Re: SMTP AUTH with Postfix and SASL

To: debian-user@lists.debian.org
Subject: Re: SMTP AUTH with Postfix and SASL
From: "Jeff Wiegley, Ph.D." <jeffw@cyte.com>
Date: 21 Jul 2003 09:23:47 -0700
Message-id: <[🔎] 1058804627.14906.7.camel@mail.cyte.com>
In-reply-to: <[🔎] 20030721151920.GA12697@tammen.net>
References: <[🔎] 20030721151920.GA12697@tammen.net>

Sorry, no hints from me. But I think I'm having the exact same
problem with my setup except that I'm using sendmail.

Here's a tip for Debian MTA package maintainers: Many people
who want an MTA running are going to want SMTP-AUTH and TLS.
These should be configured and enabled by default. I don't see
how it would hurt those people that don't need to do SMTP-AUTH
to have it enabled. And its far, far easier to disable or
break this functionality than it is to enable it.

Todd is helping me out with my problem. If we can help
me come to a solution then I will pass that info along
to you since I think it will be relevant.

Thanks,

On Mon, 2003-07-21 at 08:19, Jan Tammen wrote:
> Bonjour.
> 
> I am trying to setup SMTP AUTH with Postfix and SASL on Debian
> unstable. 
> 
> So far I got these packages installed:
> 
> postfix          2.0.13-1
> postfix-tls      2.0.13-1
> libsasl2         2.1.12-1
> libsasl2-dev     2.1.12-1
> libsasl2-modules 2.1.12-1 
> sasl2-bin        2.1.12-1
> 
> I want to authenticate users against the system's password-database.
> 
> /etc/postfix/main.cf:
> [...]
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_local_domain = $myhostname
> broken_sasl_auth_clients = yes
> smtpd_recipient_restrictions = permit_sasl_authenticated, 
>                                permit_mynetworks, 
>                                check_relay_domains
> [...]
> 
> /etc/postfix/sasl/smtpd.conf:
> pwcheck_method: pwcheck
> 
> Connecting to the server via telnet shows up that authentication is enabled:
> 
> 250-AUTH NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> 250-AUTH=NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> 
> I got a user 'test' with passwd 'test'; trying to authenticate via telnet:
> 
> AUTH PLAIN dGVzdAB0ZXN0AHRlc3Q=
> 535 Error: authentication failed
> 
> In mail.log:
> postfix/smtpd[15000]: warning: SASL authentication problem: unknown password verifier 
> postfix/smtpd[15000]: warning: SASL authentication failure: Password verification failed
> postfix/smtpd[15000]: warning: localhost[127.0.0.1]: SASL PLAIN authentication failed
> 
> Seems as SASL does not know shadow-method. When I use 'pwcheck_method:
> saslauthd' in /etc/postfix/sasl/smtpd.conf and start saslauthd, I get this error:
> 
> postfix/smtpd[15135]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
> postfix/smtpd[15135]: warning: SASL authentication failure: Password verification failed
> postfix/smtpd[15135]: warning: localhost[127.0.0.1]: SASL PLAIN authentication failed
> 
> This error seems to be related to the fact, that smtpd runs chrooted.
> But even when I let smtpd run 'normally', I get an error:
> 
> postfix/smtpd[15269]: warning: SASL authentication failure: Password verification failed
> postfix/smtpd[15269]: warning: localhost[127.0.0.1]: SASL PLAIN authentication failed
> 
> And in auth.log:
> 
> saslauthd[14098]: AUTHFAIL: user=test@domain.de service=smtp realm=domain.de
> 
> But saslausthd seems to be able to authenticate that user; from localhost:
> 
> $ testsaslauthd -u test -p test -r domain.de -s smtp
> $ 0: OK "Success."
> 
> Sorry for that long post ... any hints for me?
> 
> Thanks.
>

Reply to:

References:
- SMTP AUTH with Postfix and SASL
  - From: Jan Tammen <jan@tammen.net>

Prev by Date: Could this be debian ?
Next by Date: Re: need help with compile of pcmcia card driver
Previous by thread: SMTP AUTH with Postfix and SASL
Next by thread: Re: SMTP AUTH with Postfix and SASL
Index(es):
- Date
- Thread