[SOLVED] Postfix+Cyrus SASL Authentication Problem

Mavman · 01-03-2011, 01:54 PM

Hey guys, for the life of me I can not figure this out. I'm still on the newer side of Linux services and thought that building a mail server would be a great way to figure out how it all works from a Linux point of view.

I'm running Ubuntu Maverick (10.10) 64-bit Server edition.
At the moment, I'm trying to get Postfix to authenticate users using shadow with TLS.

What I've got so far is -

smtpd.conf:

Code:

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

main.cf:

Code:

myhostname = Maverux.******.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = Maverux.******.net, ******.net, Maverux, mail.******.net, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8, 192.168.1.0/24, xxx.xxx.xxx.xxx/32, xxx.xxx.xxx.xxx/32
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_type = cyrus
smtpd_sasl_path = private/auth-client
smtpd_sasl_local_domain = ******.net
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s

/etc/default/saslauthd:

Code:

START=yes
MECHANISMS="shadow"
OPTIONS="-c -m /var/run/saslauthd"

If you need more than this let me know, I tried to take what I thought was pertinent.

According to the error log, I get this-

Code:

Jan  3 10:38:44 Maverux postfix/smtpd[15338]: Anonymous TLS connection established from ***.***.com[xxx.xxx.xxx.xxx]: TLSv1 with cipher AES128-SHA (128/128 bits)
Jan  3 10:38:44 Maverux postfix/smtpd[15338]: warning: SASL authentication failure: no secret in database
Jan  3 10:38:44 Maverux postfix/smtpd[15338]: warning: ***.***.com[xxx.xxx.xxx.xxx]: SASL NTLM authentication failed: authentication failure
Jan  3 10:38:44 Maverux postfix/smtpd[15338]: warning: SASL authentication failure: realm changed: authentication aborted
Jan  3 10:38:44 Maverux postfix/smtpd[15338]: warning: ***.***.com[xxx.xxx.xxx.xxx]: SASL DIGEST-MD5 authentication failed: authentication failure
Jan  3 10:38:44 Maverux postfix/smtpd[15338]: warning: ***.***.com[xxx.xxx.xxx.xxx]: SASL LOGIN authentication failed: authentication failure
Jan  3 10:38:44 Maverux postfix/smtpd[15338]: lost connection after AUTH from ***.***.com[xxx.xxx.xxx.xxx]
Jan  3 10:38:44 Maverux postfix/smtpd[15338]: disconnect from ***.***.com[xxx.xxx.xxx.xxx]

However, if I do a testsaslauthd-

Code:

root@Maverux:~# testsaslauthd -u ****** -p ****** -r ******.net -s smtp
0: OK "Success."

Anyone have any ideas?

EDIT: A bit more information, it is not running chrooted, and here's a telnet & ehlo.

Code:

220 Maverux.******.net ESMTP
ehlo ******.com
250-Maverux.******.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN DIGEST-MD5 NTLM PLAIN CRAM-MD5
250-AUTH=LOGIN DIGEST-MD5 NTLM PLAIN CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Mavman · 01-03-2011, 05:37 PM

Embarrassed to put this one in, but to save anyone else who might be suffering from this I might as well spare them.

I'm not using smtpd_sasl_type = dovecot
I'm using cyrus. Apparently in my early screwing around before everything else was really set up I must have jumped the gun with troubleshooting.

So, I fixed smtpd_sasl_path to be 'smtpd' to go along with the type of cyrus. My own fault.