-xr-x 1 root root  79257 2008-06-24 23:40 libgssapiv2.so.2.0.22
> -rwxr-xr-x 1 root root    668 2008-06-24 23:40 libotp.la
> -rwxr-xr-x 1 root root 120658 2008-06-24 23:40 libotp.so
> -rwxr-xr-x 1 root root 120658 2008-06-24 23:40 libotp.so.2
> -rwxr-xr-x 1 root root 120658 2008-06-24 23:40 libotp.so.2.0.22
> -rwxr-xr-x 1 root root    679 2008-06-24 23:40 libplain.la
> -rwxr-xr-x 1 root root  56128 2008-06-24 23:40 libplain.so
> -rwxr-xr-x 1 root root  56128 2008-06-24 23:40 libplain.so.2
> -rwxr-xr-x 1 root root  56128 2008-06-24 23:40 libplain.so.2.0.22
> -rwxr-xr-x 1 root root    700 2008-06-24 23:40 libsasldb.la
> -rwxr-xr-x 1 root root 103244 2008-06-24 23:40 libsasldb.so
> -rwxr-xr-x 1 root root 103244 2008-06-24 23:40 libsasldb.so.2
> -rwxr-xr-x 1 root root 103244 2008-06-24 23:40 libsasldb.so.2.0.22
> drwxr-xr-x 2 root root   4096 2008-06-25 19:29 sasl2
>
> -- listing of /etc/sasl2 --
> total 24
> drwxr-xr-x   2 root root  4096 2007-11-07 14:44 .
> drwxr-xr-x 120 root root 12288 2008-06-25 19:29 ..
>
>
> -- permissions for /etc/postfix/sasl_passwd --
> -rw-r--r-- 1 root root 34 2008-05-24 02:51 /etc/postfix/sasl_passwd
>
> -- permissions for /etc/postfix/sasl_passwd.db --
> -rw-r--r-- 1 root root 12288 2008-05-24 02:51 /etc/postfix/sasl_passwd.db
>
> /etc/postfix/sasl_passwd.db is up to date.
>
> -- active services in /etc/postfix/master.cf --
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> smtp      inet  n       -       n       -       -       smtpd
>    -o smtp_tls_security_level=encrypt
>        -o content_filter=spamassassin
>
>
> submission inet n       -       n       -       -       smtpd
>        -o smtpd_tls_security_level=encrypt
>        -o smtpd_sasl_auth_enable=yes
>        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>
> 2525      inet  n    -    n    -    -    smtpd
>        -o content_filter=spamassassin
>
> 52525     inet  n    -    n    -    -    smtpd
>        -o content_filter=spamassassin
>
> scan      unix  -       -       n       -       16      smtp
>        -o smtp_send_xforward_command=yes
>    -o smtp_sasl_auth_enable=no
>
>
> vacation  unix    -    n    n    -    -    pipe
>    flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f
> ${sender} ${recipient}
>
> 127.0.0.1:10026 inet  n -       n       -       16      smtpd
>        -o content_filter=
>        -o
> receive_override_options=no_unknown_recipient_checks,no_header_body_checks
>
>        -o smtpd_helo_restrictions=
>        -o smtpd_client_restrictions=
>        -o smtpd_sender_restrictions=
>        -o smtpd_recipient_restrictions=permit_mynetworks,reject
>        -o mynetworks_style=host
>        -o smtpd_authorized_xforward_hosts=127.0.0.0/8
>
> pickup    fifo  n       -       n       60      1       pickup
> cleanup   unix  n       -       n       -       0       cleanup
> qmgr      fifo  n       -       n       300     1       qmgr
> tlsmgr    unix  -       -       n       1000?   1       tlsmgr
> rewrite   unix  -       -       n       -       -       trivial-rewrite
> bounce    unix  -       -       n       -       0       bounce
> defer     unix  -       -       n       -       0       bounce
> trace     unix  -       -       n       -       0       bounce
> verify    unix  -       -       n       -       1       verify
> flush     unix  n       -       n       1000?   0       flush
> proxymap  unix  -       -       n       -       -       proxymap
> smtp      unix  -       -       n       -       -       smtp
> relay     unix  -       -       n       -       -       smtp
>    -o fallback_relay=
> showq     unix  n       -       n       -       -       showq
> error     unix  -       -       n       -       -       error
> discard   unix  -       -       n       -       -       discard
> local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       n       -       -       lmtp
> anvil     unix  -       -       n       -       1       anvil
> scache      unix    -    -    n    -    1    scache
>
> spamassassin  unix -     n       n       -       -       pipe
>      flags=Rq user=nobody argv=/usr/bin/spamc -u ${recipient} -e
> /usr/sbin/sendmail -oi -f ${sender} ${recipient}
>
> policy     unix  -       n       n       -       -       spawn
>        user=nobody argv=/usr/local/bin/policyd-spf
>
> retry     unix  -       -       n       -       -       error
> proxywrite unix -       -       n       -       1       proxymap
>
> -- mechanisms on smtp.comcast.net --
>  <--- this has never finished --->

bug in saslfinger- it does not check port 587, and comcast does not
answer on port 25

Gerry

Reply | Threaded
Open this post in threaded view
|

Re: SASL authentication failed; cannot authenticate to server

Matt Rude-3
Gerry Massat wrote:

> Matt Rude wrote:
>> Hello, Im trying to implement SASL in SMTP so I can relay all my
>> outbound mail via my ISP's system
>>
>> I am running Postfix 2.5.2 (compiled from source) on a Fedora 8 system.
>>
>> I compiled postfix like this:
>>
>> make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql
>> -I/usr/local/include/sasl \
>> -DUSE_SASL_AUTH -DUSE_CYRUS_SASL  -DDEF_SERVER_SASL_TYPE=\"dovecot\"
>> -DUSE_TLS' \
>> 'AUXLIBS=-L/usr/lib/mysql -L/usr/local/lib -lmysqlclient -lz -lm
>> -lssl -lcrypto -lsasl2'
>>
>> My log shows:
>> Jun 25 20:18:10 postfix/smtp[6741]: A6CD28F666D:
>> to=<[hidden email]>,
>> relay=smtp.comcast.net[76.96.30.117]:587, delay=0.68,
>> delays=0.06/0.03/0.59/0, dsn=4.7.0, stat
>> us=deferred (SASL authentication failed; cannot authenticate to
>> server smtp.comcast.net[76.96.30.117]: no mechanism available)
>>
>> postconf -n:
>
> --8><-- snip
>
>> relayhost = [smtp.comcast.net]:587
> do you have the following in /etc/postfix/sasl_passwd
> [smtp.comcast.net]:587  userid:password
> ?  sasl_password has to have the same value as your relayhost, including
> the brackets.  I had the exact same problem with the same with the
> same isp!
>
yes and the hash database has been built


