linuxpyro |
12-15-2008 07:57 PM |
Postfix SASL Authentication Failure
I am having an issue getting Postfix to do SMTP authentication via SASL and PAM on Debian Etch. First of all, here are the SASL-related lines in main.cf:
Code:
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains
#smtpd_recipient_restrictions = permit_mynetworks,check_relay_domains
inet_interfaces = all
Next, here is my /etc/postfix/sasl/smtpd.conf:
[code]
pwcheck_method: saslauthd
mech_list: plain login
[code]
In /etc/default/saslauthd:
Code:
# Should saslauthd run automatically on startup? (default: no)
START=yes
# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
#MECHANISMS="rimap -O localhost"
MECHANISMS="pam"
# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""
# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5
# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c"
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
Now, given this I can use testsaslauthd to successfully authenticate my username and password with saslauthd running. However, when I try to send Email through Postfix with the same credentials Evolution gives me a "Bad authentication response from server" error, and in /var/log/maillog I find this:
Code:
Dec 16 09:01:57 clamato postfix/smtpd[16619]: warning: SASL authentication failure: Password verification failed
Dec 16 09:01:57 clamato postfix/smtpd[16619]: warning: fishingcat.rit.edu[129.21.97.207]: SASL PLAIN authentication failed: authentication failure
Meanwhile, in /var/log/auth.log all I get is this:
Code:
Dec 16 08:55:10 clamato saslauthd[16517]: detach_tty : master pid is: 16517
Dec 16 08:55:10 clamato saslauthd[16517]: ipc_init : listening on socket: /var/run/saslauthd/mux
I am not running Postfix in a chroot, so it should be able to see /var/run/saslauthd/mux. Since I can authenticate against SASL via the command line I'm pretty sure it's not the problem. I was getting an error about not being able to find /usr/lib/sasl2, but that stopped after I added the smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2 line to main.cf.
Anyone have any ideas?
|