LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 12-15-2004, 09:50 AM   #1
juliancoccia
Member
 
Registered: Dec 2003
Posts: 51

Rep: Reputation: 15
SENDMAIL: SASL(-1): generic failure: Password verification failed


Hi there!

I have just installed sendmail with SMTP-AUTH/TLS and ran into a problem. I have done this quite a few times before and never had any problems, but this time I am running into this one that is driving me nuts.

saslauthd is unable to authenticate my username and password. I did exactly what it says on my howto http://www.linuxespanol.com/tema2688.html in case you want to check up the configuration I'm using. I have raised the debuglevel and this is what I see:

Code:
Dec 15 16:34:12  sendmail[10687]: iBFFYCnn010687: assigned id
Dec 15 16:34:12  sendmail[10688]: iBFFYCnn010687: disconnect level 2
Dec 15 16:34:12  sendmail[10688]: iBFFYCnn010687: in background, pid=10688
Dec 15 16:34:12  sendmail[10688]: starting daemon (8.12.11): SMTP+queueing@01:00:00
Dec 15 16:34:12  sendmail[10689]: iBFFYCnn010689: assigned id
Dec 15 16:34:12  sendmail[10689]: iBFFYCnn010689: disconnect level 1
Dec 15 16:34:12  sendmail[10689]: iBFFYCnn010689: in background, pid=10689
Dec 15 16:34:12  sendmail[10689]: runqueue /var/spool/mqueue, pid=10689, forkflag=1
Dec 15 16:34:12  sendmail[10689]: iBFFPhuW010408: dowork, pid=10689
Dec 15 16:34:12  sendmail[10688]: iBFFYCnn010687: dropenvelope, e_flags=0x4001, OpMode=d, pid=10688
Dec 15 16:34:12  sendmail[10688]: iBFFYCnn010687: unlink ./dfiBFFYCnn010687
Dec 15 16:34:12  sendmail[10688]: iBFFYCnn010687: ./dfiBFFYCnn010687: unlink-fail 2
Dec 15 16:34:12  sendmail[10688]: iBFFYCnn010687: unlink ./qfiBFFYCnn010687
Dec 15 16:34:12  sendmail[10687]: iBFFYCnn010687: finis, pid=10687
Dec 15 16:34:12  sendmail[10688]: iBFFYCnn010687: ./qfiBFFYCnn010687: unlink-fail 2
Dec 15 16:34:12  sendmail[10688]: iBFFYCnn010687: unlock
Dec 15 16:34:12  sendmail[10688]: iBFFYCnn010687: unlink ./xfiBFFYCnn010687
Dec 15 16:34:12  sendmail[10689]: iBFFPhuW010408: sendenvelope, flags=0x625842
Dec 15 16:34:12  sendmail[10688]: iBFFYCnn010687: ./xfiBFFYCnn010687: unlink-fail 2
Dec 15 16:34:12  sendmail[10688]: STARTTLS=server, Diffie-Hellman init, key=512 bit (1)
Dec 15 16:34:12  sendmail[10688]: STARTTLS=server, init=1
Dec 15 16:34:12  sendmail[10688]: started as: /usr/sbin/sendmail -bd -q1h
Dec 15 16:34:32  sendmail[10695]: iBFFYWO0010695: assigned id
Dec 15 16:34:32  sendmail[10695]: NOQUEUE: connect from 7.Red-217-xxx-xxx.pooles.rima-tde.net [217.xxx.xxx.xxx]
Dec 15 16:34:32  sendmail[10695]: AUTH: available mech=LOGIN PLAIN, allowed mech=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
Dec 15 16:34:32  sendmail[10695]: iBFFYWO0010695: --- 220 207-xxx-xxx-xxx.ptr.primarydns.com ESMTP
Dec 15 16:34:32  sendmail[10695]: iBFFYWO0010695: <-- EHLO [192.168.1.10]
Dec 15 16:34:32  sendmail[10695]: iBFFYWO0010695: --- 250-207-xxx-xxx-xxx.ptr.primarydns.com Hello 7.Red-217-xxx-xxx.pooles.rima-tde.net [217.xxx.xxx.xxx], pleased to meet you
Dec 15 16:34:32  sendmail[10695]: iBFFYWO0010695: --- 250-ENHANCEDSTATUSCODES
Dec 15 16:34:32  sendmail[10695]: iBFFYWO0010695: --- 250-PIPELINING
Dec 15 16:34:32  sendmail[10695]: iBFFYWO0010695: --- 250-8BITMIME
Dec 15 16:34:32  sendmail[10695]: iBFFYWO0010695: --- 250-SIZE 15000000
Dec 15 16:34:32  sendmail[10695]: iBFFYWO0010695: --- 250-DSN
Dec 15 16:34:32  sendmail[10695]: iBFFYWO0010695: --- 250-ETRN
Dec 15 16:34:32  sendmail[10695]: iBFFYWO0010695: --- 250-AUTH LOGIN PLAIN
Dec 15 16:34:32  sendmail[10695]: iBFFYWO0010695: --- 250-STARTTLS
Dec 15 16:34:32  sendmail[10695]: iBFFYWO0010695: --- 250-DELIVERBY
Dec 15 16:34:32  sendmail[10695]: iBFFYWO0010695: --- 250 HELP
Dec 15 16:34:32  sendmail[10695]: iBFFYWO0010695: <-- STARTTLS
Dec 15 16:34:32  sendmail[10695]: iBFFYWO0010695: --- 220 2.0.0 Ready to start TLS
Dec 15 16:34:33  sendmail[10695]: STARTTLS=server, get_verify: 0 get_peer: 0x0
Dec 15 16:34:33  sendmail[10695]: STARTTLS=server, relay=7.Red-217-xxx-xxx.pooles.rima-tde.net [217.xxx.xxx.xxx], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256
Dec 15 16:34:33  sendmail[10695]: STARTTLS=server, cert-subject=, cert-issuer=
Dec 15 16:34:33  sendmail[10695]: AUTH: available mech=LOGIN PLAIN, allowed mech=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
Dec 15 16:34:33  sendmail[10695]: iBFFYWO0010695: <-- EHLO [192.168.1.10]
Dec 15 16:34:33  sendmail[10695]: iBFFYWO0010695: dropenvelope, e_flags=0x4009, OpMode=d, pid=10695
Dec 15 16:34:33  sendmail[10695]: iBFFYWO0010695: unlink ./dfiBFFYWO0010695
Dec 15 16:34:33  sendmail[10695]: iBFFYWO0010695: ./dfiBFFYWO0010695: unlink-fail 2
Dec 15 16:34:33  sendmail[10695]: iBFFYWO0010695: unlink ./qfiBFFYWO0010695
Dec 15 16:34:33  sendmail[10695]: iBFFYWO0010695: ./qfiBFFYWO0010695: unlink-fail 2
Dec 15 16:34:33  sendmail[10695]: iBFFYWO0010695: unlock
Dec 15 16:34:33  sendmail[10695]: iBFFYWO0010695: unlink ./xfiBFFYWO0010695
Dec 15 16:34:33  sendmail[10695]: iBFFYWO0010695: ./xfiBFFYWO0010695: unlink-fail 2
Dec 15 16:34:33  sendmail[10695]: iBFFYWO1010695: assigned id
Dec 15 16:34:33  sendmail[10695]: iBFFYWO1010695: --- 250-207-xxx-xxx-xxx.ptr.primarydns.com Hello 7.Red-217-xxx-xxx.pooles.rima-tde.net [217.xxx.xxx.xxx], pleased to meet you
Dec 15 16:34:33  sendmail[10695]: iBFFYWO1010695: --- 250-ENHANCEDSTATUSCODES
Dec 15 16:34:33  sendmail[10695]: iBFFYWO1010695: --- 250-PIPELINING
Dec 15 16:34:33  sendmail[10695]: iBFFYWO1010695: --- 250-8BITMIME
Dec 15 16:34:33  sendmail[10695]: iBFFYWO1010695: --- 250-SIZE 15000000
Dec 15 16:34:33  sendmail[10695]: iBFFYWO1010695: --- 250-DSN
Dec 15 16:34:33  sendmail[10695]: iBFFYWO1010695: --- 250-ETRN
Dec 15 16:34:33  sendmail[10695]: iBFFYWO1010695: --- 250-AUTH LOGIN PLAIN
Dec 15 16:34:33  sendmail[10695]: iBFFYWO1010695: --- 250-DELIVERBY
Dec 15 16:34:33  sendmail[10695]: iBFFYWO1010695: --- 250 HELP
Dec 15 16:34:36  sendmail[10695]: iBFFYWO1010695: <-- AUTH PLAIN AGpjb2NjaWEAMTIzNA==
Dec 15 16:34:36  sendmail[10695]: iBFFYWO1010695: --- 535 5.7.0 authentication failed