Just as a side note, I can authenticate with my SMTPD daemon via my 587
port (from thunderbird) to send the message to my postfix server  but I
am unable to relay it from my postfix server

Thanks
-matt


signature.asc (267 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SASL authentication failed; cannot authenticate to server

Matt Rude-3
In reply to this post by Matt Rude-3
Matt Rude wrote:

> Hello, Im trying to implement SASL in SMTP so I can relay all my
> outbound mail via my ISP's system
>
> I am running Postfix 2.5.2 (compiled from source) on a Fedora 8 system.
>
> I compiled postfix like this:
>
> make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql
> -I/usr/local/include/sasl \
> -DUSE_SASL_AUTH -DUSE_CYRUS_SASL  -DDEF_SERVER_SASL_TYPE=\"dovecot\"
> -DUSE_TLS' \
> 'AUXLIBS=-L/usr/lib/mysql -L/usr/local/lib -lmysqlclient -lz -lm -lssl
> -lcrypto -lsasl2'
>
> My log shows:
And more log output

Jun 25 22:17:46 samantha postfix/smtp[12139]: vstream_buf_get_ready: fd
15 got 70
Jun 25 22:17:46 samantha postfix/smtp[12139]: <
smtp.comcast.net[76.96.30.117]:587: 220
OMTA07.emeryville.ca.mail.comcast.net comcast ESMTP server ready
Jun 25 22:17:46 samantha postfix/smtp[12139]: >
smtp.comcast.net[76.96.30.117]:587: EHLO samantha.mattrude.com
Jun 25 22:17:46 samantha postfix/smtp[12139]: vstream_fflush_some: fd 15
flush 28
Jun 25 22:17:47 samantha postfix/smtp[12139]: vstream_buf_get_ready: fd
15 got 205
Jun 25 22:17:47 samantha postfix/smtp[12139]: <
smtp.comcast.net[76.96.30.117]:587:
250-OMTA07.emeryville.ca.mail.comcast.net hello [66.41.76.92], pleased
to meet you
Jun 25 22:17:47 samantha postfix/smtp[12139]: <
smtp.comcast.net[76.96.30.117]:587: 250-HELP
Jun 25 22:17:47 samantha postfix/smtp[12139]: <
smtp.comcast.net[76.96.30.117]:587: 250-AUTH LOGIN PLAIN CRAM-MD5
Jun 25 22:17:47 samantha postfix/smtp[12139]: <
smtp.comcast.net[76.96.30.117]:587: 250-SIZE 15728640
Jun 25 22:17:47 samantha postfix/smtp[12139]: <
smtp.comcast.net[76.96.30.117]:587: 250-ENHANCEDSTATUSCODES
Jun 25 22:17:47 samantha postfix/smtp[12139]: <
smtp.comcast.net[76.96.30.117]:587: 250-8BITMIME
Jun 25 22:17:47 samantha postfix/smtp[12139]: <
smtp.comcast.net[76.96.30.117]:587: 250-STARTTLS
Jun 25 22:17:47 samantha postfix/smtp[12139]: <
smtp.comcast.net[76.96.30.117]:587: 250 OK
Jun 25 22:17:47 samantha postfix/smtp[12139]: server features: 0x103b
size 15728640
Jun 25 22:17:47 samantha postfix/smtp[12139]: Host offered STARTTLS:
[smtp.comcast.net]
Jun 25 22:17:47 samantha postfix/smtp[12139]: maps_find:
smtp_sasl_passwd: smtp.comcast.net: not found
Jun 25 22:17:47 samantha postfix/smtp[12139]: maps_find:
smtp_sasl_passwd: hash:/etc/postfix/sasl_passwd(0,lock|fold_fix):
[smtp.comcast.net]:587 = <myusername>:<mypassword>
Jun 25 22:17:47 samantha postfix/smtp[12139]: smtp_sasl_passwd_lookup:
host `smtp.comcast.net' user `<-myusername->' pass `<-mypassword->'
Jun 25 22:17:47 samantha postfix/smtp[12139]: starting new SASL client
Jun 25 22:17:47 samantha postfix/smtp[12139]: smtp_sasl_authenticate:
smtp.comcast.net[76.96.30.117]:587: SASL mechanisms LOGIN PLAIN CRAM-MD5
Jun 25 22:17:47 samantha postfix/smtp[12139]: warning: SASL
authentication failure: No worthy mechs found
Jun 25 22:17:47 samantha postfix/smtp[12139]: connect to subsystem
private/defer
Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr nrequest = 0
Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr flags = 0
Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr queue_id =
930BE8F666E
Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr
original_recipient = [hidden email]
Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr recipient =
[hidden email]
Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr offset = 630
Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr dsn_orig_rcpt =
rfc822;[hidden email]
Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr notify_flags = 0
Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr status = 4.7.0
Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr diag_type = x-sasl
Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr diag_text = no
mechanism available
Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr mta_type =
Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr mta_mname =
Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr action = delayed
Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr reason = SASL
authentication failed; cannot authenticate to server
smtp.comcast.net[76.96.30.117]: no mechanism available
Jun 25 22:17:47 samantha postfix/smtp[12139]: vstream_fflush_some: fd 16
flush 405
Jun 25 22:17:47 samantha postfix/smtp[12139]: vstream_buf_get_ready: fd
16 got 10
Jun 25 22:17:47 samantha postfix/smtp[12139]: private/defer socket:
wanted attribute: status
Jun 25 22:17:47 samantha postfix/smtp[12139]: input attribute name: status
Jun 25 22:17:47 samantha postfix/smtp[12139]: input attribute value: 0
Jun 25 22:17:47 samantha postfix/smtp[12139]: private/defer socket:
wanted attribute: (list terminator)
Jun 25 22:17:47 samantha postfix/smtp[12139]: input attribute name: (end)
Jun 25 22:17:47 samantha postfix/smtp[12139]: 930BE8F666E:
to=<[hidden email]>, relay=smtp.comcast.net[76.96.30.117]:587,
delay=0.52, delays=0.06/0.03/0.44/0, dsn=4.7.0, status=deferred (SASL
authentication failed; cannot authenticate to server
smtp.comcast.net[76.96.30.117]: no mechanism available)
Jun 25 22:17:47 samantha postfix/smtp[12139]: flush_add: site
ncl-link.com id 930BE8F666E
Jun 25 22:17:47 samantha postfix/smtp[12139]: match_hostname:
ncl-link.com ~?
mysql:/etc/postfix/mysql_relay_domains_maps.cf(0,lock|fold_fix)
Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql_get_active:
attempting to connect to host localhost
Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql: successful
connection to host localhost
Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql: successful
query from host localhost
Jun 25 22:17:47 samantha postfix/smtp[12139]: event_request_timer: set
0x80692f6 0x8d798d8 60
Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql_lookup:
retrieved 0 rows
Jun 25 22:17:47 samantha postfix/smtp[12139]: match_hostname: lookup
mysql:/etc/postfix/mysql_relay_domains_maps.cf ncl-link.com: notfound
Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql_get_active:
found active connection to host localhost
Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql: successful
query from host localhost
Jun 25 22:17:47 samantha postfix/smtp[12139]: event_request_timer: reset
0x80692f6 0x8d798d8 60
Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql_lookup:
retrieved 0 rows
Jun 25 22:17:47 samantha postfix/smtp[12139]: match_hostname: lookup
mysql:/etc/postfix/mysql_relay_domains_maps.cf com: notfound
Jun 25 22:17:47 samantha postfix/smtp[12139]: match_list_match:
ncl-link.com: no match
Jun 25 22:17:47 samantha postfix/smtp[12139]: flush_add: site
ncl-link.com id 930BE8F666E status 4
Jun 25 22:17:47 samantha postfix/smtp[12139]: >
smtp.comcast.net[76.96.30.117]:587: QUIT
Jun 25 22:17:47 samantha postfix/smtp[12139]: name_mask: resource
Jun 25 22:17:47 samantha postfix/smtp[12139]: name_mask: software
Jun 25 22:17:47 samantha postfix/smtp[12139]: vstream_fflush_some: fd 15
flush 6
Jun 25 22:17:47 samantha postfix/smtp[12139]: vstream_fflush_some: fd 15
flush 0
Jun 25 22:17:47 samantha postfix/smtp[12139]: disposing SASL state
information



signature.asc (267 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SASL authentication failed; cannot authenticate to server

Gerry Massat
Matt Rude wrote:

> Matt Rude wrote:
>> Hello, Im trying to implement SASL in SMTP so I can relay all my
>> outbound mail via my ISP's system
>>
>> I am running Postfix 2.5.2 (compiled from source) on a Fedora 8 system.
>>
>> I compiled postfix like this:
>>
>> make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql
>> -I/usr/local/include/sasl \
>> -DUSE_SASL_AUTH -DUSE_CYRUS_SASL  -DDEF_SERVER_SASL_TYPE=\"dovecot\"
>> -DUSE_TLS' \
>> 'AUXLIBS=-L/usr/lib/mysql -L/usr/local/lib -lmysqlclient -lz -lm
>> -lssl -lcrypto -lsasl2'
>>
>> My log shows:
(Your logs were missing in your first email)

> And more log output
>
> Jun 25 22:17:46 samantha postfix/smtp[12139]: vstream_buf_get_ready:
> fd 15 got 70
> Jun 25 22:17:46 samantha postfix/smtp[12139]: <
> smtp.comcast.net[76.96.30.117]:587: 220
> OMTA07.emeryville.ca.mail.comcast.net comcast ESMTP server ready
> Jun 25 22:17:46 samantha postfix/smtp[12139]: >
> smtp.comcast.net[76.96.30.117]:587: EHLO samantha.mattrude.com
> Jun 25 22:17:46 samantha postfix/smtp[12139]: vstream_fflush_some: fd
> 15 flush 28
> Jun 25 22:17:47 samantha postfix/smtp[12139]: vstream_buf_get_ready:
> fd 15 got 205
> Jun 25 22:17:47 samantha postfix/smtp[12139]: <
> smtp.comcast.net[76.96.30.117]:587:
> 250-OMTA07.emeryville.ca.mail.comcast.net hello [66.41.76.92], pleased
> to meet you
> Jun 25 22:17:47 samantha postfix/smtp[12139]: <
> smtp.comcast.net[76.96.30.117]:587: 250-HELP
> Jun 25 22:17:47 samantha postfix/smtp[12139]: <
> smtp.comcast.net[76.96.30.117]:587: 250-AUTH LOGIN PLAIN CRAM-MD5
> Jun 25 22:17:47 samantha postfix/smtp[12139]: <
> smtp.comcast.net[76.96.30.117]:587: 250-SIZE 15728640
> Jun 25 22:17:47 samantha postfix/smtp[12139]: <
> smtp.comcast.net[76.96.30.117]:587: 250-ENHANCEDSTATUSCODES
> Jun 25 22:17:47 samantha postfix/smtp[12139]: <
> smtp.comcast.net[76.96.30.117]:587: 250-8BITMIME
> Jun 25 22:17:47 samantha postfix/smtp[12139]: <
> smtp.comcast.net[76.96.30.117]:587: 250-STARTTLS
> Jun 25 22:17:47 samantha postfix/smtp[12139]: <
> smtp.comcast.net[76.96.30.117]:587: 250 OK
> Jun 25 22:17:47 samantha postfix/smtp[12139]: server features: 0x103b
> size 15728640
> Jun 25 22:17:47 samantha postfix/smtp[12139]: Host offered STARTTLS:
> [smtp.comcast.net]
> Jun 25 22:17:47 samantha postfix/smtp[12139]: maps_find:
> smtp_sasl_passwd: smtp.comcast.net: not found
> Jun 25 22:17:47 samantha postfix/smtp[12139]: maps_find:
> smtp_sasl_passwd: hash:/etc/postfix/sasl_passwd(0,lock|fold_fix):
> [smtp.comcast.net]:587 = <myusername>:<mypassword>
> Jun 25 22:17:47 samantha postfix/smtp[12139]: smtp_sasl_passwd_lookup:
> host `smtp.comcast.net' user `<-myusername->' pass `<-mypassword->'
> Jun 25 22:17:47 samantha postfix/smtp[12139]: starting new SASL client
> Jun 25 22:17:47 samantha postfix/smtp[12139]: smtp_sasl_authenticate:
> smtp.comcast.net[76.96.30.117]:587: SASL mechanisms LOGIN PLAIN CRAM-MD5
> Jun 25 22:17:47 samantha postfix/smtp[12139]: warning: SASL
> authentication failure: No worthy mechs found
> Jun 25 22:17:47 samantha postfix/smtp[12139]: connect to subsystem
> private/defer
> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr nrequest = 0
> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr flags = 0
> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr queue_id =
> 930BE8F666E
> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr
> original_recipient = [hidden email]
> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr recipient =
> [hidden email]
> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr offset = 630
> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr dsn_orig_rcpt
> = rfc822;[hidden email]
> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr notify_flags = 0
> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr status = 4.7.0
> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr diag_type =
> x-sasl
> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr diag_text = no
> mechanism available
> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr mta_type =
> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr mta_mname =
> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr action = delayed
> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr reason = SASL
> authentication failed; cannot authenticate to server
> smtp.comcast.net[76.96.30.117]: no mechanism available
I wonder if this is because you have smtp_tls_note_starttls_offer = yes
in your main.cf, I don't know if comcast will use tls.  I followed
http://www.postfix.org/SASL_README.html which does not suggest that
item, I don't use it in my configuration.
Try commenting that line out of your main.cf to see if that resolves the
problem.
Otherwise, I'd have to defer to a better expert!

> Jun 25 22:17:47 samantha postfix/smtp[12139]: vstream_fflush_some: fd
> 16 flush 405
> Jun 25 22:17:47 samantha postfix/smtp[12139]: vstream_buf_get_ready:
> fd 16 got 10
> Jun 25 22:17:47 samantha postfix/smtp[12139]: private/defer socket:
> wanted attribute: status
> Jun 25 22:17:47 samantha postfix/smtp[12139]: input attribute name:
> status
> Jun 25 22:17:47 samantha postfix/smtp[12139]: input attribute value: 0
> Jun 25 22:17:47 samantha postfix/smtp[12139]: private/defer socket:
> wanted attribute: (list terminator)
> Jun 25 22:17:47 samantha postfix/smtp[12139]: input attribute name: (end)
> Jun 25 22:17:47 samantha postfix/smtp[12139]: 930BE8F666E:
> to=<[hidden email]>, relay=smtp.comcast.net[76.96.30.117]:587,
> delay=0.52, delays=0.06/0.03/0.44/0, dsn=4.7.0, status=deferred (SASL
> authentication failed; cannot authenticate to server
> smtp.comcast.net[76.96.30.117]: no mechanism available)
> Jun 25 22:17:47 samantha postfix/smtp[12139]: flush_add: site
> ncl-link.com id 930BE8F666E
> Jun 25 22:17:47 samantha postfix/smtp[12139]: match_hostname:
> ncl-link.com ~?
> mysql:/etc/postfix/mysql_relay_domains_maps.cf(0,lock|fold_fix)
> Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql_get_active:
> attempting to connect to host localhost
> Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql: successful
> connection to host localhost
> Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql: successful
> query from host localhost
> Jun 25 22:17:47 samantha postfix/smtp[12139]: event_request_timer: set
> 0x80692f6 0x8d798d8 60
> Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql_lookup:
> retrieved 0 rows
> Jun 25 22:17:47 samantha postfix/smtp[12139]: match_hostname: lookup
> mysql:/etc/postfix/mysql_relay_domains_maps.cf ncl-link.com: notfound
> Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql_get_active:
> found active connection to host localhost
> Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql: successful
> query from host localhost
> Jun 25 22:17:47 samantha postfix/smtp[12139]: event_request_timer:
> reset 0x80692f6 0x8d798d8 60
> Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql_lookup:
> retrieved 0 rows
> Jun 25 22:17:47 samantha postfix/smtp[12139]: match_hostname: lookup
> mysql:/etc/postfix/mysql_relay_domains_maps.cf com: notfound
> Jun 25 22:17:47 samantha postfix/smtp[12139]: match_list_match:
> ncl-link.com: no match
> Jun 25 22:17:47 samantha postfix/smtp[12139]: flush_add: site
> ncl-link.com id 930BE8F666E status 4
> Jun 25 22:17:47 samantha postfix/smtp[12139]: >
> smtp.comcast.net[76.96.30.117]:587: QUIT
> Jun 25 22:17:47 samantha postfix/smtp[12139]: name_mask: resource
> Jun 25 22:17:47 samantha postfix/smtp[12139]: name_mask: software
> Jun 25 22:17:47 samantha postfix/smtp[12139]: vstream_fflush_some: fd
> 15 flush 6
> Jun 25 22:17:47 samantha postfix/smtp[12139]: vstream_fflush_some: fd
> 15 flush 0
> Jun 25 22:17:47 samantha postfix/smtp[12139]: disposing SASL state
> information
>
>

Reply | Threaded
Open this post in threaded view
|

Re: SASL authentication failed; cannot authenticate to server

Victor Duchovni
On Wed, Jun 25, 2008 at 10:41:16PM -0500, Gerry Massat wrote:

> >Jun 25 22:17:47 samantha postfix/smtp[12139]: Host offered STARTTLS:
> >[smtp.comcast.net]
> >Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr reason = SASL
> >authentication failed; cannot authenticate to server
> >smtp.comcast.net[76.96.30.117]: no mechanism available
>
> I wonder if this is because you have smtp_tls_note_starttls_offer = yes
> in your main.cf.

No.

> I followed
> http://www.postfix.org/SASL_README.html which does not suggest that
> item, I don't use it in my configuration.

This setting just *logs* potential opportunities to use TLS. It has no
operational consequences.

> Try commenting that line out of your main.cf to see if that resolves the
> problem.

No need to bother with that. Rather the question is why the client
does not like any of the server-supported mechanisms.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: SASL authentication failed; cannot authenticate to server

Matt Rude-3
In reply to this post by Gerry Massat
Gerry Massat wrote:

> Matt Rude wrote:
>> Matt Rude wrote:
>>> Hello, Im trying to implement SASL in SMTP so I can relay all my
>>> outbound mail via my ISP's system
>>>
>>> I am running Postfix 2.5.2 (compiled from source) on a Fedora 8 system.
>>>
>>> I compiled postfix like this:
>>>
>>> make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql
>>> -I/usr/local/include/sasl \
>>> -DUSE_SASL_AUTH -DUSE_CYRUS_SASL  -DDEF_SERVER_SASL_TYPE=\"dovecot\"
>>> -DUSE_TLS' \
>>> 'AUXLIBS=-L/usr/lib/mysql -L/usr/local/lib -lmysqlclient -lz -lm
>>> -lssl -lcrypto -lsasl2'
>>>
>>> My log shows:
> (Your logs were missing in your first email)
>> And more log output
>>
>> Jun 25 22:17:46 samantha postfix/smtp[12139]: vstream_buf_get_ready:
>> fd 15 got 70
>> Jun 25 22:17:46 samantha postfix/smtp[12139]: <
>> smtp.comcast.net[76.96.30.117]:587: 220
>> OMTA07.emeryville.ca.mail.comcast.net comcast ESMTP server ready
>> Jun 25 22:17:46 samantha postfix/smtp[12139]: >
>> smtp.comcast.net[76.96.30.117]:587: EHLO samantha.mattrude.com
>> Jun 25 22:17:46 samantha postfix/smtp[12139]: vstream_fflush_some: fd
>> 15 flush 28
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: vstream_buf_get_ready:
>> fd 15 got 205
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: <
>> smtp.comcast.net[76.96.30.117]:587:
>> 250-OMTA07.emeryville.ca.mail.comcast.net hello [66.41.76.92],
>> pleased to meet you
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: <
>> smtp.comcast.net[76.96.30.117]:587: 250-HELP
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: <
>> smtp.comcast.net[76.96.30.117]:587: 250-AUTH LOGIN PLAIN CRAM-MD5
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: <
>> smtp.comcast.net[76.96.30.117]:587: 250-SIZE 15728640
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: <
>> smtp.comcast.net[76.96.30.117]:587: 250-ENHANCEDSTATUSCODES
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: <
>> smtp.comcast.net[76.96.30.117]:587: 250-8BITMIME
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: <
>> smtp.comcast.net[76.96.30.117]:587: 250-STARTTLS
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: <
>> smtp.comcast.net[76.96.30.117]:587: 250 OK
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: server features: 0x103b
>> size 15728640
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: Host offered STARTTLS:
>> [smtp.comcast.net]
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: maps_find:
>> smtp_sasl_passwd: smtp.comcast.net: not found
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: maps_find:
>> smtp_sasl_passwd: hash:/etc/postfix/sasl_passwd(0,lock|fold_fix):
>> [smtp.comcast.net]:587 = <myusername>:<mypassword>
>> Jun 25 22:17:47 samantha postfix/smtp[12139]:
>> smtp_sasl_passwd_lookup: host `smtp.comcast.net' user
>> `<-myusername->' pass `<-mypassword->'
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: starting new SASL client
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: smtp_sasl_authenticate:
>> smtp.comcast.net[76.96.30.117]:587: SASL mechanisms LOGIN PLAIN CRAM-MD5
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: warning: SASL
>> authentication failure: No worthy mechs found
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: connect to subsystem
>> private/defer
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr nrequest = 0
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr flags = 0
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr queue_id =
>> 930BE8F666E
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr
>> original_recipient = [hidden email]
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr recipient =
>> [hidden email]
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr offset = 630
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr dsn_orig_rcpt
>> = rfc822;[hidden email]
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr notify_flags = 0
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr status = 4.7.0
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr diag_type =
>> x-sasl
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr diag_text =
>> no mechanism available
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr mta_type =
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr mta_mname =
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr action = delayed
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: send attr reason = SASL
>> authentication failed; cannot authenticate to server
>> smtp.comcast.net[76.96.30.117]: no mechanism available
> I wonder if this is because you have smtp_tls_note_starttls_offer =
> yes in your main.cf, I don't know if comcast will use tls.  I followed
> http://www.postfix.org/SASL_README.html which does not suggest that
> item, I don't use it in my configuration.
> Try commenting that line out of your main.cf to see if that resolves
> the problem.
> Otherwise, I'd have to defer to a better expert!
They do
# telnet smtp.comcast.net 587
Trying 76.96.30.117...
Connected to smtp.comcast.net.
Escape character is '^]'.
220 OMTA08.emeryville.ca.mail.comcast.net comcast ESMTP server ready
ehlo OMTA08.emeryville.ca.mail.comcast.net
250-OMTA08.emeryville.ca.mail.comcast.net hello [66.41.76.92], pleased
to meet you
250-HELP
250-AUTH LOGIN PLAIN CRAM-MD5
250-SIZE 15728640
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-STARTTLS
250 OK
quit
221 2.0.0 OMTA08.emeryville.ca.mail.comcast.net comcast closing connection
Connection closed by foreign host.

But ill try taking it out anyway and see what happens

>> Jun 25 22:17:47 samantha postfix/smtp[12139]: vstream_fflush_some: fd
>> 16 flush 405
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: vstream_buf_get_ready:
>> fd 16 got 10
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: private/defer socket:
>> wanted attribute: status
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: input attribute name:
>> status
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: input attribute value: 0
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: private/defer socket:
>> wanted attribute: (list terminator)
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: input attribute name:
>> (end)
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: 930BE8F666E:
>> to=<[hidden email]>,
>> relay=smtp.comcast.net[76.96.30.117]:587, delay=0.52,
>> delays=0.06/0.03/0.44/0, dsn=4.7.0, status=deferred (SASL
>> authentication failed; cannot authenticate to server
>> smtp.comcast.net[76.96.30.117]: no mechanism available)
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: flush_add: site
>> ncl-link.com id 930BE8F666E
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: match_hostname:
>> ncl-link.com ~?
>> mysql:/etc/postfix/mysql_relay_domains_maps.cf(0,lock|fold_fix)
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql_get_active:
>> attempting to connect to host localhost
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql: successful
>> connection to host localhost
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql: successful
>> query from host localhost
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: event_request_timer:
>> set 0x80692f6 0x8d798d8 60
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql_lookup:
>> retrieved 0 rows
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: match_hostname: lookup
>> mysql:/etc/postfix/mysql_relay_domains_maps.cf ncl-link.com: notfound
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql_get_active:
>> found active connection to host localhost
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql: successful
>> query from host localhost
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: event_request_timer:
>> reset 0x80692f6 0x8d798d8 60
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: dict_mysql_lookup:
>> retrieved 0 rows
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: match_hostname: lookup
>> mysql:/etc/postfix/mysql_relay_domains_maps.cf com: notfound
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: match_list_match:
>> ncl-link.com: no match
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: flush_add: site
>> ncl-link.com id 930BE8F666E status 4
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: >
>> smtp.comcast.net[76.96.30.117]:587: QUIT
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: name_mask: resource
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: name_mask: software
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: vstream_fflush_some: fd
>> 15 flush 6
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: vstream_fflush_some: fd
>> 15 flush 0
>> Jun 25 22:17:47 samantha postfix/smtp[12139]: disposing SASL state
>> information
>>
>>
>


signature.asc (267 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SASL authentication failed; cannot authenticate to server

Brian Evans - Postfix List
In reply to this post by Matt Rude-3
Matt Rude wrote:

> Hello, Im trying to implement SASL in SMTP so I can relay all my
> outbound mail via my ISP's system
>
> I am running Postfix 2.5.2 (compiled from source) on a Fedora 8 system.
>
> I compiled postfix like this:
>
> make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql
> -I/usr/local/include/sasl \
> -DUSE_SASL_AUTH -DUSE_CYRUS_SASL  -DDEF_SERVER_SASL_TYPE=\"dovecot\"
> -DUSE_TLS' \
> 'AUXLIBS=-L/usr/lib/mysql -L/usr/local/lib -lmysqlclient -lz -lm -lssl
> -lcrypto -lsasl2'
>
> My log shows:
> Jun 25 20:18:10 postfix/smtp[6741]: A6CD28F666D:
> to=<[hidden email]>, relay=smtp.comcast.net[76.96.30.117]:587,
> delay=0.68, delays=0.06/0.03/0.59/0, dsn=4.7.0, stat
> us=deferred (SASL authentication failed; cannot authenticate to server
> smtp.comcast.net[76.96.30.117]: no mechanism available)
>
> saslfinger -c
>
> saslfinger - postfix Cyrus sasl configuration Wed Jun 25 20:16:18 CDT
> 2008
> version: 1.0.2
> mode: client-side SMTP AUTH
>
> -- basics --
> Postfix: 2.5.2
> System: Fedora release 8 (Werewolf)
>
> -- smtp is linked to --
>    libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x078a6000)
>
> -- active SMTP AUTH and TLS parameters for smtp --
> relayhost = [smtp.comcast.net]:587
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_sasl_security_options =
I would at least put "noanonymous" here.

> smtp_sasl_tls_security_options =
> smtp_tls_note_starttls_offer = yes
>
>
> -- listing of /usr/lib/sasl --
> total 76
> drwxr-xr-x   2 root root  4096 2008-06-25 01:10 .
> drwxr-xr-x 104 root root 57344 2008-06-25 19:29 ..
> -rw-r--r--   1 root root    71 2008-06-25 01:10 smtpd.conf
>
> -- listing of /usr/lib/sasl2 --
> total 168
> drwxr-xr-x   2 root root  4096 2008-06-25 19:29 .
> drwxr-xr-x 104 root root 57344 2008-06-25 19:29 ..
> -rwxr-xr-x   1 root root   849 2007-11-07 14:44 libntlm.la
> -rwxr-xr-x   1 root root 31672 2007-11-07 14:44 libntlm.so
> -rwxr-xr-x   1 root root 31672 2007-11-07 14:44 libntlm.so.2
> -rwxr-xr-x   1 root root 31672 2007-11-07 14:44 libntlm.so.2.0.22
>
> -- listing of /usr/local/lib/sasl2 --
> total 1928
> drwxr-xr-x 2 root root   4096 2008-06-24 23:41 .
> drwxr-xr-x 5 root root   4096 2008-06-24 23:40 ..
> -rwxr-xr-x 1 root root    695 2008-06-24 23:40 libanonymous.la
> -rwxr-xr-x 1 root root  54946 2008-06-24 23:40 libanonymous.so
> -rwxr-xr-x 1 root root  54946 2008-06-24 23:40 libanonymous.so.2
> -rwxr-xr-x 1 root root  54946 2008-06-24 23:40 libanonymous.so.2.0.22
> -rwxr-xr-x 1 root root    683 2008-06-24 23:40 libcrammd5.la
> -rwxr-xr-x 1 root root  61028 2008-06-24 23:40 libcrammd5.so
> -rwxr-xr-x 1 root root  61028 2008-06-24 23:40 libcrammd5.so.2
> -rwxr-xr-x 1 root root  61028 2008-06-24 23:40 libcrammd5.so.2.0.22
> -rwxr-xr-x 1 root root    713 2008-06-24 23:40 libdigestmd5.la
> -rwxr-xr-x 1 root root 125702 2008-06-24 23:40 libdigestmd5.so
> -rwxr-xr-x 1 root root 125702 2008-06-24 23:40 libdigestmd5.so.2
> -rwxr-xr-x 1 root root 125702 2008-06-24 23:40 libdigestmd5.so.2.0.22
> -rwxr-xr-x 1 root root    763 2008-06-24 23:40 libgssapiv2.la
> -rwxr-xr-x 1 root root  79257 2008-06-24 23:40 libgssapiv2.so
> -rwxr-xr-x 1 root root  79257 2008-06-24 23:40 libgssapiv2.so.2
> -rwxr-xr-x 1 root root  79257 2008-06-24 23:40 libgssapiv2.so.2.0.22
> -rwxr-xr-x 1 root root    668 2008-06-24 23:40 libotp.la
> -rwxr-xr-x 1 root root 120658 2008-06-24 23:40 libotp.so
> -rwxr-xr-x 1 root root 120658 2008-06-24 23:40 libotp.so.2
> -rwxr-xr-x 1 root root 120658 2008-06-24 23:40 libotp.so.2.0.22
> -rwxr-xr-x 1 root root    679 2008-06-24 23:40 libplain.la
> -rwxr-xr-x 1 root root  56128 2008-06-24 23:40 libplain.so
> -rwxr-xr-x 1 root root  56128 2008-06-24 23:40 libplain.so.2
> -rwxr-xr-x 1 root root  56128 2008-06-24 23:40 libplain.so.2.0.22
> -rwxr-xr-x 1 root root    700 2008-06-24 23:40 libsasldb.la
> -rwxr-xr-x 1 root root 103244 2008-06-24 23:40 libsasldb.so
> -rwxr-xr-x 1 root root 103244 2008-06-24 23:40 libsasldb.so.2
> -rwxr-xr-x 1 root root 103244 2008-06-24 23:40 libsasldb.so.2.0.22
> drwxr-xr-x 2 root root   4096 2008-06-25 19:29 sasl2
>
> -- listing of /etc/sasl2 --
> total 24
> drwxr-xr-x   2 root root  4096 2007-11-07 14:44 .
> drwxr-xr-x 120 root root 12288 2008-06-25 19:29 ..
>
It's a bit odd to have the plug ins split like that.

What does "pluginviewer -c" say?

Brian
Reply | Threaded
Open this post in threaded view
|

Re: SASL authentication failed; cannot authenticate to server

Patrick Ben Koetter
* Brian Evans <[hidden email]>:
>> My log shows:
>> Jun 25 20:18:10 postfix/smtp[6741]: A6CD28F666D:  
>> to=<[hidden email]>, relay=smtp.comcast.net[76.96.30.117]:587,  
>> delay=0.68, delays=0.06/0.03/0.59/0, dsn=4.7.0, stat
>> us=deferred (SASL authentication failed; cannot authenticate to server  
>> smtp.comcast.net[76.96.30.117]: no mechanism available)


$ telnet 76.96.30.117 25
Trying 76.96.30.117...
Connected to 76.96.30.117.
Escape character is '^]'.
220 OMTA10.emeryville.ca.mail.comcast.net comcast ESMTP server ready
EHLO foo
250-OMTA10.emeryville.ca.mail.comcast.net hello [62.245.202.194], pleased to
meet you
250-HELP
250-AUTH LOGIN PLAIN CRAM-MD5
250-SIZE 15728640
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-STARTTLS
250 OK
QUIT
221 2.0.0 OMTA10.emeryville.ca.mail.comcast.net comcast closing connection
Connection closed by foreign host.


smtp.comcast.net offers LOGIN PLAIN and CRAM-MD5.


>> saslfinger -c
>>
>> saslfinger - postfix Cyrus sasl configuration Wed Jun 25 20:16:18 CDT  
>> 2008
>> version: 1.0.2
>> mode: client-side SMTP AUTH
>>
>> -- basics --
>> Postfix: 2.5.2
>> System: Fedora release 8 (Werewolf)
>>
>> -- smtp is linked to --
>>    libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x078a6000)
>>
>> -- active SMTP AUTH and TLS parameters for smtp --
>> relayhost = [smtp.comcast.net]:587
>> smtp_sasl_auth_enable = yes
>> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
>> smtp_sasl_security_options =
> I would at least put "noanonymous" here.
>> smtp_sasl_tls_security_options =
>> smtp_tls_note_starttls_offer = yes
>>
>>
>> -- listing of /usr/lib/sasl --
>> total 76
>> drwxr-xr-x   2 root root  4096 2008-06-25 01:10 .
>> drwxr-xr-x 104 root root 57344 2008-06-25 19:29 ..
>> -rw-r--r--   1 root root    71 2008-06-25 01:10 smtpd.conf
>>
>> -- listing of /usr/lib/sasl2 --
>> total 168
>> drwxr-xr-x   2 root root  4096 2008-06-25 19:29 .
>> drwxr-xr-x 104 root root 57344 2008-06-25 19:29 ..
>> -rwxr-xr-x   1 root root   849 2007-11-07 14:44 libntlm.la
>> -rwxr-xr-x   1 root root 31672 2007-11-07 14:44 libntlm.so
>> -rwxr-xr-x   1 root root 31672 2007-11-07 14:44 libntlm.so.2
>> -rwxr-xr-x   1 root root 31672 2007-11-07 14:44 libntlm.so.2.0.22

/usr/lib/sasl2 is where libsasl searches for usable mechanisms. There's only
NTLM in there. There's no intersection between what the server offers and your
client an use. That's why you get "no mechanism available".

Remove /usr/lib/sasl2 and make it a symbolic link to /usr/local/lib/sasl2.
The listing of /usr/local/lib/sasl2 (below) shows you have the necessary
mechanisms on the machine.

Then reload Postfix and try again.

p@rick





>>
>> -- listing of /usr/local/lib/sasl2 --
>> total 1928
>> drwxr-xr-x 2 root root   4096 2008-06-24 23:41 .
>> drwxr-xr-x 5 root root   4096 2008-06-24 23:40 ..
>> -rwxr-xr-x 1 root root    695 2008-06-24 23:40 libanonymous.la
>> -rwxr-xr-x 1 root root  54946 2008-06-24 23:40 libanonymous.so
>> -rwxr-xr-x 1 root root  54946 2008-06-24 23:40 libanonymous.so.2
>> -rwxr-xr-x 1 root root  54946 2008-06-24 23:40 libanonymous.so.2.0.22
>> -rwxr-xr-x 1 root root    683 2008-06-24 23:40 libcrammd5.la
>> -rwxr-xr-x 1 root root  61028 2008-06-24 23:40 libcrammd5.so
>> -rwxr-xr-x 1 root root  61028 2008-06-24 23:40 libcrammd5.so.2
>> -rwxr-xr-x 1 root root  61028 2008-06-24 23:40 libcrammd5.so.2.0.22
>> -rwxr-xr-x 1 root root    713 2008-06-24 23:40 libdigestmd5.la
>> -rwxr-xr-x 1 root root 125702 2008-06-24 23:40 libdigestmd5.so
>> -rwxr-xr-x 1 root root 125702 2008-06-24 23:40 libdigestmd5.so.2
>> -rwxr-xr-x 1 root root 125702 2008-06-24 23:40 libdigestmd5.so.2.0.22
>> -rwxr-xr-x 1 root root    763 2008-06-24 23:40 libgssapiv2.la
>> -rwxr-xr-x 1 root root  79257 2008-06-24 23:40 libgssapiv2.so
>> -rwxr-xr-x 1 root root  79257 2008-06-24 23:40 libgssapiv2.so.2
>> -rwxr-xr-x 1 root root  79257 2008-06-24 23:40 libgssapiv2.so.2.0.22
>> -rwxr-xr-x 1 root root    668 2008-06-24 23:40 libotp.la
>> -rwxr-xr-x 1 root root 120658 2008-06-24 23:40 libotp.so
>> -rwxr-xr-x 1 root root 120658 2008-06-24 23:40 libotp.so.2
>> -rwxr-xr-x 1 root root 120658 2008-06-24 23:40 libotp.so.2.0.22
>> -rwxr-xr-x 1 root root    679 2008-06-24 23:40 libplain.la
>> -rwxr-xr-x 1 root root  56128 2008-06-24 23:40 libplain.so
>> -rwxr-xr-x 1 root root  56128 2008-06-24 23:40 libplain.so.2
>> -rwxr-xr-x 1 root root  56128 2008-06-24 23:40 libplain.so.2.0.22
>> -rwxr-xr-x 1 root root    700 2008-06-24 23:40 libsasldb.la
>> -rwxr-xr-x 1 root root 103244 2008-06-24 23:40 libsasldb.so
>> -rwxr-xr-x 1 root root 103244 2008-06-24 23:40 libsasldb.so.2
>> -rwxr-xr-x 1 root root 103244 2008-06-24 23:40 libsasldb.so.2.0.22
>> drwxr-xr-x 2 root root   4096 2008-06-25 19:29 sasl2
>>
>> -- listing of /etc/sasl2 --
>> total 24
>> drwxr-xr-x   2 root root  4096 2007-11-07 14:44 .
>> drwxr-xr-x 120 root root 12288 2008-06-25 19:29 ..
>>
> It's a bit odd to have the plug ins split like that.
>
> What does "pluginviewer -c" say?
>
> Brian

--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply | Threaded
Open this post in threaded view
|

Re: SASL authentication failed; cannot authenticate to server

Matt Rude-3
In reply to this post by Matt Rude-3
On Thu, June 26, 2008 8:40 am, Brian Evans wrote:
> Matt Rude wrote:
>> Hello, Im trying to implement SASL in SMTP so I can relay all my
outbound mail via my ISP's system
>> I am running Postfix 2.5.2 (compiled from source) on a Fedora 8 system.
I compiled postfix like this:
>> make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql
>> -I/usr/local/include/sasl \
>> -DUSE_SASL_AUTH -DUSE_CYRUS_SASL  -DDEF_SERVER_SASL_TYPE=\"dovecot\"
-DUSE_TLS' \
>> 'AUXLIBS=-L/usr/lib/mysql -L/usr/local/lib -lmysqlclient -lz -lm -lssl
-lcrypto -lsasl2'
>> My log shows:
>> Jun 25 20:18:10 postfix/smtp[6741]: A6CD28F666D:
>> to=<[hidden email]>, relay=smtp.comcast.net[76.96.30.117]:587,
delay=0.68, delays=0.06/0.03/0.59/0, dsn=4.7.0, stat
>> us=deferred (SASL authentication failed; cannot authenticate to server
smtp.comcast.net[76.96.30.117]: no mechanism available)

