can't authenticate using SASL

classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|

can't authenticate using SASL

skunkwerk
I'm having trouble authenticating with my smtp server - i've posted the configuration files and the verbose output of my telnet session here:
http://ubuntuforums.org/showthread.php?p=5106066

i'm getting a "match_list_match" no match error in the log file...

any help much appreciated,
thanks
Reply | Threaded
Open this post in threaded view
|

Re: can't authenticate using SASL

Brian Evans - Postfix List
skunkwerk wrote:
> I'm having trouble authenticating with my smtp server - i've posted
> the configuration files and the verbose output of my telnet session here:
> http://ubuntuforums.org/showthread.php?p=5106066
>
> i'm getting a "match_list_match" no match error in the log file...
>
> any help much appreciated,
> thanks
Please follow the directions in the welcome message and also see
http://www.postfix.org/DEBUG_README.html#mail.
The lines referencing `postconf -n` and saslfinger are key.

Brian
Reply | Threaded
Open this post in threaded view
|

Re: can't authenticate using SASL

skunkwerk
In reply to this post by skunkwerk
thanks Brian,
   here's the output of:

postconf -n: http://pastebin.com/m5b48c531
saslfinger -s: http://pastebin.com/m78a2bb98

thanks,
imran

Brian Evans (grknightscent-team.com) wrote:
>Please follow the directions in the welcome message and also see
>http://www.postfix.org/DEBUG_README.html#mail.
>The lines referencing `postconf -n` and saslfinger are key.
>Brian
Reply | Threaded
Open this post in threaded view
|

postfix log analyzer

Patrick G. Victoriano

Hello Postfix Gurus. =)

 

Can someone give me advise what maillog analyzer to use so that I could generate reports and graphs of per user send and receive statistics.

 

TIA

 

-Trik

Reply | Threaded
Open this post in threaded view
|

Re: postfix log analyzer

Arek Czereszewski
Patrick G. Victoriano pisze:
> Hello Postfix Gurus. =)
> Can someone give me advise what maillog analyzer to use so that I could
> generate reports and graphs of per user send and receive statistics.
>

Try one of this:
http://www.postfix.org/addon.html#logfile

I prefer pflogsumm

Regards
Arek

--
Arek Czereszewski
arek (at) wup-katowice (dot) pl
"UNIX allows me to work smarter, not harder."
Reply | Threaded
Open this post in threaded view
|

Re: can't authenticate using SASL

mouss-2
In reply to this post by skunkwerk
skunkwerk wrote:
> thanks Brian,
>    here's the output of:
>
> postconf -n: http://pastebin.com/m5b48c531
> saslfinger -s: http://pastebin.com/m78a2bb98
>  

I see:

sql_select: select clear from users where id='%u@%r' and enblaed = 1


looks like a typo (enblAEd = 1).


I would recommend disabling chroot until everything works (change the
5th column in main.cf to 'n' instead of '-')

Reply | Threaded
Open this post in threaded view
|

RE: postfix log analyzer

Patrick G. Victoriano
In reply to this post by Arek Czereszewski
Thanks Arek.

By the way, where can I see some screenshots generated by pflogsumm?


Regards,
-Trik

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Arek Czereszewski
Sent: Wednesday, June 04, 2008 2:02 PM
To: Patrick G. Victoriano
Cc: [hidden email]
Subject: Re: postfix log analyzer

Patrick G. Victoriano pisze:
> Hello Postfix Gurus. =)
> Can someone give me advise what maillog analyzer to use so that I could
> generate reports and graphs of per user send and receive statistics.
>

Try one of this:
http://www.postfix.org/addon.html#logfile

I prefer pflogsumm

Regards
Arek

--
Arek Czereszewski
arek (at) wup-katowice (dot) pl
"UNIX allows me to work smarter, not harder."


Reply | Threaded
Open this post in threaded view
|

Re: postfix log analyzer

Luigi Rosa
Patrick G. Victoriano said the following on 04/06/2008 9.35:

> By the way, where can I see some screenshots generated by pflogsumm?

pflogsumm generates a text file


Ciao,
luigi

--
/
+--[Luigi Rosa]--
\

Can anything be sadder than work left unfinished? Yes, work never begun.
Reply | Threaded
Open this post in threaded view
|

Re: postfix log analyzer

Jos Chrispijn
In reply to this post by Patrick G. Victoriano
Patrick,

Patrick G. Victoriano wrote:
>
> Can someone give me advise what maillog analyzer to use so that I
> could generate reports and graphs of per user send and receive statistics.
>
You might use AWstats for that. This program can handle website stats as
well (actually I think for that it is one of the best).
It works with config files that can be tunes as per domain exclusivey,
for mail, userstats and ftp as well.

http://awstats.sourceforge.net/

regards,
Jos
Reply | Threaded
Open this post in threaded view
|

RE: postfix log analyzer

Jason Ledford
In reply to this post by Patrick G. Victoriano
http://www.howtoforge.com/mailgraph_pflogsumm_debian_etch

I am sure there are other guides if you don't like this one.

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Patrick G. Victoriano
Sent: Wednesday, June 04, 2008 3:35 AM
To: [hidden email]
Cc: [hidden email]
Subject: RE: postfix log analyzer

Thanks Arek.

By the way, where can I see some screenshots generated by pflogsumm?


Regards,
-Trik

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Arek Czereszewski
Sent: Wednesday, June 04, 2008 2:02 PM
To: Patrick G. Victoriano
Cc: [hidden email]
Subject: Re: postfix log analyzer

Patrick G. Victoriano pisze:
> Hello Postfix Gurus. =)
> Can someone give me advise what maillog analyzer to use so that I could
> generate reports and graphs of per user send and receive statistics.
>

Try one of this:
http://www.postfix.org/addon.html#logfile

I prefer pflogsumm

Regards
Arek

--
Arek Czereszewski
arek (at) wup-katowice (dot) pl
"UNIX allows me to work smarter, not harder."


Reply | Threaded
Open this post in threaded view
|

Re: can't authenticate using SASL

Brian Evans - Postfix List
In reply to this post by skunkwerk
skunkwerk wrote:

> thanks Brian,
>    here's the output of:
>
> postconf -n: http://pastebin.com/m5b48c531
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> broken_sasl_auth_clients = yes
> config_directory = /etc/postfix
> home_mailbox = Maildir/
> inet_interfaces = all
> inet_protocols = ipv4
> mailbox_command =
Last 3 lines are defaults, you don't need them.

> mailbox_size_limit = 0
> mydestination = *******.com, localhost.*******.com, localhost
> myhostname = ********.com
> mynetworks = 127.0.0.1/32 10.251.106.64/32
> myorigin = /etc/mailname
> recipient_delimiter = +
> relayhost =
Also a default.
> smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
> smtpd_recipient_restrictions =
> permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
Last 2 lines are defaults.

> saslfinger -s: http://pastebin.com/m78a2bb98
See mouss' comment.  Is your query correct?

Brian
>
> thanks,
> imran
>
> Brian Evans (/grknightscent-team.com <http://scent-team.com>/) wrote:
> >Please follow the directions in the welcome message and also see
> >http://www.postfix.org/DEBUG_README.html#mail.
> >The lines referencing `postconf -n` and saslfinger are key.
> >Brian
Reply | Threaded
Open this post in threaded view
|

Re: can't authenticate using SASL

skunkwerk
In reply to this post by skunkwerk
thanks Brian, Mouss,
    i've fixed the typo and changed the chroot setting.  this is what i'm getting now when I try to login via a python script and from telnet as well:

Error: authentication failed: generic failure

nothing particular in /var/log/mail.log or auth.log

thanks again,
imran
Reply | Threaded
Open this post in threaded view
|

Re: can't authenticate using SASL

Patrick Ben Koetter
* skunkwerk <[hidden email]>:
> thanks Brian, Mouss,
>     i've fixed the typo and changed the chroot setting.  this is what i'm
> getting now when I try to login via a python script and from telnet as well:
>
> Error: authentication failed: generic failure
>
> nothing particular in /var/log/mail.log or auth.log

saslfinger -s

--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply | Threaded
Open this post in threaded view
|

Re: can't authenticate using SASL

mouss-2
In reply to this post by skunkwerk
skunkwerk wrote:
> thanks Brian, Mouss,
>     i've fixed the typo and changed the chroot setting.  this is what i'm
> getting now when I try to login via a python script and from telnet as well:
>
> Error: authentication failed: generic failure
>
> nothing particular in /var/log/mail.log or auth.log
>  

Please show all logs for the test transaction.

and as Patrick said, show the output of saslfinger -s since you changed
the configuration. Please post here instead of pastebin (the output is
not huge enough to justify "context switching" and "archives orphaning").




Reply | Threaded
Open this post in threaded view
|

Re: can't authenticate using SASL

skunkwerk
In reply to this post by skunkwerk
thanks Mouss,
    it looks like the actual error is this:SASL authentication failure: cannot connect to saslauthd server: Permission denied

using 'htop' i can see that saslauthd is indeed running.

saslfinger -s:

saslfinger - postfix Cyrus sasl configuration Wed Jun  4 12:21:47 PDT 2008
version: 1.0.2
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.4.5
System: Ubuntu 7.10 \n \l

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d13000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous


-- listing of /usr/lib/sasl2 --
total 836
drwxr-xr-x  2 root root  4096 2008-05-05 14:46 .
drwxr-xr-x 55 root root 53248 2008-06-03 20:34 ..
-rw-r--r--  1 root root 13640 2007-10-02 06:58 libanonymous.a
-rw-r--r--  1 root root   862 2007-10-02 06:58 libanonymous.la
-rw-r--r--  1 root root 13208 2007-10-02 06:58 libanonymous.so
-rw-r--r--  1 root root 13208 2007-10-02 06:58 libanonymous.so.2
-rw-r--r--  1 root root 13208 2007-10-02 06:58 libanonymous.so.2.0.22
-rw-r--r--  1 root root 15974 2007-10-02 06:58 libcrammd5.a
-rw-r--r--  1 root root   848 2007-10-02 06:58 libcrammd5.la
-rw-r--r--  1 root root 15672 2007-10-02 06:58 libcrammd5.so
-rw-r--r--  1 root root 15672 2007-10-02 06:58 libcrammd5.so.2
-rw-r--r--  1 root root 15672 2007-10-02 06:58 libcrammd5.so.2.0.22
-rw-r--r--  1 root root 47348 2007-10-02 06:58 libdigestmd5.a
-rw-r--r--  1 root root   871 2007-10-02 06:58 libdigestmd5.la
-rw-r--r--  1 root root 43916 2007-10-02 06:58 libdigestmd5.so
-rw-r--r--  1 root root 43916 2007-10-02 06:58 libdigestmd5.so.2
-rw-r--r--  1 root root 43916 2007-10-02 06:58 libdigestmd5.so.2.0.22
-rw-r--r--  1 root root 13650 2007-10-02 06:58 liblogin.a
-rw-r--r--  1 root root   842 2007-10-02 06:58 liblogin.la
-rw-r--r--  1 root root 14036 2007-10-02 06:58 liblogin.so
-rw-r--r--  1 root root 14036 2007-10-02 06:58 liblogin.so.2
-rw-r--r--  1 root root 14036 2007-10-02 06:58 liblogin.so.2.0.22
-rw-r--r--  1 root root 30516 2007-10-02 06:58 libntlm.a
-rw-r--r--  1 root root   836 2007-10-02 06:58 libntlm.la
-rw-r--r--  1 root root 29876 2007-10-02 06:58 libntlm.so
-rw-r--r--  1 root root 29876 2007-10-02 06:58 libntlm.so.2
-rw-r--r--  1 root root 29876 2007-10-02 06:58 libntlm.so.2.0.22
-rw-r--r--  1 root root 13938 2007-10-02 06:58 libplain.a
-rw-r--r--  1 root root   842 2007-10-02 06:58 libplain.la
-rw-r--r--  1 root root 14036 2007-10-02 06:58 libplain.so
-rw-r--r--  1 root root 14036 2007-10-02 06:58 libplain.so.2
-rw-r--r--  1 root root 14036 2007-10-02 06:58 libplain.so.2.0.22
-rw-r--r--  1 root root 22150 2007-10-02 06:58 libsasldb.a
-rw-r--r--  1 root root   863 2007-10-02 06:58 libsasldb.la
-rw-r--r--  1 root root 18356 2007-10-02 06:58 libsasldb.so
-rw-r--r--  1 root root 18356 2007-10-02 06:58 libsasldb.so.2
-rw-r--r--  1 root root 18356 2007-10-02 06:58 libsasldb.so.2.0.22
-rw-r--r--  1 root root 23812 2007-10-02 06:58 libsql.a
-rw-r--r--  1 root root   971 2007-10-02 06:58 libsql.la
-rw-r--r--  1 root root 23352 2007-10-02 06:58 libsql.so
-rw-r--r--  1 root root 23352 2007-10-02 06:58 libsql.so.2
-rw-r--r--  1 root root 23352 2007-10-02 06:58 libsql.so.2.0.22




-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
auxprop_plugin: sql
mech_list: plain login
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: maildb
sql_select: select clear from users where id='%u@%r' and enabled = 1


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       n       -       -       smtpd -vv
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
        -o smtp_fallback_relay=
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

-- mechanisms on localhost --
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN


-- end of saslfinger output --

the part of mail.log from when I tried to connect:

Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: connection established
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: master_notify: status 0
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: name_mask: resource
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: name_mask: software
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: xsasl_cyrus_server_create: SASL service=smtp, realm=(null)
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: name_mask: noanonymous
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: connect from medusa.dreamhost.com[208.113.190.18]
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match: medusa.dreamhost.com: no match
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match: 208.113.190.18: no match
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match: medusa.dreamhost.com: no match
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match: 208.113.190.18: no match
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_hostname: medusa.dreamhost.com ~? 127.0.0.1/32
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_hostaddr: 208.113.190.18 ~? 127.0.0.1/32
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_hostname: medusa.dreamhost.com ~? 10.251.106.64/32
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_hostaddr: 208.113.190.18 ~? 10.251.106.64/32
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match: medusa.dreamhost.com: no match
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match: 208.113.190.18: no match
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: send attr request = connect
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: send attr ident = smtp:208.113.190.18
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: private/anvil: wanted attribute: status
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute name: status
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute value: 0
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: private/anvil: wanted attribute: count
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute name: count
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute value: 1
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: private/anvil: wanted attribute: rate
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute name: rate
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute value: 1
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: private/anvil: wanted attribute: (list terminator)
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute name: (end)
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: > medusa.dreamhost.com[208.113.190.18]: 220 shadowpush.com ESMTP Postfix (Ubuntu)
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: watchdog_pat: 0x807e7b0
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: < medusa.dreamhost.com[208.113.190.18]: ehlo medusa.dreamhost.com
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: > medusa.dreamhost.com[208.113.190.18]: 250-shadowpush.com
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: > medusa.dreamhost.com[208.113.190.18]: 250-PIPELINING
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: > medusa.dreamhost.com[208.113.190.18]: 250-SIZE 10240000
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: > medusa.dreamhost.com[208.113.190.18]: 250-VRFY
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: > medusa.dreamhost.com[208.113.190.18]: 250-ETRN
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: > medusa.dreamhost.com[208.113.190.18]: 250-AUTH LOGIN PLAIN
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match: medusa.dreamhost.com: no match
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match: 208.113.190.18: no match
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: > medusa.dreamhost.com[208.113.190.18]: 250-AUTH=LOGIN PLAIN
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: > medusa.dreamhost.com[208.113.190.18]: 250-ENHANCEDSTATUSCODES
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: > medusa.dreamhost.com[208.113.190.18]: 250-8BITMIME
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: > medusa.dreamhost.com[208.113.190.18]: 250 DSN
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: watchdog_pat: 0x807e7b0
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: < medusa.dreamhost.com[208.113.190.18]: AUTH PLAIN aW1yYW4AaW1yYW4AbW90aGVybG9kZTcyMSE=
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: xsasl_cyrus_server_first: sasl_method PLAIN, init_response ------masked-------
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: xsasl_cyrus_server_first: decoded initial response imran
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: warning: SASL authentication failure: Password verification failed
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: warning: medusa.dreamhost.com[208.113.190.18]: SASL PLAIN authentication failed: generic failure
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: > medusa.dreamhost.com[208.113.190.18]: 535 5.7.0 Error: authentication failed: generic failure
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: watchdog_pat: 0x807e7b0
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: smtp_get: EOF
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_hostname: medusa.dreamhost.com ~? 127.0.0.1/32
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_hostaddr: 208.113.190.18 ~? 127.0.0.1/32
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_hostname: medusa.dreamhost.com ~? 10.251.106.64/32
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_hostaddr: 208.113.190.18 ~? 10.251.106.64/32
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match: medusa.dreamhost.com: no match
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match: 208.113.190.18: no match
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: send attr request = disconnect
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: send attr ident = smtp:208.113.190.18
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: private/anvil: wanted attribute: status
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute name: status
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute value: 0
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: private/anvil: wanted attribute: (list terminator)
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute name: (end)
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: lost connection after AUTH from medusa.dreamhost.com[208.113.190.18]
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: disconnect from medusa.dreamhost.com[208.113.190.18]
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: master_notify: status 1
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: connection closed
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: watchdog_stop: 0x807e7b0
Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: watchdog_start: 0x807e7b0

thanks again,
imran
Reply | Threaded
Open this post in threaded view
|

Re: can't authenticate using SASL

Patrick Ben Koetter
* skunkwerk <[hidden email]>:
> thanks Mouss,
>     it looks like the actual error is this:SASL authentication failure:
> cannot connect to saslauthd server: Permission denied

User postfix is not in group SASL. Read the fine manual that comes with Ubuntu
on Ubuntu specific changes to Postfix and SASL.

p@rick




>
> using 'htop' i can see that saslauthd is indeed running.
>
> saslfinger -s:
>
> saslfinger - postfix Cyrus sasl configuration Wed Jun  4 12:21:47 PDT 2008
> version: 1.0.2
> mode: server-side SMTP AUTH
>
> -- basics --
> Postfix: 2.4.5
> System: Ubuntu 7.10 \n \l
>
> -- smtpd is linked to --
>         libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d13000)
>
> -- active SMTP AUTH and TLS parameters for smtpd --
> broken_sasl_auth_clients = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
>
>
> -- listing of /usr/lib/sasl2 --
> total 836
> drwxr-xr-x  2 root root  4096 2008-05-05 14:46 .
> drwxr-xr-x 55 root root 53248 2008-06-03 20:34 ..
> -rw-r--r--  1 root root 13640 2007-10-02 06:58 libanonymous.a
> -rw-r--r--  1 root root   862 2007-10-02 06:58 libanonymous.la
> -rw-r--r--  1 root root 13208 2007-10-02 06:58 libanonymous.so
> -rw-r--r--  1 root root 13208 2007-10-02 06:58 libanonymous.so.2
> -rw-r--r--  1 root root 13208 2007-10-02 06:58 libanonymous.so.2.0.22
> -rw-r--r--  1 root root 15974 2007-10-02 06:58 libcrammd5.a
> -rw-r--r--  1 root root   848 2007-10-02 06:58 libcrammd5.la
> -rw-r--r--  1 root root 15672 2007-10-02 06:58 libcrammd5.so
> -rw-r--r--  1 root root 15672 2007-10-02 06:58 libcrammd5.so.2
> -rw-r--r--  1 root root 15672 2007-10-02 06:58 libcrammd5.so.2.0.22
> -rw-r--r--  1 root root 47348 2007-10-02 06:58 libdigestmd5.a
> -rw-r--r--  1 root root   871 2007-10-02 06:58 libdigestmd5.la
> -rw-r--r--  1 root root 43916 2007-10-02 06:58 libdigestmd5.so
> -rw-r--r--  1 root root 43916 2007-10-02 06:58 libdigestmd5.so.2
> -rw-r--r--  1 root root 43916 2007-10-02 06:58 libdigestmd5.so.2.0.22
> -rw-r--r--  1 root root 13650 2007-10-02 06:58 liblogin.a
> -rw-r--r--  1 root root   842 2007-10-02 06:58 liblogin.la
> -rw-r--r--  1 root root 14036 2007-10-02 06:58 liblogin.so
> -rw-r--r--  1 root root 14036 2007-10-02 06:58 liblogin.so.2
> -rw-r--r--  1 root root 14036 2007-10-02 06:58 liblogin.so.2.0.22
> -rw-r--r--  1 root root 30516 2007-10-02 06:58 libntlm.a
> -rw-r--r--  1 root root   836 2007-10-02 06:58 libntlm.la
> -rw-r--r--  1 root root 29876 2007-10-02 06:58 libntlm.so
> -rw-r--r--  1 root root 29876 2007-10-02 06:58 libntlm.so.2
> -rw-r--r--  1 root root 29876 2007-10-02 06:58 libntlm.so.2.0.22
> -rw-r--r--  1 root root 13938 2007-10-02 06:58 libplain.a
> -rw-r--r--  1 root root   842 2007-10-02 06:58 libplain.la
> -rw-r--r--  1 root root 14036 2007-10-02 06:58 libplain.so
> -rw-r--r--  1 root root 14036 2007-10-02 06:58 libplain.so.2
> -rw-r--r--  1 root root 14036 2007-10-02 06:58 libplain.so.2.0.22
> -rw-r--r--  1 root root 22150 2007-10-02 06:58 libsasldb.a
> -rw-r--r--  1 root root   863 2007-10-02 06:58 libsasldb.la
> -rw-r--r--  1 root root 18356 2007-10-02 06:58 libsasldb.so
> -rw-r--r--  1 root root 18356 2007-10-02 06:58 libsasldb.so.2
> -rw-r--r--  1 root root 18356 2007-10-02 06:58 libsasldb.so.2.0.22
> -rw-r--r--  1 root root 23812 2007-10-02 06:58 libsql.a
> -rw-r--r--  1 root root   971 2007-10-02 06:58 libsql.la
> -rw-r--r--  1 root root 23352 2007-10-02 06:58 libsql.so
> -rw-r--r--  1 root root 23352 2007-10-02 06:58 libsql.so.2
> -rw-r--r--  1 root root 23352 2007-10-02 06:58 libsql.so.2.0.22
>
>
>
>
> -- content of /etc/postfix/sasl/smtpd.conf --
> pwcheck_method: saslauthd
> auxprop_plugin: sql
> mech_list: plain login
> sql_engine: mysql
> sql_hostnames: 127.0.0.1
> sql_user: --- replaced ---
> sql_passwd: --- replaced ---
> sql_database: maildb
> sql_select: select clear from users where id='%u@%r' and enabled = 1
>
>
> -- active services in /etc/postfix/master.cf --
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> smtp      inet  n       -       n       -       -       smtpd -vv
> pickup    fifo  n       -       -       60      1       pickup
> cleanup   unix  n       -       -       -       0       cleanup
> qmgr      fifo  n       -       n       300     1       qmgr
> tlsmgr    unix  -       -       -       1000?   1       tlsmgr
> rewrite   unix  -       -       -       -       -       trivial-rewrite
> bounce    unix  -       -       -       -       0       bounce
> defer     unix  -       -       -       -       0       bounce
> trace     unix  -       -       -       -       0       bounce
> verify    unix  -       -       -       -       1       verify
> flush     unix  n       -       -       1000?   0       flush
> proxymap  unix  -       -       n       -       -       proxymap
> smtp      unix  -       -       -       -       -       smtp
> relay     unix  -       -       -       -       -       smtp
>         -o smtp_fallback_relay=
> showq     unix  n       -       -       -       -       showq
> error     unix  -       -       -       -       -       error
> retry     unix  -       -       -       -       -       error
> discard   unix  -       -       -       -       -       discard
> local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       -       -       -       lmtp
> anvil     unix  -       -       -       -       1       anvil
> scache    unix  -       -       -       -       1       scache
> maildrop  unix  -       n       n       -       -       pipe
>   flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
> uucp      unix  -       n       n       -       -       pipe
>   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail    unix  -       n       n       -       -       pipe
>   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp     unix  -       n       n       -       -       pipe
>   flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
> $recipient
> scalemail-backend unix  -       n       n       -       2       pipe
>   flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
> ${nexthop} ${user} ${extension}
> mailman   unix  -       n       n       -       -       pipe
>   flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
>   ${nexthop} ${user}
>
> -- mechanisms on localhost --
> 250-AUTH LOGIN PLAIN
> 250-AUTH=LOGIN PLAIN
>
>
> -- end of saslfinger output --
>
> the part of mail.log from when I tried to connect:
>
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: connection
> established
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: master_notify: status
> 0
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: name_mask: resource
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: name_mask: software
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]:
> xsasl_cyrus_server_create: SASL service=smtp, realm=(null)
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: name_mask:
> noanonymous
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: connect from
> medusa.dreamhost.com[208.113.190.18]
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match:
> medusa.dreamhost.com: no match
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match:
> 208.113.190.18: no match
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match:
> medusa.dreamhost.com: no match
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match:
> 208.113.190.18: no match
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_hostname:
> medusa.dreamhost.com ~? 127.0.0.1/32
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_hostaddr:
> 208.113.190.18 ~? 127.0.0.1/32
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_hostname:
> medusa.dreamhost.com ~? 10.251.106.64/32
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_hostaddr:
> 208.113.190.18 ~? 10.251.106.64/32
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match:
> medusa.dreamhost.com: no match
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match:
> 208.113.190.18: no match
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: send attr request =
> connect
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: send attr ident =
> smtp:208.113.190.18
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: private/anvil: wanted
> attribute: status
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute name:
> status
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute
> value: 0
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: private/anvil: wanted
> attribute: count
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute name:
> count
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute
> value: 1
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: private/anvil: wanted
> attribute: rate
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute name:
> rate
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute
> value: 1
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: private/anvil: wanted
> attribute: (list terminator)
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute name:
> (end)
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: >
> medusa.dreamhost.com[208.113.190.18]: 220 shadowpush.com ESMTP Postfix
> (Ubuntu)
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: watchdog_pat:
> 0x807e7b0
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: <
> medusa.dreamhost.com[208.113.190.18]: ehlo medusa.dreamhost.com
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: >
> medusa.dreamhost.com[208.113.190.18]: 250-shadowpush.com
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: >
> medusa.dreamhost.com[208.113.190.18]: 250-PIPELINING
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: >
> medusa.dreamhost.com[208.113.190.18]: 250-SIZE 10240000
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: >
> medusa.dreamhost.com[208.113.190.18]: 250-VRFY
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: >
> medusa.dreamhost.com[208.113.190.18]: 250-ETRN
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: >
> medusa.dreamhost.com[208.113.190.18]: 250-AUTH LOGIN PLAIN
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match:
> medusa.dreamhost.com: no match
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match:
> 208.113.190.18: no match
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: >
> medusa.dreamhost.com[208.113.190.18]: 250-AUTH=LOGIN PLAIN
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: >
> medusa.dreamhost.com[208.113.190.18]: 250-ENHANCEDSTATUSCODES
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: >
> medusa.dreamhost.com[208.113.190.18]: 250-8BITMIME
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: >
> medusa.dreamhost.com[208.113.190.18]: 250 DSN
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: watchdog_pat:
> 0x807e7b0
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: <
> medusa.dreamhost.com[208.113.190.18]: AUTH PLAIN
> aW1yYW4AaW1yYW4AbW90aGVybG9kZTcyMSE=
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]:
> xsasl_cyrus_server_first: sasl_method PLAIN, init_response
> ------masked-------
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]:
> xsasl_cyrus_server_first: decoded initial response imran
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: warning: SASL
> authentication failure: cannot connect to saslauthd server: Permission
> denied
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: warning: SASL
> authentication failure: Password verification failed
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: warning:
> medusa.dreamhost.com[208.113.190.18]: SASL PLAIN authentication failed:
> generic failure
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: >
> medusa.dreamhost.com[208.113.190.18]: 535 5.7.0 Error: authentication
> failed: generic failure
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: watchdog_pat:
> 0x807e7b0
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: smtp_get: EOF
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_hostname:
> medusa.dreamhost.com ~? 127.0.0.1/32
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_hostaddr:
> 208.113.190.18 ~? 127.0.0.1/32
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_hostname:
> medusa.dreamhost.com ~? 10.251.106.64/32
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_hostaddr:
> 208.113.190.18 ~? 10.251.106.64/32
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match:
> medusa.dreamhost.com: no match
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: match_list_match:
> 208.113.190.18: no match
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: send attr request =
> disconnect
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: send attr ident =
> smtp:208.113.190.18
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: private/anvil: wanted
> attribute: status
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute name:
> status
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute
> value: 0
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: private/anvil: wanted
> attribute: (list terminator)
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: input attribute name:
> (end)
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: lost connection after
> AUTH from medusa.dreamhost.com[208.113.190.18]
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: disconnect from
> medusa.dreamhost.com[208.113.190.18]
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: master_notify: status
> 1
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: connection closed
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: watchdog_stop:
> 0x807e7b0
> Jun  4 12:27:42 ip-10-251-106-64 postfix/smtpd[20438]: watchdog_start:
> 0x807e7b0
>
> thanks again,
> imran

--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply | Threaded
Open this post in threaded view
|

Re: can't authenticate using SASL

mouss-2
In reply to this post by skunkwerk
skunkwerk wrote:
> thanks Mouss,
>     it looks like the actual error is this:SASL authentication failure:
> cannot connect to saslauthd server: Permission denied
>  

This may apply to you
    http://archives.neohapsis.com/archives/postfix/2003-12/2059.html



but why do you use saslauthd since you can use sql. just set this in
your smtpd.conf:

pwcheck_method: auxprop



> [snip]
>  

Reply | Threaded
Open this post in threaded view
|

Re: can't authenticate using SASL

skunkwerk
In reply to this post by skunkwerk
thanks Mouss,
   changing to auxprop fixed the authentication - i can send now!

imran