Dec 15 16:34:36  sendmail[10695]: iBFFYWO1010695: AUTH failure (PLAIN): generic failure (-1) SASL(-1): generic failure: Password verification failed
Dec 15 16:34:37  sendmail[10695]: iBFFYWO1010695: <-- AUTH LOGIN
Dec 15 16:34:37  sendmail[10695]: iBFFYWO1010695: --- 334 VXNlcm5hbWU6
Dec 15 16:34:37  sendmail[10695]: iBFFYWO1010695: --- 334 UGFzc3dvcmQ6
Dec 15 16:34:37  sendmail[10695]: iBFFYWO1010695: --- 535 5.7.0 authentication failed
Dec 15 16:34:37  sendmail[10695]: iBFFYWO1010695: AUTH failure (LOGIN): generic failure (-1) SASL(-1): generic failure: checkpass failed
Dec 15 16:34:40  sendmail[10695]: iBFFYWO1010695: <-- AUTH PLAIN AGpjb2NjaWEAMTIzNA==
Dec 15 16:34:40  sendmail[10695]: iBFFYWO1010695: 7.Red-217-xxx-xxx.pooles.rima-tde.net [217.xxx.xxx.xxx]: possible SMTP attack: command=AUTH, count=3
Dec 15 16:34:41  sendmail[10695]: iBFFYWO1010695: --- 535 5.7.0 authentication failed
Dec 15 16:34:41  sendmail[10695]: iBFFYWO1010695: AUTH failure (PLAIN): generic failure (-1) SASL(-1): generic failure: Password verification failed
Dec 15 16:34:41  sendmail[10695]: iBFFYWO1010695: <-- AUTH LOGIN
Dec 15 16:34:43  sendmail[10695]: iBFFYWO1010695: --- 334 VXNlcm5hbWU6
Dec 15 16:34:43  sendmail[10695]: iBFFYWO1010695: --- 334 UGFzc3dvcmQ6
Dec 15 16:34:43  sendmail[10695]: iBFFYWO1010695: --- 535 5.7.0 authentication failed
Dec 15 16:34:43  sendmail[10695]: iBFFYWO1010695: AUTH failure (LOGIN): generic failure (-1) SASL(-1): generic failure: checkpass failed
Dec 15 16:34:46  sendmail[10695]: iBFFYWO1010695: disconnect level 1
Dec 15 16:34:46  sendmail[10695]: iBFFYWO1010695: in background, pid=10695
Dec 15 16:34:46  sendmail[10695]: iBFFYWO1010695: --- 421 4.4.1 207-xxx-xxx-xxx.ptr.primarydns.com Lost input channel from 7.Red-217-xxx-xxx.pooles.rima-tde.net [217.xxx.xxx.xxx]
Dec 15 16:34:46  sendmail[10695]: iBFFYWO1010695: lost input channel from 7.Red-217-xxx-xxx.pooles.rima-tde.net [217.xxx.xxx.xxx] to MTA after auth
Dec 15 16:34:46  sendmail[10695]: iBFFYWO1010695: disconnect level 1
Dec 15 16:34:46  sendmail[10695]: iBFFYWO1010695: in background, pid=10695
Dec 15 16:34:46  sendmail[10695]: iBFFYWO1010695: 7.Red-217-xxx-xxx.pooles.rima-tde.net [217.xxx.xxx.xxx] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Dec 15 16:34:46  sendmail[10695]: iBFFYWO1010695: dropenvelope, e_flags=0x4001, OpMode=d, pid=10695
Dec 15 16:34:46  sendmail[10695]: iBFFYWO1010695: unlink ./dfiBFFYWO1010695
Dec 15 16:34:46  sendmail[10695]: iBFFYWO1010695: ./dfiBFFYWO1010695: unlink-fail 2
Dec 15 16:34:46  sendmail[10695]: iBFFYWO1010695: unlink ./qfiBFFYWO1010695
Dec 15 16:34:46  sendmail[10695]: iBFFYWO1010695: ./qfiBFFYWO1010695: unlink-fail 2
Dec 15 16:34:46  sendmail[10695]: iBFFYWO1010695: unlock
Dec 15 16:34:46  sendmail[10695]: iBFFYWO1010695: unlink ./xfiBFFYWO1010695
Dec 15 16:34:46  sendmail[10695]: iBFFYWO1010695: ./xfiBFFYWO1010695: unlink-fail 2
Dec 15 16:34:46  sendmail[10695]: NOQUEUE: finis, pid=10695
It all seems to indicate that I'm using the wrong password but of course I'm not:

Code:
# testsaslauthd -u jcoccia -p 1234
0: OK "Success."
I will truly appreciate if someone can help me out.

Thanks,
Julian

Last edited by juliancoccia; 12-15-2004 at 05:31 PM.
 
Old 12-15-2004, 07:22 PM   #2
juliancoccia
Member
 
Registered: Dec 2003
Posts: 51

Original Poster
Rep: Reputation: 15
More info:

At the same time /var/log/messages shows:

Code:
Dec 16 02:15:45 sendmail[29986]: cannot connect to saslauthd server: No such file or directory
Dec 16 02:15:45 sendmail[29986]: Password verification failed
Dec 16 02:15:45 sendmail[29986]: cannot connect to saslauthd server: No such file or directory
I investigated and found out sendmail might be looking at the wrong location for the saslauthd mux. When saslauthd starts, it states:

Code:
# /etc/init.d/saslauthd restart
Stopping SASL Authentication Daemon: saslauthd.
Starting SASL Authentication Daemon: saslauthd[30033] :main            : num_procs  : 5
saslauthd[30033] :main            : mech_option: NULL
saslauthd[30033] :main            : run_path   : /var/run/saslauthd
saslauthd[30033] :main            : auth_mech  : shadow
saslauthd[30033] :ipc_init        : using accept lock file: /var/run/saslauthd/mux.accept
saslauthd.
saslauthd.
while /var/log/messages says:
Code:
Dec 16 02:20:50 saslauthd[30034]: ipc_init        : listening on socket: /var/run/saslauthd/mux
My question is: How do I know what mux is sendmail looking at ?
 
Old 12-15-2004, 08:03 PM   #3
juliancoccia
Member
 
Registered: Dec 2003
Posts: 51

Original Poster
Rep: Reputation: 15
I found the answer to the previous question. It is defined by saslauthd_path in the Sendmail.conf file as follows:

Code:
 
# cat /usr/local/lib/sasl2/Sendmail.conf
pwcheck_method: saslauthd
mech_list: login plain
saslauthd_path: /var/run/saslauthd
This takes care of the previous error, but gets me into another one (still while trying to send an email from my email client). This time: Connection refused

Code:
 
Dec 16 02:50:55 207-234-147-85 sendmail[30788]: cannot connect to saslauthd server: Connection refused
Dec 16 02:50:55 207-234-147-85 sendmail[30788]: Password verification failed
I have chmodded to 777 all the /var/run/saslauthd directory and nothing happens.

Netstat shows:

Code:
 
#  netstat -nalp | grep saslauthd 
unix  2      [ ACC ]     STREAM     LISTENING     4399921 30674/saslauthd     /var/run/saslauthd/mux
unix  2      [ ]         DGRAM                    4399916 30674/saslauthd

HELP !!!! ANYONE ?!?

Last edited by juliancoccia; 12-15-2004 at 08:04 PM.
 
Old 01-04-2005, 12:30 PM   #4
Duality.Enigma
LQ Newbie
 
Registered: Dec 2004
Distribution: Redhat 9.0 Fedora Core 2 - Webmin admin module
Posts: 4

Rep: Reputation: 0
You may hav Solved this by now.. but I was having a very similar problem.. (Fedora Core 2, Sendmail, sasl2)

For some reason, I had to make sure the SMTP AUTH settings had to look like:

Code:
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
And take out all the other authentication options..

Apparently, the CRAM-MD5 and DIGEST-MD5 options requires a sasldb database which gave me all sorts of errors.. first when I didn't have one... etc..

But the problem was that I had both CRAM-MD5 and DIGEST-MD5 with the LOGIN and PLAIN options.. and Sendmail was only recognizing the first two.

Code:
telnet localhost 25
followed by:
Code:
ehlo localhost
Should produce:
Code:
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
Before with all 4 options in the .mc file this line:

250-AUTH LOGIN PLAIN

looked like this:

250-AUTH CRAM-MD5 DIGEST-MD5

Which was causing my client to try one of those login methods and not LOGIN PLAIN. Resulting in a Authentication failure..

Hope this helps!

Cheers!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
reason: 550-Verification failed for noo7 Red Hat 1 04-06-2009 10:28 PM
verification of package *blah* failed FunkyRes Debian 4 03-30-2004 12:40 AM
Apache Password Verification gauge73 Linux - Networking 1 03-23-2004 11:52 AM
in need of https password verification(?) bkeating Linux - Security 1 07-16-2002 10:45 AM
kernel signature verification failed... doublefailure Linux - General 0 07-06-2002 10:44 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 09:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration