LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 05-13-2010, 06:35 PM   #1
diablo2nd
LQ Newbie
 
Registered: Mar 2010
Posts: 6

Rep: Reputation: 0
Postfix sasl issue from client


Hi all,

I have an issue where postfix is setup to use dovecot auth and as far as I know it works, if i login using telnet to the mail server i can authorize myself y providing the base64 encoded user & password. so if i can login, why cant my email clients. have tried thunderbird and evolution.

this is the mail.log relavant entries for sucessful login via telnet

Code:
May 13 23:30:26 horus postfix/smtpd[15207]: NOQUEUE: reject: RCPT from unknown[121.98.152.54]: 554 5.7.1 <cole@devtest.co.nz>: Relay access denied; from=<info@coachingineffectivespeaking.org> to=<cole@devtest.co.nz> proto=ESMTP helo=<host>
May 13 23:30:58 horus postfix/smtpd[15207]: D2354205CA: client=unknown[121.98.152.54], sasl_method=plain, sasl_username=info@coachingineffectivespeaking.org
and the failed attempt from mail client
Code:
May 13 23:32:07 horus postfix/smtpd[15273]: warning: unknown[121.98.152.54]: SASL PLAIN authentication failed: UGFzc3dvcmQ6
May 13 23:32:10 horus postfix/smtpd[15273]: warning: unknown[121.98.152.54]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Login by pop or imap works flawlessly that what i dont get. From what i see it SHOULD be working.

It it changes things, im using postfixadmin, postfix, dovecot. passwords and info stored in mysql tables. passwords are md5 encrypted. I thought that may be the issue, but that dosnt make sence.

My best guess is that the email client is not encoding the details corectly.
 
Old 05-14-2010, 01:30 AM   #2
spampig
Member
 
Registered: Feb 2010
Location: /Earth/UK/England/Hampshire
Distribution: Debian, Ubuntu, CentOS, Slackware
Posts: 262
Blog Entries: 2

Rep: Reputation: 56
Looking at that it's complaining about the password (UGFzc3dvcmQ6).

So to be clear, you can log in by hand to your Postfix using telnet/nc > ehlo > then either a single plain string |OR| auth login base64 username,base64 password and that works without an issue?


I had some 'fun' with Evolution myself having some odd behaviour insofar as setting it up by hand randomly gave issues with the password. In the preferences > mail accounts [select account] > sending email tab, clicking on the 'check supported types' and then either selecting 'login' or 'plain' (even though they were already selected) and UNCHECKING the 'remember password' seemed to fix it. It then prompted for the password (which you can then check the 'remember' box) and worked flawlessly. No understanding why, but it seems to have a bit of a sticky memory for bad login data. I don't know if that is your issue but I can assure you Postfix SASL/AUTHSMTP works flawlessly with Dovecot and you can check for Postfix offering support for Dovecot with:
Code:
postconf -a
{output...>}
cyrus
dovecot
The relevant section of main.cf looking something like this:

Code:
#SMTPAuth (SASL)
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
HTH in some way.

Don't get hung up with the MD5 passwords. I'm guessing that you are storing user info in a MySQL database. When the Dovecot library looks up the password for auth it is only doing a comparison. It checks what has been entered against what the database returns using the relevant 'cipher' set in 'default_pass_scheme':

EG:
--
Quote:
dovecot-sql.conf
# Default password scheme
default_pass_scheme = PLAIN-MD5
# passdb query to retrieve the password. It can return fields:
password_query = SELECT username AS user, userpassword AS password FROM users WHERE username like '%u';

Last edited by spampig; 05-14-2010 at 01:37 AM.
 
Old 05-14-2010, 09:38 PM   #3
diablo2nd
LQ Newbie
 
Registered: Mar 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Can login using the methods set out here http://www.linuxmail.info/smtp-authe...tfix-centos-5/ namely using the form to encode the user and password.


I should note that i had everything set up and working prior to incorporating mysql.

UGFzc3dvcmQ6 : I have no idea how this value is come around. the password for the account i was using is infoinfo and the encoded password i used in telnet was different again.
 
