From owner-freebsd-questions@FreeBSD.ORG  Sun Mar 16 19:47:43 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 7F19AF31
 for <freebsd-questions@FreeBSD.org>; Sun, 16 Mar 2014 19:47:43 +0000 (UTC)
Received: from blu0-omc2-s19.blu0.hotmail.com (blu0-omc2-s19.blu0.hotmail.com
 [65.55.111.94]) by mx1.freebsd.org (Postfix) with ESMTP id 4471EC73
 for <freebsd-questions@FreeBSD.org>; Sun, 16 Mar 2014 19:47:42 +0000 (UTC)
Received: from BLU0-SMTP457 ([65.55.111.71]) by blu0-omc2-s19.blu0.hotmail.com
 with Microsoft SMTPSVC(6.0.3790.4675); 
 Sun, 16 Mar 2014 12:46:36 -0700
X-TMN: [UagyBqbiowhxiLCKdPrI4AdPQC8g3F5k]
X-Originating-Email: [drew@mykitchentable.net]
Message-ID: <BLU0-SMTP457C3A01533CDA4C4998756B3720@phx.gbl>
Received: from [127.0.0.1] ([69.62.167.70]) by BLU0-SMTP457.phx.gbl over TLS
 secured channel with Microsoft SMTPSVC(6.0.3790.4675); 
 Sun, 16 Mar 2014 12:46:31 -0700
Date: Sun, 16 Mar 2014 12:46:30 -0700
From: Drew Tomlinson <drew@mykitchentable.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Reko Turja <reko.turja@liukuma.net>, freebsd-questions@FreeBSD.org
Subject: Re: Help with SMTP AUTH -- SOLVED
References: <BLU0-SMTP4079D728856FBE24B0A93C9B3730@phx.gbl>
 <CE8684D1E0E64379B17CD55A149AA466@Rivendell>
 <BLU0-SMTP40877E7CD3C03FC72E1A57EB3720@phx.gbl>
 <579E8EE06D0D49DB88726917BFCDFF8E@Rivendell>
In-Reply-To: <579E8EE06D0D49DB88726917BFCDFF8E@Rivendell>
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit
X-Antivirus: avast! (VPS 140316-0, 03/16/2014), Outbound message
X-Antivirus-Status: Clean
X-OriginalArrivalTime: 16 Mar 2014 19:46:32.0148 (UTC)
 FILETIME=[6E57F140:01CF4150]
Sender: <hotmail_1c57bbabcde0de0c@live.com>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Mar 2014 19:47:43 -0000

On 3/16/2014 2:46 AM, Reko Turja wrote:
> From: Drew Tomlinson
> Sent: Sunday, March 16, 2014 2:48 AM
> To: Reko Turja ; freebsd-questions@FreeBSD.org
> Subject: Re: Help with SMTP AUTH
>
>> Now authentication is attempted but fails with these lines in my 
>> maillog:
>> Mar 15 17:40:39 blacklamb postfix/smtpd[91702]: warning: SASL 
>> authentication failure: no user in db
>
> Sasl tried to access authdb and the authenticating username was not 
> found. It seems that sasl is trying to authenticate using the wrong 
> mech. Are you trying to get authentication working against /etc/passwd 
> or database backend? if using Cyrus sasl you need to tell sasl what 
> mechanisms it uses for each service
>
>> I would have expected to see something during the sasl_auth attempt. 
>> Should I have?
>
> You should have seen something like the following:
>
> postfix log snippet
> Mar 16 11:11:29 cerebro postfix/smtpd[16044]: connect from 
> my.homeip.fi[my.home.ip.fi]
> Mar 16 11:11:29 cerebro postfix/smtpd[16044]: B43B08A0122: 
> client=my.homeip.fi[my.home.ip.fi], sasl_method=LOGIN, 
> sasl_username=username@cerebro.mydomain.com

I'm not seeing the sasl_method line.  Here is a complete session from my 
maillog:

Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: connect from 
unknown[x.x.x.x]
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: Anonymous TLS connection 
established from unknown[x.x.x.x]: TLSv1 with cipher 
ECDHE-RSA-AES256-SHA (256/256 bits)
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL 
authentication failure: no user in db
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL 
authentication failure: no user in db
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL 
authentication failure: Password verification failed
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: 
unknown[x.x.x.x]: SASL PLAIN authentication failed: authentication failure
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL 
authentication failure: no user in db
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL 
authentication failure: no user in db
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: 
unknown[x.x.x.x]: SASL LOGIN authentication failed: authentication failure
Mar 16 12:20:11 blacklamb postfix/smtpd[96374]: disconnect from 
unknown[x.x.x.x]
>
> saslauth log snippet
> saslauthd[16234] :do_auth         : auth success: [user=username] 
> [service=smtp] [realm=cerebro.mydomain.com] [mech=pam]
> saslauthd[16234] :do_request      : response: OK
> saslauthd[16235] :rel_accept_lock : released accept lock
> saslauthd[16236] :get_accept_lock : acquired accept lock
> saslauthd[16235] :do_auth         : auth success: [user=username] 
> [service=imap] [realm=] [mech=pam]
> saslauthd[16235] :do_request      : response: OK
Not getting anything here.  I started saslauthd in debug mode. There has 
been on activity displayed since it was first started.
> In another mail your conf had:
>
> smtpd_sasl_path = /usr/local/lib/sasl2/smtpd
> smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
>
> Is your sasl config file for smtpd named /usr/local/lib/sasl2/smtpd or 
> /usr/local/lib/sasl2/smtpd.conf - in latter case postfix and sasl 
> should not need the option at all. THe same goes with the 
> smtpd_sasl_password_maps (unless you are authing against remote 
> machine with sasl). Postfix should not really need details of saslauth 
> internals like where are the passwords or which mech to use, it just 
> asks the saslauthd if user has proper credentials. Sasl checks the 
> credentials against given login mechs for the service in question and 
> returns whether or not the login is ok.
My file is /usr/local/lib/sasl2/smtpd.conf.  It contains:

  # cat /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
log_level: 9

The smtp_sasl_password_maps option is there because I have to relay 
using smtp auth via my ISP's server.  My ISP won't let me send mail direct.

I just tried commenting out the smtpd_sasl_path option and tested. 
SUCCESS!!!.  In my comments, I have a note from back when I first got 
this working on FBSD 4 back in 2003  that says "Cyrus adds the .conf to 
the file name".  Apparently that is no longer the case.

But what I don't understand is that if I include smtpd_sasl_path = 
/usr/local/lib/sasl2/smtpd.conf in my config, it still doesn't work.  It 
will only work if I leave this commented out.  Why?

Thanks for all of your help!

Cheers,

Drew

-- 
Like card tricks?

Visit The Alchemist's Warehouse to
learn card magic secrets for free!

http://alchemistswarehouse.com