>> saslfinger -c
>> saslfinger - postfix Cyrus sasl configuration Wed Jun 25 20:16:18 CDT 2008
>> version: 1.0.2
>> mode: client-side SMTP AUTH
>> -- basics --
>> Postfix: 2.5.2
>> System: Fedora release 8 (Werewolf)
>> -- smtp is linked to --
>>    libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x078a6000)
>> -- active SMTP AUTH and TLS parameters for smtp --
>> relayhost = [smtp.comcast.net]:587
>> smtp_sasl_auth_enable = yes
>> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
>> smtp_sasl_security_options =
> I would at least put "noanonymous" here.
>> smtp_sasl_tls_security_options =
>> smtp_tls_note_starttls_offer = yes
>> -- listing of /usr/lib/sasl --
>> total 76
>> drwxr-xr-x   2 root root  4096 2008-06-25 01:10 .
>> drwxr-xr-x 104 root root 57344 2008-06-25 19:29 ..
>> -rw-r--r--   1 root root    71 2008-06-25 01:10 smtpd.conf
>> -- listing of /usr/lib/sasl2 --
>> total 168
>> drwxr-xr-x   2 root root  4096 2008-06-25 19:29 .
>> drwxr-xr-x 104 root root 57344 2008-06-25 19:29 ..
>> -rwxr-xr-x   1 root root   849 2007-11-07 14:44 libntlm.la
>> -rwxr-xr-x   1 root root 31672 2007-11-07 14:44 libntlm.so
>> -rwxr-xr-x   1 root root 31672 2007-11-07 14:44 libntlm.so.2
>> -rwxr-xr-x   1 root root 31672 2007-11-07 14:44 libntlm.so.2.0.22 --
listing of /usr/local/lib/sasl2 --
>> total 1928
>> drwxr-xr-x 2 root root   4096 2008-06-24 23:41 .
>> drwxr-xr-x 5 root root   4096 2008-06-24 23:40 ..
>> -rwxr-xr-x 1 root root    695 2008-06-24 23:40 libanonymous.la
>> -rwxr-xr-x 1 root root  54946 2008-06-24 23:40 libanonymous.so
>> -rwxr-xr-x 1 root root  54946 2008-06-24 23:40 libanonymous.so.2
-rwxr-xr-x 1 root root  54946 2008-06-24 23:40 libanonymous.so.2.0.22
-rwxr-xr-x 1 root root    683 2008-06-24 23:40 libcrammd5.la
>> -rwxr-xr-x 1 root root  61028 2008-06-24 23:40 libcrammd5.so
>> -rwxr-xr-x 1 root root  61028 2008-06-24 23:40 libcrammd5.so.2
>> -rwxr-xr-x 1 root root  61028 2008-06-24 23:40 libcrammd5.so.2.0.22
-rwxr-xr-x 1 root root    713 2008-06-24 23:40 libdigestmd5.la
>> -rwxr-xr-x 1 root root 125702 2008-06-24 23:40 libdigestmd5.so
>> -rwxr-xr-x 1 root root 125702 2008-06-24 23:40 libdigestmd5.so.2
-rwxr-xr-x 1 root root 125702 2008-06-24 23:40 libdigestmd5.so.2.0.22
-rwxr-xr-x 1 root root    763 2008-06-24 23:40 libgssapiv2.la
>> -rwxr-xr-x 1 root root  79257 2008-06-24 23:40 libgssapiv2.so
>> -rwxr-xr-x 1 root root  79257 2008-06-24 23:40 libgssapiv2.so.2
-rwxr-xr-x 1 root root  79257 2008-06-24 23:40 libgssapiv2.so.2.0.22
-rwxr-xr-x 1 root root    668 2008-06-24 23:40 libotp.la
>> -rwxr-xr-x 1 root root 120658 2008-06-24 23:40 libotp.so
>> -rwxr-xr-x 1 root root 120658 2008-06-24 23:40 libotp.so.2
>> -rwxr-xr-x 1 root root 120658 2008-06-24 23:40 libotp.so.2.0.22
-rwxr-xr-x 1 root root    679 2008-06-24 23:40 libplain.la
>> -rwxr-xr-x 1 root root  56128 2008-06-24 23:40 libplain.so
>> -rwxr-xr-x 1 root root  56128 2008-06-24 23:40 libplain.so.2
>> -rwxr-xr-x 1 root root  56128 2008-06-24 23:40 libplain.so.2.0.22
-rwxr-xr-x 1 root root    700 2008-06-24 23:40 libsasldb.la
>> -rwxr-xr-x 1 root root 103244 2008-06-24 23:40 libsasldb.so
>> -rwxr-xr-x 1 root root 103244 2008-06-24 23:40 libsasldb.so.2
>> -rwxr-xr-x 1 root root 103244 2008-06-24 23:40 libsasldb.so.2.0.22
drwxr-xr-x 2 root root   4096 2008-06-25 19:29 sasl2
>> -- listing of /etc/sasl2 --
>> total 24
>> drwxr-xr-x   2 root root  4096 2007-11-07 14:44 .
>> drwxr-xr-x 120 root root 12288 2008-06-25 19:29 ..
> It's a bit odd to have the plug ins split like that.
>
> What does "pluginviewer -c" say?
Installed SASL (client side) mechanisms are:
NTLM EXTERNAL
List of client plugins follows
Plugin "ntlm" [loaded],         API version: 4
        SASL mechanism: NTLM, best SSF: 0
        security flags: NO_ANONYMOUS|NO_PLAINTEXT
        features: WANT_CLIENT_FIRST
Plugin "EXTERNAL" [loaded],     API version: 4
        SASL mechanism: EXTERNAL, best SSF: 0
        security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_DICTIONARY
        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION


--
Matt Rude
www.mattrude.com




Reply | Threaded
Open this post in threaded view
|

Re: SASL authentication failed; cannot authenticate to server

Matt Rude-3
In reply to this post by Patrick Ben Koetter

On Thu, June 26, 2008 9:07 am, Patrick Ben Koetter wrote:

>>> -- listing of /usr/lib/sasl --
>>> total 76
>>> drwxr-xr-x   2 root root  4096 2008-06-25 01:10 .
>>> drwxr-xr-x 104 root root 57344 2008-06-25 19:29 ..
>>> -rw-r--r--   1 root root    71 2008-06-25 01:10 smtpd.conf
>>>
>>> -- listing of /usr/lib/sasl2 --
>>> total 168
>>> drwxr-xr-x   2 root root  4096 2008-06-25 19:29 .
>>> drwxr-xr-x 104 root root 57344 2008-06-25 19:29 ..
>>> -rwxr-xr-x   1 root root   849 2007-11-07 14:44 libntlm.la
>>> -rwxr-xr-x   1 root root 31672 2007-11-07 14:44 libntlm.so
>>> -rwxr-xr-x   1 root root 31672 2007-11-07 14:44 libntlm.so.2
>>> -rwxr-xr-x   1 root root 31672 2007-11-07 14:44 libntlm.so.2.0.22
>
> /usr/lib/sasl2 is where libsasl searches for usable mechanisms. There's
> only
> NTLM in there. There's no intersection between what the server offers and
> your
> client an use. That's why you get "no mechanism available".
>
> Remove /usr/lib/sasl2 and make it a symbolic link to /usr/local/lib/sasl2.
> The listing of /usr/local/lib/sasl2 (below) shows you have the necessary
> mechanisms on the machine.
>
> Then reload Postfix and try again.
>
> p@rick

Well that seems to have fixed it.

Thanks

--
Matt Rude
www.mattrude.com