Date: Sun, 16 Mar 2014 12:46:30 -0700 From: Drew Tomlinson <drew@mykitchentable.net> To: Reko Turja <reko.turja@liukuma.net>, freebsd-questions@FreeBSD.org Subject: Re: Help with SMTP AUTH -- SOLVED Message-ID: <BLU0-SMTP457C3A01533CDA4C4998756B3720@phx.gbl> In-Reply-To: <579E8EE06D0D49DB88726917BFCDFF8E@Rivendell> References: <BLU0-SMTP4079D728856FBE24B0A93C9B3730@phx.gbl> <CE8684D1E0E64379B17CD55A149AA466@Rivendell> <BLU0-SMTP40877E7CD3C03FC72E1A57EB3720@phx.gbl> <579E8EE06D0D49DB88726917BFCDFF8E@Rivendell>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3/16/2014 2:46 AM, Reko Turja wrote: > From: Drew Tomlinson > Sent: Sunday, March 16, 2014 2:48 AM > To: Reko Turja ; freebsd-questions@FreeBSD.org > Subject: Re: Help with SMTP AUTH > >> Now authentication is attempted but fails with these lines in my >> maillog: >> Mar 15 17:40:39 blacklamb postfix/smtpd[91702]: warning: SASL >> authentication failure: no user in db > > Sasl tried to access authdb and the authenticating username was not > found. It seems that sasl is trying to authenticate using the wrong > mech. Are you trying to get authentication working against /etc/passwd > or database backend? if using Cyrus sasl you need to tell sasl what > mechanisms it uses for each service > >> I would have expected to see something during the sasl_auth attempt. >> Should I have? > > You should have seen something like the following: > > postfix log snippet > Mar 16 11:11:29 cerebro postfix/smtpd[16044]: connect from > my.homeip.fi[my.home.ip.fi] > Mar 16 11:11:29 cerebro postfix/smtpd[16044]: B43B08A0122: > client=my.homeip.fi[my.home.ip.fi], sasl_method=LOGIN, > sasl_username=username@cerebro.mydomain.com I'm not seeing the sasl_method line. Here is a complete session from my maillog: Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: connect from unknown[x.x.x.x] Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: Anonymous TLS connection established from unknown[x.x.x.x]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL authentication failure: no user in db Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL authentication failure: no user in db Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL authentication failure: Password verification failed Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: unknown[x.x.x.x]: SASL PLAIN authentication failed: authentication failure Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL authentication failure: no user in db Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL authentication failure: no user in db Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: unknown[x.x.x.x]: SASL LOGIN authentication failed: authentication failure Mar 16 12:20:11 blacklamb postfix/smtpd[96374]: disconnect from unknown[x.x.x.x] > > saslauth log snippet > saslauthd[16234] :do_auth : auth success: [user=username] > [service=smtp] [realm=cerebro.mydomain.com] [mech=pam] > saslauthd[16234] :do_request : response: OK > saslauthd[16235] :rel_accept_lock : released accept lock > saslauthd[16236] :get_accept_lock : acquired accept lock > saslauthd[16235] :do_auth : auth success: [user=username] > [service=imap] [realm=] [mech=pam] > saslauthd[16235] :do_request : response: OK Not getting anything here. I started saslauthd in debug mode. There has been on activity displayed since it was first started. > In another mail your conf had: > > smtpd_sasl_path = /usr/local/lib/sasl2/smtpd > smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd > > Is your sasl config file for smtpd named /usr/local/lib/sasl2/smtpd or > /usr/local/lib/sasl2/smtpd.conf - in latter case postfix and sasl > should not need the option at all. THe same goes with the > smtpd_sasl_password_maps (unless you are authing against remote > machine with sasl). Postfix should not really need details of saslauth > internals like where are the passwords or which mech to use, it just > asks the saslauthd if user has proper credentials. Sasl checks the > credentials against given login mechs for the service in question and > returns whether or not the login is ok. My file is /usr/local/lib/sasl2/smtpd.conf. It contains: # cat /usr/local/lib/sasl2/smtpd.conf pwcheck_method: saslauthd mech_list: PLAIN LOGIN log_level: 9 The smtp_sasl_password_maps option is there because I have to relay using smtp auth via my ISP's server. My ISP won't let me send mail direct. I just tried commenting out the smtpd_sasl_path option and tested. SUCCESS!!!. In my comments, I have a note from back when I first got this working on FBSD 4 back in 2003 that says "Cyrus adds the .conf to the file name". Apparently that is no longer the case. But what I don't understand is that if I include smtpd_sasl_path = /usr/local/lib/sasl2/smtpd.conf in my config, it still doesn't work. It will only work if I leave this commented out. Why? Thanks for all of your help! Cheers, Drew -- Like card tricks? Visit The Alchemist's Warehouse to learn card magic secrets for free! http://alchemistswarehouse.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BLU0-SMTP457C3A01533CDA4C4998756B3720>