From owner-freebsd-questions@FreeBSD.ORG  Sun Mar 16 09:46:05 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id CDFC884C
 for <freebsd-questions@FreeBSD.org>; Sun, 16 Mar 2014 09:46:05 +0000 (UTC)
Received: from cerebro.liukuma.net (cerebro.liukuma.net
 [IPv6:2a00:d1e0:1000:1b00::2])
 by mx1.freebsd.org (Postfix) with ESMTP id 5817A954
 for <freebsd-questions@FreeBSD.org>; Sun, 16 Mar 2014 09:46:05 +0000 (UTC)
Received: from cerebro.liukuma.net (localhost [127.0.0.1])
 by cerebro.liukuma.net (Postfix) with ESMTP id 062338A0124;
 Sun, 16 Mar 2014 11:46:03 +0200 (EET)
DKIM-Filter: OpenDKIM Filter v2.8.3 cerebro.liukuma.net 062338A0124
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=liukuma.net;
 s=liukudkim; t=1394963163;
 bh=Aob0JM5K47Sk4NAfyqgNkI8d0NqnyWCVaKQscsBGKBk=;
 h=From:To:References:In-Reply-To:Subject:Date;
 b=Nw8JD+EZfOv0evPrwr50ZAb+UxuqsYcXTvg+5LD0z5PExS9Bf6Rb5lRVKnGODJauW
 cRb7YOovIobqE/6CmdEHkKaG1bhltvWis0t90Tg104o6OpYgD/HNSvg8EErxWpY8A4
 MG54JAneAHHDaSQhViJghK5p9QMNhBUxA9gIRiq0=
X-Virus-Scanned: amavisd-new at liukuma.net
Received: from cerebro.liukuma.net ([127.0.0.1])
 by cerebro.liukuma.net (cerebro.liukuma.net [127.0.0.1]) (amavisd-new,
 port 10026)
 with ESMTP id 2GcI7cl_hA8g; Sun, 16 Mar 2014 11:46:02 +0200 (EET)
Received: from Rivendell (dsl-kmibrasgw1-54f8d4-179.dhcp.inet.fi
 [84.248.212.179]) (using TLSv1 with cipher AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 (Authenticated sender: ignatz@cerebro.liukuma.net)
 by cerebro.liukuma.net (Postfix) with ESMTPSA id C49218A0123;
 Sun, 16 Mar 2014 11:46:01 +0200 (EET)
DKIM-Filter: OpenDKIM Filter v2.8.3 cerebro.liukuma.net C49218A0123
Message-ID: <579E8EE06D0D49DB88726917BFCDFF8E@Rivendell>
From: "Reko Turja" <reko.turja@liukuma.net>
To: "Drew Tomlinson" <drew@mykitchentable.net>, <freebsd-questions@FreeBSD.org>
References: <BLU0-SMTP4079D728856FBE24B0A93C9B3730@phx.gbl>
 <CE8684D1E0E64379B17CD55A149AA466@Rivendell>
 <BLU0-SMTP40877E7CD3C03FC72E1A57EB3720@phx.gbl>
In-Reply-To: <BLU0-SMTP40877E7CD3C03FC72E1A57EB3720@phx.gbl>
Subject: Re: Help with SMTP AUTH
Date: Sun, 16 Mar 2014 11:46:00 +0200
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1";
 reply-type=response
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3555.308
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3555.308
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Mar 2014 09:46:06 -0000

From: Drew Tomlinson
Sent: Sunday, March 16, 2014 2:48 AM
To: Reko Turja ; freebsd-questions@FreeBSD.org
Subject: Re: Help with SMTP AUTH

> Now authentication is attempted but fails with these lines in my maillog:
> Mar 15 17:40:39 blacklamb postfix/smtpd[91702]: warning: SASL 
> authentication failure: no user in db

Sasl tried to access authdb and the authenticating username was not found. 
It seems that sasl is trying to authenticate using the wrong mech. Are you 
trying to get authentication working against /etc/passwd or database 
backend? if using Cyrus sasl you need to tell sasl what mechanisms it uses 
for each service

> I would have expected to see something during the sasl_auth attempt. 
> Should I have?

You should have seen something like the following:

postfix log snippet
Mar 16 11:11:29 cerebro postfix/smtpd[16044]: connect from 
my.homeip.fi[my.home.ip.fi]
Mar 16 11:11:29 cerebro postfix/smtpd[16044]: B43B08A0122: 
client=my.homeip.fi[my.home.ip.fi], sasl_method=LOGIN, 
sasl_username=username@cerebro.mydomain.com

saslauth log snippet
saslauthd[16234] :do_auth         : auth success: [user=username] 
[service=smtp] [realm=cerebro.mydomain.com] [mech=pam]
saslauthd[16234] :do_request      : response: OK
saslauthd[16235] :rel_accept_lock : released accept lock
saslauthd[16236] :get_accept_lock : acquired accept lock
saslauthd[16235] :do_auth         : auth success: [user=username] 
[service=imap] [realm=] [mech=pam]
saslauthd[16235] :do_request      : response: OK

In another mail your conf had:

smtpd_sasl_path = /usr/local/lib/sasl2/smtpd
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd

Is your sasl config file for smtpd named /usr/local/lib/sasl2/smtpd or 
/usr/local/lib/sasl2/smtpd.conf - in latter case postfix and sasl should not 
need the option at all. THe same goes with the smtpd_sasl_password_maps 
(unless you are authing against remote machine with sasl). Postfix should 
not really need details of saslauth internals like where are the passwords 
or which mech to use, it just asks the saslauthd if user has proper 
credentials. Sasl checks the credentials against given login mechs for the 
service in question and returns whether or not the login is ok.

-Reko