CentOS 5.5
I read many posts regarding postfix+sasl on the net but no clue. The maillog messages are
Aug 5 07:00:56 host2 postfix/smtpd[10018]: warning: SASL authentication failure: Password verification failed Aug 5 07:00:56 host2 postfix/smtpd[10018]: warning: localhost.localdomain[127.0.0.1]: SASL PLAIN authentication failed: authentication failure
# telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 xxx.xxxxxxxxxxx.net ESMTP Postfix ehlo me 250-xxx.xxxxxxxxxxx.net 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
/usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd mech_list: PLAIN LOGIN
/etc/sysconfig/saslauthd
# Directory in which to place saslauthd's listening socket, pid file, and so # on. This directory must already exist. SOCKETDIR=/var/run/saslauthd # Mechanism to use when checking passwords. Run "saslauthd -v" to get a list # of which mechanism your installation was compiled with the ablity to use. MECH=pam # Additional flags to pass to saslauthd on the command line. See saslauthd(8) # for the list of accepted flags. FLAGS=
alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 home_mailbox = Maildir/ html_directory = /usr/share/doc/postfix-2.6.7-documentation/html inet_interfaces = all mail_owner = postfix mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, yyy.yyyhost.com newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.7-documentation/readme sample_directory = /etc/postfix sender_bcc_maps = hash:/etc/postfix/bcc sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual
any direction to debug the problem of sasl authentication failure ?
my username creation pattern is username.domain
This server is ran for a few
This server is ran for a few years and guy who managed this server was quit and I could not got much information from other colleagues.
I installed centos 5.8 and virtualmin on a virtual machine, sasl ran properly out of the box without special configuration.
When I compared the configurations files from them. Here are what my findings.
the postfix version is different. The VM is 2.3.3, the production server is 2.6.7
the postconf -n more or less are the same accept two lines production server
VM
I just used a utility called
I just used a utility called saslfinger to list sasl configuration http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
There is a different of master.cf between production and virtual machine box
production
saslfinger -s saslfinger - postfix Cyrus sasl configuration Sun Aug 5 15:16:53 HKT 2012 version: 1.0.2 mode: server-side SMTP AUTH -- basics -- Postfix: 2.6.7-20100608 System: CentOS release 5.5 (Final) -- smtpd is linked to -- libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x004be000) -- active SMTP AUTH and TLS parameters for smtpd -- broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous -- listing of /usr/lib/sasl2 -- total 3256 drwxr-xr-x 2 root root 4096 Mar 16 2011 . drwxr-xr-x 88 root root 45056 Jan 17 2011 .. -rwxr-xr-x 1 root root 884 Mar 17 2010 libanonymous.la -rwxr-xr-x 1 root root 14372 Mar 17 2010 libanonymous.so -rwxr-xr-x 1 root root 14372 Mar 17 2010 libanonymous.so.2 -rwxr-xr-x 1 root root 14372 Mar 17 2010 libanonymous.so.2.0.22 -rwxr-xr-x 1 root root 870 Mar 17 2010 libcrammd5.la -rwxr-xr-x 1 root root 16832 Mar 17 2010 libcrammd5.so -rwxr-xr-x 1 root root 16832 Mar 17 2010 libcrammd5.so.2 -rwxr-xr-x 1 root root 16832 Mar 17 2010 libcrammd5.so.2.0.22 -rwxr-xr-x 1 root root 893 Mar 17 2010 libdigestmd5.la -rwxr-xr-x 1 root root 47172 Mar 17 2010 libdigestmd5.so -rwxr-xr-x 1 root root 47172 Mar 17 2010 libdigestmd5.so.2 -rwxr-xr-x 1 root root 47172 Mar 17 2010 libdigestmd5.so.2.0.22 -rwxr-xr-x 1 root root 933 Mar 17 2010 libgssapiv2.la -rwxr-xr-x 1 root root 26496 Mar 17 2010 libgssapiv2.so -rwxr-xr-x 1 root root 26496 Mar 17 2010 libgssapiv2.so.2 -rwxr-xr-x 1 root root 26496 Mar 17 2010 libgssapiv2.so.2.0.22 -rwxr-xr-x 1 root root 856 Mar 17 2010 liblogin.la -rwxr-xr-x 1 root root 14752 Mar 17 2010 liblogin.so -rwxr-xr-x 1 root root 14752 Mar 17 2010 liblogin.so.2 -rwxr-xr-x 1 root root 14752 Mar 17 2010 liblogin.so.2.0.22 -rwxr-xr-x 1 root root 856 Mar 17 2010 libplain.la -rwxr-xr-x 1 root root 14848 Mar 17 2010 libplain.so -rwxr-xr-x 1 root root 14848 Mar 17 2010 libplain.so.2 -rwxr-xr-x 1 root root 14848 Mar 17 2010 libplain.so.2.0.22 -rwxr-xr-x 1 root root 930 Mar 17 2010 libsasldb.la -rwxr-xr-x 1 root root 905200 Mar 17 2010 libsasldb.so -rwxr-xr-x 1 root root 905200 Mar 17 2010 libsasldb.so.2 -rwxr-xr-x 1 root root 905200 Mar 17 2010 libsasldb.so.2.0.22 -rw-r--r-- 1 root root 25 Mar 31 2010 Sendmail.conf -rw-r--r-- 1 root root 49 Jan 14 2011 smtpd.conf -- listing of /etc/sasl2 -- total 24 drwxr-xr-x 2 root root 4096 Mar 17 2010 . drwxr-xr-x 107 root root 12288 Aug 5 14:06 .. -- content of /usr/lib/sasl2/smtpd.conf -- pwcheck_method: saslauthd mech_list: PLAIN LOGIN -- active services in /etc/postfix/master.cf -- # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o smtp_fallback_relay= showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache -- mechanisms on localhost -- 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN -- end of saslfinger output --virtual machine box
saslfinger -s saslfinger - postfix Cyrus sasl configuration Sun Aug 5 15:17:22 HKT 2012 version: 1.0.2 mode: server-side SMTP AUTH -- basics -- Postfix: 2.3.3 System: CentOS release 5.8 (Final) -- smtpd is linked to -- libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00c71000) -- active SMTP AUTH and TLS parameters for smtpd -- broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous -- listing of /usr/lib/sasl -- total 52 drwxr-xr-x 2 root root 4096 Aug 5 11:04 . drwxr-xr-x 84 root root 45056 Aug 5 11:04 .. -- listing of /usr/lib/sasl2 -- total 3260 drwxr-xr-x 2 root root 4096 Aug 5 11:04 . drwxr-xr-x 84 root root 45056 Aug 5 11:04 .. -rwxr-xr-x 1 root root 884 Mar 17 2010 libanonymous.la -rwxr-xr-x 1 root root 14372 Mar 17 2010 libanonymous.so -rwxr-xr-x 1 root root 14372 Mar 17 2010 libanonymous.so.2 -rwxr-xr-x 1 root root 14372 Mar 17 2010 libanonymous.so.2.0.22 -rwxr-xr-x 1 root root 870 Mar 17 2010 libcrammd5.la -rwxr-xr-x 1 root root 16832 Mar 17 2010 libcrammd5.so -rwxr-xr-x 1 root root 16832 Mar 17 2010 libcrammd5.so.2 -rwxr-xr-x 1 root root 16832 Mar 17 2010 libcrammd5.so.2.0.22 -rwxr-xr-x 1 root root 893 Mar 17 2010 libdigestmd5.la -rwxr-xr-x 1 root root 47172 Mar 17 2010 libdigestmd5.so -rwxr-xr-x 1 root root 47172 Mar 17 2010 libdigestmd5.so.2 -rwxr-xr-x 1 root root 47172 Mar 17 2010 libdigestmd5.so.2.0.22 -rwxr-xr-x 1 root root 933 Mar 17 2010 libgssapiv2.la -rwxr-xr-x 1 root root 26496 Mar 17 2010 libgssapiv2.so -rwxr-xr-x 1 root root 26496 Mar 17 2010 libgssapiv2.so.2 -rwxr-xr-x 1 root root 26496 Mar 17 2010 libgssapiv2.so.2.0.22 -rwxr-xr-x 1 root root 856 Mar 17 2010 liblogin.la -rwxr-xr-x 1 root root 14752 Mar 17 2010 liblogin.so -rwxr-xr-x 1 root root 14752 Mar 17 2010 liblogin.so.2 -rwxr-xr-x 1 root root 14752 Mar 17 2010 liblogin.so.2.0.22 -rwxr-xr-x 1 root root 856 Mar 17 2010 libplain.la -rwxr-xr-x 1 root root 14848 Mar 17 2010 libplain.so -rwxr-xr-x 1 root root 14848 Mar 17 2010 libplain.so.2 -rwxr-xr-x 1 root root 14848 Mar 17 2010 libplain.so.2.0.22 -rwxr-xr-x 1 root root 930 Mar 17 2010 libsasldb.la -rwxr-xr-x 1 root root 905200 Mar 17 2010 libsasldb.so -rwxr-xr-x 1 root root 905200 Mar 17 2010 libsasldb.so.2 -rwxr-xr-x 1 root root 905200 Mar 17 2010 libsasldb.so.2.0.22 -rw-r--r-- 1 root root 25 Aug 12 2011 Sendmail.conf -rw-r--r-- 1 root root 49 Aug 4 15:32 smtpd.conf -rw-r--r-- 1 root root 49 Aug 4 14:37 smtpd.conf.rpmnew -- listing of /etc/sasl2 -- total 24 drwxr-xr-x 2 root root 4096 Mar 17 2010 . drwxr-xr-x 98 root root 12288 Aug 5 15:10 .. -- content of /usr/lib/sasl2/smtpd.conf -- pwcheck_method: saslauthd mech_list: PLAIN LOGIN -- active services in /etc/postfix/master.cf -- # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes submission inet n - n - - smtpd smtps inet n - n - - smtpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o fallback_relay= showq unix n - n - - showq error unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} old-cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} cyrus unix - n n - - pipe user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient -- mechanisms on localhost -- 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN -- end of saslfinger output -- As we can see there are options are comment out in master.cf in virtual machine box