at wits end with postfix & SASL
Help! I'm running SuSE 10.0 as a server and have had Postfix up and running for some time. Coupled with Courier IMAP and Squirrelmail, I can read, and send, email from my workstation from either Thunderbird or Firefox (via the Squirrel) with no problems. I tried to configure my mobile phone to allow me access to my IMAP mail account on the server and, surprise, surprise, encountered relay problems. OK, let's look at Cyrus SASL for SMTP AUTH. I've followed three setup descriptions, including Pat Koetter's How-To document on the Postfix site, his, and others, book 'Linux Email' and Kyle Dent's 'Postfix, the definitive guide' but can not get beyond one simple hurdle. Postfix and Cyrus are straight out of the SuSE 10.0 distribution, installed using YaST. My goal is to have login verification against the passwd file, eventually using TLS, but, one step at a time. In /etc/postfix/main.cf, I have: smtpd_sasl_auth_enable = yes smtpd_sasl_application_name = smtpd smtpd_sasl_security_options = noanonymous smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_sender_login_mismatch smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes In /etc/syslog.conf, I've added: auth.* /var/log/auth but I get no log file from this In /usr/lib/sasl2/smtpd.conf, I have: pwcheck_method: saslauthd log_level: 3 mech_list: PLAIN LOGIN and in /etc/sysconfig/saslauthd, I have SASLAUTHD_AUTHMECH=getpwent When I try Telnet, I see this: General:/etc/postfix # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 General.DMJ-Consultancy.local ESMTP Postfix ehlo localhost 250-General.DMJ-Consultancy.local 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250 8BITMIME auth plain am...zM0 <---edited! 535 Error: authentication failed So I conclude that SASL is up and hooked into postfix but each time I try to telnet, or even access through Thunderbird, I find authentication failed and in /var/log/mail.warn, I find Sep 19 18:34:15 General postfix/smtpd[6684]: warning: SASL authentication failure: Password verification failed Sep 19 18:34:15 General postfix/smtpd[6684]: warning: unknown[192.168.74.180]: SASL PLAIN authentication failed Sep 19 18:34:15 General postfix/smtpd[6684]: warning: unknown[192.168.74.180]: SASL LOGIN authentication failed but I can log on to the server using the same user name and password that I am trying for Thunderbird and telnet. Where have I gone wrong? I am convinced that I've missed something simple - clearly so simple that each time I go through one of the above references again, I miss it again! BTW I've tried Patrick Koetter's saslfinger; this gives me runtime errors of its own so I haven't any output from it. Can anyone please offer a solution to get me beyond the authentication failure? TIA John
John wrote:
Help!
I'm running SuSE 10.0 as a server and have had Postfix up and running for some time. Coupled with Courier IMAP and Squirrelmail, I can read, and send, email from my workstation from either Thunderbird or Firefox (via the Squirrel) with no problems.
I tried to configure my mobile phone to allow me access to my IMAP mail account on the server and, surprise, surprise, encountered relay problems. OK, let's look at Cyrus SASL for SMTP AUTH.
I've followed three setup descriptions, including Pat Koetter's How-To document on the Postfix site, his, and others, book 'Linux Email' and Kyle Dent's 'Postfix, the definitive guide' but can not get beyond one simple hurdle.
sasl authentication can be a bit tricky.
Postfix and Cyrus are straight out of the SuSE 10.0 distribution, installed using YaST.
My goal is to have login verification against the passwd file, eventually using TLS, but, one step at a time.
In /etc/postfix/main.cf, I have: smtpd_sasl_auth_enable = yes smtpd_sasl_application_name = smtpd smtpd_sasl_security_options = noanonymous smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_sender_login_mismatch smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes
Please show output of "postconf -n". This will show best how your config is working.
In /etc/syslog.conf, I've added: auth.* /var/log/auth
but I get no log file from this
Postfix logs to mail facility mail.*, not auth, so it's not surprising.
In /usr/lib/sasl2/smtpd.conf, I have: pwcheck_method: saslauthd log_level: 3 mech_list: PLAIN LOGIN
Okay, looks good, though log_level is not evaluated. I hope in /usr/lib/sasl2 the neccessary libraries are installed?
and in /etc/sysconfig/saslauthd, I have SASLAUTHD_AUTHMECH=getpwent
I have set it to PAM, you can also use SHADOW. Now, what does the following command say: testsaslauthd -s smtp -u user -p password If that command is successful, then authentication from within Postfix should work.
When I try Telnet, I see this: General:/etc/postfix # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 General.DMJ-Consultancy.local ESMTP Postfix ehlo localhost 250-General.DMJ-Consultancy.local 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250 8BITMIME auth plain am...zM0 <---edited! 535 Error: authentication failed
That looks a bit strange. the plain string should have an equal sign as the last character. This is the result of binhex64 encoding user "testuser" and password "testpass": dGVzdHVzZXIAdGVzdHVzZXIAdGVzdHBhc3M= Are you sure you have encoded the string correctly?
So I conclude that SASL is up and hooked into postfix but each time I try to telnet, or even access through Thunderbird, I find authentication failed and in /var/log/mail.warn, I find Sep 19 18:34:15 General postfix/smtpd[6684]: warning: SASL authentication failure: Password verification failed Sep 19 18:34:15 General postfix/smtpd[6684]: warning: unknown[192.168.74.180]: SASL PLAIN authentication failed Sep 19 18:34:15 General postfix/smtpd[6684]: warning: unknown[192.168.74.180]: SASL LOGIN authentication failed
This definitely looks as if you have the wrong password.
but I can log on to the server using the same user name and password that I am trying for Thunderbird and telnet.
Where have I gone wrong? I am convinced that I've missed something simple - clearly so simple that each time I go through one of the above references again, I miss it again!
BTW I've tried Patrick Koetter's saslfinger; this gives me runtime errors of its own so I haven't any output from it.
What kind of error? saslfinger is a simple bash script, it should run without any problem on suse 10. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
John wrote:
Help!
[snip]
Please show output of "postconf -n". This will show best how your config is working. General:/etc/postfix # postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases biff = no broken_sasl_auth_clients = yes canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 2 defer_transports = disable_dns_lookups = no disable_mime_output_conversion = no home_mailbox = Maildir/
Thanks, Sandy. Sandy Drobic wrote: html_directory = /usr/share/doc/packages/postfix/html inet_interfaces = all inet_protocols = all mail_owner = postfix mail_spool_directory = /var/mail mailbox_command = /usr/bin/procmail mailbox_size_limit = 0 mailbox_transport = mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root message_size_limit = 10240000 mydestination = $myhostname, localhost.$mydomain, DMJ-Consultancy.co.uk, DMJ-Consultancy.me.uk, DMJ-Consultancy.org.uk myhostname = General.DMJ-Consultancy.local mynetworks = 127.0.0.0/8, 192.168.74.0/24, 192.168.80.0/24, 10.0.0.0/24 myorigin = DMJ-Consultancy.me.uk newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix/README_FILES relayhost = relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix/samples sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_use_tls = no smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_sender_login_mismatch smtpd_sasl_application_name = smtpd smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_use_tls = no strict_8bitmime = no strict_rfc821_envelopes = no transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550
In /etc/syslog.conf, I've added: auth.* /var/log/auth
but I get no log file from this
Postfix logs to mail facility mail.*, not auth, so it's not surprising.
I had the impression that sasl would log here, not postfix.
In /usr/lib/sasl2/smtpd.conf, I have: pwcheck_method: saslauthd log_level: 3 mech_list: PLAIN LOGIN
Okay, looks good, though log_level is not evaluated.
I hope in /usr/lib/sasl2 the neccessary libraries are installed?
and in /etc/sysconfig/saslauthd, I have SASLAUTHD_AUTHMECH=getpwent
I have set it to PAM, you can also use SHADOW.
Now, what does the following command say: testsaslauthd -s smtp -u user -p password
0: NO "authentication failed"
If that command is successful, then authentication from within Postfix should work.
[snip]
That looks a bit strange. the plain string should have an equal sign as the last character. This is the result of binhex64 encoding user "testuser" and password "testpass":
dGVzdHVzZXIAdGVzdHVzZXIAdGVzdHBhc3M=
Are you sure you have encoded the string correctly?
Without putting username and full text password in the email, all I can say is I've typed the line several times and gotten the same result each time (am9obgBqb2huAENyaWNrZXQ4MzM0) from perl -MMIME::Base64 -e 'print encode_base64("uuuuu\0uuuuu\0pppppppp");'
So I conclude that SASL is up and hooked into postfix but each time I try to telnet, or even access through Thunderbird, I find authentication failed and in /var/log/mail.warn, I find Sep 19 18:34:15 General postfix/smtpd[6684]: warning: SASL authentication failure: Password verification failed Sep 19 18:34:15 General postfix/smtpd[6684]: warning: unknown[192.168.74.180]: SASL PLAIN authentication failed Sep 19 18:34:15 General postfix/smtpd[6684]: warning: unknown[192.168.74.180]: SASL LOGIN authentication failed
This definitely looks as if you have the wrong password. Puzzling since, in Thunderbird, I type it in at the keyboard exactly as if logging in to SuSE. Could it be that it's not looking at the passwd file?
but I can log on to the server using the same user name and password that I am trying for Thunderbird and telnet.
Where have I gone wrong? I am convinced that I've missed something simple - clearly so simple that each time I go through one of the above references again, I miss it again!
BTW I've tried Patrick Koetter's saslfinger; this gives me runtime errors of its own so I haven't any output from it.
What kind of error? saslfinger is a simple bash script, it should run without any problem on suse 10.
I'll have to get back on that since I'll have to re-download it and try again BTW, I believe that postfix is not CHROOTed, either.
Sandy
J
John wrote:
Thanks, Sandy.
John wrote:
Help!
[snip]
Please show output of "postconf -n". This will show best how your config is working. General:/etc/postfix # postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases biff = no broken_sasl_auth_clients = yes canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 2 defer_transports = disable_dns_lookups = no disable_mime_output_conversion = no home_mailbox = Maildir/
Sandy Drobic wrote: html_directory = /usr/share/doc/packages/postfix/html inet_interfaces = all inet_protocols = all mail_owner = postfix mail_spool_directory = /var/mail mailbox_command = /usr/bin/procmail mailbox_size_limit = 0 mailbox_transport = mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root message_size_limit = 10240000 mydestination = $myhostname, localhost.$mydomain, DMJ-Consultancy.co.uk, DMJ-Consultancy.me.uk, DMJ-Consultancy.org.uk myhostname = General.DMJ-Consultancy.local mynetworks = 127.0.0.0/8, 192.168.74.0/24, 192.168.80.0/24, 10.0.0.0/24 myorigin = DMJ-Consultancy.me.uk newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix/README_FILES relayhost = relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix/samples sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_use_tls = no smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_sender_login_mismatch smtpd_sasl_application_name = smtpd smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_use_tls = no strict_8bitmime = no strict_rfc821_envelopes = no transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550
Try setting smtpd_sasl_local_domain = (empty). Verify that the setting is shown empty in output of "postconf -n".
In /etc/syslog.conf, I've added: auth.* /var/log/auth
but I get no log file from this
Postfix logs to mail facility mail.*, not auth, so it's not surprising.
I had the impression that sasl would log here, not postfix.
In /usr/lib/sasl2/smtpd.conf, I have: pwcheck_method: saslauthd log_level: 3 mech_list: PLAIN LOGIN
Okay, looks good, though log_level is not evaluated.
I hope in /usr/lib/sasl2 the neccessary libraries are installed?
What does "ls -l /usr/lib/sasl2" say about the installed libs?
and in /etc/sysconfig/saslauthd, I have SASLAUTHD_AUTHMECH=getpwent
I have set it to PAM, you can also use SHADOW.
Now, what does the following command say: testsaslauthd -s smtp -u user -p password
0: NO "authentication failed"
I assume that you have set correct values for "user" and "password"? Until that is running, authentication in Postfix is unlikely to work. What happens if you set the service (-s) to imap, the default? testsaslauthd -u user -p password
If that command is successful, then authentication from within Postfix should work.
[snip]
That looks a bit strange. the plain string should have an equal sign as the last character. This is the result of binhex64 encoding user "testuser" and password "testpass":
dGVzdHVzZXIAdGVzdHVzZXIAdGVzdHBhc3M=
Are you sure you have encoded the string correctly?
Without putting username and full text password in the email, all I can say is I've typed the line several times and gotten the same result each time (am9obgBqb2huAENyaWNrZXQ4MzM0)
Uhm, you just have put your username and password here. PLAIN isn't called plaintext mechanism in vain. Please change this password. (^-^) Though at least I could verify that you don't have a "@" in your username or password, so the encoding is working fine.
from perl -MMIME::Base64 -e 'print encode_base64("uuuuu\0uuuuu\0pppppppp");'
So I conclude that SASL is up and hooked into postfix but each time I try to telnet, or even access through Thunderbird, I find authentication failed and in /var/log/mail.warn, I find Sep 19 18:34:15 General postfix/smtpd[6684]: warning: SASL authentication failure: Password verification failed Sep 19 18:34:15 General postfix/smtpd[6684]: warning: unknown[192.168.74.180]: SASL PLAIN authentication failed Sep 19 18:34:15 General postfix/smtpd[6684]: warning: unknown[192.168.74.180]: SASL LOGIN authentication failed
This definitely looks as if you have the wrong password. Puzzling since, in Thunderbird, I type it in at the keyboard exactly as if logging in to SuSE. Could it be that it's not looking at the passwd file?
This could be. Why did you choose getpwent as the auth mech in saslauthd? Though I have the feeling that the smtpd_sasl_local_domain is the culprit.
but I can log on to the server using the same user name and password that I am trying for Thunderbird and telnet.
Where have I gone wrong? I am convinced that I've missed something simple - clearly so simple that each time I go through one of the above references again, I miss it again!
BTW I've tried Patrick Koetter's saslfinger; this gives me runtime errors of its own so I haven't any output from it.
What kind of error? saslfinger is a simple bash script, it should run without any problem on suse 10.
I'll have to get back on that since I'll have to re-download it and try again
BTW, I believe that postfix is not CHROOTed, either.
It shouldn't be the problem. Suse doesn't chroot by default unlike debian, and the authentication is actually tried. It must either be the smtpd_sasl_local_domain or a missing plain library. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
Thanks, Sandy: Sandy Drobic wrote: [snip]
Try setting smtpd_sasl_local_domain = (empty). Verify that the setting is shown empty in output of "postconf -n".
done and verified [snip]
What does "ls -l /usr/lib/sasl2" say about the installed libs?
drwxr-xr-x 2 root root 784 Sep 18 20:05 . drwxr-xr-x 80 root root 26000 Sep 18 11:47 .. lrwxrwxrwx 1 root root 22 Sep 17 21:43 libanonymous.so -> libanonymous.so.2.0.21 lrwxrwxrwx 1 root root 22 Sep 17 21:43 libanonymous.so.2 -> libanonymous.so.2.0.21 -rwxr-xr-x 1 root root 13592 Sep 9 2005 libanonymous.so.2.0.21 lrwxrwxrwx 1 root root 20 Sep 17 21:43 libcrammd5.so -> libcrammd5.so.2.0.21 lrwxrwxrwx 1 root root 20 Sep 17 21:43 libcrammd5.so.2 -> libcrammd5.so.2.0.21 -rwxr-xr-x 1 root root 15796 Sep 9 2005 libcrammd5.so.2.0.21 lrwxrwxrwx 1 root root 22 Sep 17 21:43 libdigestmd5.so -> libdigestmd5.so.2.0.21 lrwxrwxrwx 1 root root 22 Sep 17 21:43 libdigestmd5.so.2 -> libdigestmd5.so.2.0.21 -rwxr-xr-x 1 root root 43416 Sep 9 2005 libdigestmd5.so.2.0.21 lrwxrwxrwx 1 root root 18 Sep 17 21:43 liblogin.so -> liblogin.so.2.0.21 lrwxrwxrwx 1 root root 18 Sep 17 21:43 liblogin.so.2 -> liblogin.so.2.0.21 -rwxr-xr-x 1 root root 14420 Sep 9 2005 liblogin.so.2.0.21 lrwxrwxrwx 1 root root 18 Sep 17 21:43 libplain.so -> libplain.so.2.0.21 lrwxrwxrwx 1 root root 18 Sep 17 21:43 libplain.so.2 -> libplain.so.2.0.21 -rwxr-xr-x 1 root root 14420 Sep 9 2005 libplain.so.2.0.21 lrwxrwxrwx 1 root root 19 Sep 17 21:43 libsasldb.so -> libsasldb.so.2.0.21 lrwxrwxrwx 1 root root 19 Sep 17 21:43 libsasldb.so.2 -> libsasldb.so.2.0.21 -rwxr-xr-x 1 root root 18756 Sep 9 2005 libsasldb.so.2.0.21 -rw-r--r-- 1 root root 38 Jul 28 18:18 slapd.conf -rw------- 1 root root 65 Sep 18 14:07 smtpd.conf -rw------- 1 root root 73 Sep 18 10:59 smtpd.conf~ [snip]
I assume that you have set correct values for "user" and "password"? Yes! Until that is running, authentication in Postfix is unlikely to work.
What happens if you set the service (-s) to imap, the default?
testsaslauthd -u user -p password As before: 0: NO "authentication failed"
If that command is successful, then authentication from within Postfix should work.
[snip]
Uhm, you just have put your username and password here. PLAIN isn't called plaintext mechanism in vain. Please change this password. (^-^) whoops! afraid that might have been the case :(
Though at least I could verify that you don't have a "@" in your username or password, so the encoding is working fine.
[snip]
This could be. Why did you choose getpwent as the auth mech in saslauthd? so as to use the passwd file. Though I have the feeling that the smtpd_sasl_local_domain is the culprit.
but I can log on to the server using the same user name and password that I am trying for Thunderbird and telnet.
Where have I gone wrong? I am convinced that I've missed something simple - clearly so simple that each time I go through one of the above references again, I miss it again!
BTW I've tried Patrick Koetter's saslfinger; this gives me runtime errors of its own so I haven't any output from it.
What kind of error? saslfinger is a simple bash script, it should run without any problem on suse 10.
I'll have to get back on that since I'll have to re-download it and try again
BTW, I believe that postfix is not CHROOTed, either.
It shouldn't be the problem. Suse doesn't chroot by default unlike debian, and the authentication is actually tried.
It must either be the smtpd_sasl_local_domain or a missing plain library.
Sandy
John wrote:
Thanks, Sandy:
Sandy Drobic wrote:
[snip]
Try setting smtpd_sasl_local_domain = (empty). Verify that the setting is shown empty in output of "postconf -n".
done and verified
[snip]
What does "ls -l /usr/lib/sasl2" say about the installed libs?
drwxr-xr-x 2 root root 784 Sep 18 20:05 . drwxr-xr-x 80 root root 26000 Sep 18 11:47 .. lrwxrwxrwx 1 root root 22 Sep 17 21:43 libanonymous.so -> libanonymous.so.2.0.21 lrwxrwxrwx 1 root root 22 Sep 17 21:43 libanonymous.so.2 -> libanonymous.so.2.0.21 -rwxr-xr-x 1 root root 13592 Sep 9 2005 libanonymous.so.2.0.21 lrwxrwxrwx 1 root root 20 Sep 17 21:43 libcrammd5.so -> libcrammd5.so.2.0.21 lrwxrwxrwx 1 root root 20 Sep 17 21:43 libcrammd5.so.2 -> libcrammd5.so.2.0.21 -rwxr-xr-x 1 root root 15796 Sep 9 2005 libcrammd5.so.2.0.21 lrwxrwxrwx 1 root root 22 Sep 17 21:43 libdigestmd5.so -> libdigestmd5.so.2.0.21 lrwxrwxrwx 1 root root 22 Sep 17 21:43 libdigestmd5.so.2 -> libdigestmd5.so.2.0.21 -rwxr-xr-x 1 root root 43416 Sep 9 2005 libdigestmd5.so.2.0.21 lrwxrwxrwx 1 root root 18 Sep 17 21:43 liblogin.so -> liblogin.so.2.0.21 lrwxrwxrwx 1 root root 18 Sep 17 21:43 liblogin.so.2 -> liblogin.so.2.0.21 -rwxr-xr-x 1 root root 14420 Sep 9 2005 liblogin.so.2.0.21 lrwxrwxrwx 1 root root 18 Sep 17 21:43 libplain.so -> libplain.so.2.0.21 lrwxrwxrwx 1 root root 18 Sep 17 21:43 libplain.so.2 -> libplain.so.2.0.21 -rwxr-xr-x 1 root root 14420 Sep 9 2005 libplain.so.2.0.21 lrwxrwxrwx 1 root root 19 Sep 17 21:43 libsasldb.so -> libsasldb.so.2.0.21 lrwxrwxrwx 1 root root 19 Sep 17 21:43 libsasldb.so.2 -> libsasldb.so.2.0.21 -rwxr-xr-x 1 root root 18756 Sep 9 2005 libsasldb.so.2.0.21 -rw-r--r-- 1 root root 38 Jul 28 18:18 slapd.conf -rw------- 1 root root 65 Sep 18 14:07 smtpd.conf -rw------- 1 root root 73 Sep 18 10:59 smtpd.conf~
Okay.
[snip]
I assume that you have set correct values for "user" and "password"? Yes! Until that is running, authentication in Postfix is unlikely to work.
What happens if you set the service (-s) to imap, the default?
testsaslauthd -u user -p password As before: 0: NO "authentication failed"
John, how do you authenticate to your Cyrus? If testsaslauthd can't verify your user and password, which you know is working, then logging in to your cyrus imap should be impossible. How is saslauthd started? Please show output of "ps ax| grep saslauthd". What is the content of /etc/imapd.conf? Unless we can confirm with testsaslauthd that the authentication is working, we shouldn't fiddle with postfix for now. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
Sandy Drobic wrote:
[snip]
John, how do you authenticate to your Cyrus? I'm using Courier IMAP If testsaslauthd can't verify your user and password, which you know is working, then logging in to your cyrus imap should be impossible.
How is saslauthd started? Please show output of "ps ax| grep saslauthd". 5023 ? S 0:00 /usr/sbin/saslauthd -a getpwent
What is the content of /etc/imapd.conf?
Unless we can confirm with testsaslauthd that the authentication is working, we shouldn't fiddle with postfix for now.
Sandy
I've had a bit of a breakthrough since we've been 'talking'. Saslauthd is started at boot and responds to the config file /etc/sysconfig/saslauthd. Your previous comment about getpwent, pam and shadow set me thinking, so I've tried each in turn with the same username and password. Getpwent fails to authenticate. Pam and shadow work fine and authenticate for relay. I've checked the mail logs (m.info and m.warn - both confirm this!) and did a 'ps ax| grep saslauthd' each time to verify that the correct method was used. Again, many thanks for your help, Sandy. I've been going round the loop with this for a couple of days now but seem to have broken the circle now. What's even better - my mobile, which caused all this trouble in the first place - has just sent its first email by this route. Next stop TLS! Best regards John
John wrote:
Sandy Drobic wrote:
[snip]
John, how do you authenticate to your Cyrus? I'm using Courier IMAP
Oh, usually saslauthd is part of Cyrus Imap, so I though you were using Cyrus.
If testsaslauthd can't verify your user and password, which you know is working, then logging in to your cyrus imap should be impossible.
That explains how testsaslauthd fails, though your Imapserver was working. (^-^)
I've had a bit of a breakthrough since we've been 'talking'.
Saslauthd is started at boot and responds to the config file /etc/sysconfig/saslauthd. Your previous comment about getpwent, pam and shadow set me thinking, so I've tried each in turn with the same username and password.
Getpwent fails to authenticate.
Pam and shadow work fine and authenticate for relay.
I've checked the mail logs (m.info and m.warn - both confirm this!) and did a 'ps ax| grep saslauthd' each time to verify that the correct method was used.
Again, many thanks for your help, Sandy. I've been going round the loop with this for a couple of days now but seem to have broken the circle now.
Glad to see that the problem is solved.
What's even better - my mobile, which caused all this trouble in the first place - has just sent its first email by this route.
Next stop TLS!
TLS isn't as tricky as SASL, you should have little trouble. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
participants (2)
-
John
-
Sandy Drobic