Old 05-15-2010, 02:13 AM   #4
spampig
Member
 
Registered: Feb 2010
Location: /Earth/UK/England/Hampshire
Distribution: Debian, Ubuntu, CentOS, Slackware
Posts: 262
Blog Entries: 2

Rep: Reputation: 56
UGFzc3dvcmQ6 is base64 for 'Password:' - that is, just the prompt not the actual password. On login you are normally prompted: VXNlcm5hbWU6 (Username UGFzc3dvcmQ6 (Password. With PLAIN you won't see this prompting as you are entering a single string following the auth plain command.

I note your comment regarding "It was working before mysql" but if you can manually log in from the command line using nc/telnet and the auth is successful the issue has to be the client or data supplied to it. You can enable full logging in Dovecott with 'auth_verbose=yes' in the conf. This will allow you to view the the log in data being passed to, and queried by, Dovecot in the logs. Hence how I found that Evolution was actually passing the wrong data.
 
Old 05-16-2010, 07:30 PM   #5
diablo2nd
LQ Newbie
 
Registered: Mar 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Thanks for your help, I resolved the issue on the first server (I didn't mention it was happening on two)

The problem turned out to be ail clients (Thunderbird and evolution) providing the incorrect details. But from a human error, mis spelled a really long domain, twice.

On the second server however, after enabling logging, postfix is attempting to use a Berkley DB, even though smtpd_sasl_type=dovecot and path=private_auth

Any ideas on what to check here? (Unable to telnet this server)
 
Old 05-17-2010, 01:02 AM   #6
spampig
Member
 
Registered: Feb 2010
Location: /Earth/UK/England/Hampshire
Distribution: Debian, Ubuntu, CentOS, Slackware
Posts: 262
Blog Entries: 2

Rep: Reputation: 56
Check your config on Postfix and Dovecot.
The Postfix side of using Dovecot is pretty simple. In main.cf you should have something like:

Quote:
#SMTPAuth (SASL)
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
Probably the trickiest part of that is the location of the socket to Dovecot (In my case: private/auth). Obviously search main.cf to make sure you don't redefine any of these later in the file.

Next your dovecot.conf file should have something that looks like this towards the end (path to the socket must match above and note this file includes in the actual SQL calls from the file '/etc/dovecot/dovecot-sql.conf')
Quote:
auth default {
mechanisms = plain login
passdb sql {
# Path for SQL configuration file
args = /etc/dovecot/dovecot-sql.conf
}
userdb sql {
# Path for SQL configuration file
args = /etc/dovecot/dovecot-sql.conf
}
socket listen {
client {
#
path = /var/spool/mail/private/auth
mode = 0660
# Assuming the default Postfix user and group
user = postfix
group = postfix
}
}
}
Your own 'dovecot-sql.conf' will be different to suit your database structure, but will probably look something like this:

Quote:
# This file is opened as root, so it should be owned by root and mode 0600.
driver = mysql
connect = host=127.0.0.1 dbname=<your-database-name> user=<your-database-user> password=<your-database-password>

# Default password scheme
default_pass_scheme = PLAIN-MD5
password_query = SELECT email AS user, userpassword AS password FROM users WHERE email like '%u';
user_query = SELECT mailbox AS home, virtual_uid AS uid, virtual_gid AS gid FROM users where email = '%u';
With that in place, and a working database to deal with the queries, you should be cooking on gas.
 
Old 05-17-2010, 04:54 AM   #7
diablo2nd
LQ Newbie
 
Registered: Mar 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Thanks for the reply. I wasnt able to find anything out of place in either config file. (Dovecot config file is so much easier to navigate without comments - Thank you Internet) So i figured i would copy the config from the good server to the no-good server. change the relavant hostnames etc and got to a point where i could troubleshoot the rest myself. Now i working on tls and ssl integration for both. And its all pretty straightforward.
 
  


Reply

Tags
dovecot, postfix


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix, Dovecot, MySQL users - issue with SASL silviap Linux - Server 2 06-17-2009 06:24 AM
Postfix SASL halvorls Linux - Server 2 12-07-2008 11:52 AM
Postfix/SASL/MySQL "SASL LOGIN authentication failed" Temujin_12 Linux - Server 8 10-04-2008 10:37 PM
Postfix and SASL linux2man Linux - Server 2 04-15-2008 02:00 AM
postfix and sasl issue nielchiano Linux - Networking 0 04-22-2004 09:38 AM


All times are GMT -5. The time now is 10:59 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration