Loading ...
Sorry, an error occurred while loading the content.

SASL Authentication failed

Expand Messages
  • Frédéric Martinoty
    Hi, I ve got a problem with my mail server. It s running on Debian Sarge 3.1, Postfix 2.1.5-9, libsasl 2.1.19-1.5sarge I use LDAP to authenticate the smtp
    Message 1 of 2 , Jul 31, 2006
    • 0 Attachment
      Hi,

      I've got a problem with my mail server. It's running on Debian Sarge
      3.1, Postfix 2.1.5-9, libsasl 2.1.19-1.5sarge

      I use LDAP to authenticate the smtp users (using IMAP). Everything
      worked perfectly but when I used apt-get to upgrade libsasl2, it screwed
      up the authentification mechanism. I tried and revert to the previous
      version but it didn't help. I thought that the problem was linked to
      postfix being chrooted, so I changed this parameter without success. I
      attach the output of a "saslfinger -s" to show you my configuration.

      Right now, the smtpd_sasl_auth_enable is commented to avoid the "fatal :
      no SASL authentication mechanisms" error message. The authentication is
      currently done via IP addresses (mynetworks = 192.168.1.0/24) , but some
      people are connecting with notebooks and don't have a fixed IP so that
      doesn't solve completly my problem. Any help would be greatly appreciated.

      Thanks

      Fred



      **********************************************************
      saslfinger - postfix Cyrus sasl configuration Mon Jul 31 16:53:15 CEST 2006
      version: 1.0
      mode: server-side SMTP AUTH

      -- basics --
      Postfix: 2.1.5
      System: Debian GNU/Linux 3.1 \n \l

      -- smtpd is linked to --
      libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x401a0000)

      -- active SMTP AUTH and TLS parameters for smtpd --
      broken_sasl_auth_clients = yes
      smtpd_sasl_application_name = smtpd
      smtpd_sasl_local_domain = $myhostname
      smtpd_sasl_security_options = noanonymous


      -- listing of /usr/lib/sasl2 --
      total 104
      drwxr-xr-x 2 root root 109 May 9 12:46 .
      drwxr-xr-x 45 root root 12288 Jul 31 14:30 ..
      -rw-r--r-- 1 root root 21810 Apr 24 19:27 libsasldb.a
      -rw-r--r-- 1 root root 852 Apr 24 19:26 libsasldb.la
      -rw-r--r-- 1 root root 18692 Apr 24 19:27 libsasldb.so
      -rw-r--r-- 1 root root 18692 Apr 24 19:27 libsasldb.so.2
      -rw-r--r-- 1 root root 18692 Apr 24 19:27 libsasldb.so.2.0.19




      -- content of /etc/postfix/sasl/smtpd.conf --
      pwcheck_method: saslauthd
      mech_list: plain login


      -- active services in /etc/postfix/master.cf --
      # service type private unpriv chroot wakeup maxproc command + args
      # (yes) (yes) (yes) (never) (100)
      smtp inet n - n - - smtpd
      pickup fifo n - - 60 1 pickup
      cleanup unix n - - - 0 cleanup
      qmgr fifo n - - 300 1 qmgr
      rewrite unix - - - - - trivial-rewrite
      bounce unix - - - - 0 bounce
      defer unix - - - - 0 bounce
      trace unix - - - - 0 bounce
      verify unix - - - - 1 verify
      flush unix n - - 1000? 0 flush
      proxymap unix - - n - - proxymap
      smtp unix - - - - - smtp
      relay unix - - - - - smtp
      showq unix n - - - - showq
      error unix - - - - - error
      local unix - n n - - local
      virtual unix - n n - - virtual
      lmtp unix - - n - - lmtp
      anvil unix - - n - 1 anvil
      maildrop unix - n n - - pipe
      flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
      uucp unix - n n - - pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
      ($recipient)
      ifmail unix - n n - - pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
      bsmtp unix - n n - - pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
      $recipient
      scalemail-backend unix - n n - 2 pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
      ${nexthop} ${user} ${extension}


      127.0.0.1:10025 inet n - y - - smtpd
      -o content_filter=
      -o local_recipient_maps=
      -o relay_recipient_maps=
      -o smtpd_restriction_classes=
      -o smtpd_helo_restrictions=
      -o smtpd_sender_restrictions=
      -o smtpd_recipient_restrictions=permit_mynetworks,reject
      -o mynetworks=127.0.0.0/8
      -o strict_rfc821_envelopes=yes

      smtp-amavis unix - - y - 2 smtp
      -o smtp_data_done_timeout=1200
      -o disable_dns_lookups=yes

      -- mechanisms on localhost --
    • Patrick Ben Koetter
      ... The error message is correct. There aren t any SASL mechanisms installed. You want something like this: $ ls -l /usr/lib/sasl2/ total 548 -rwxr-xr-x 1
      Message 2 of 2 , Jul 31, 2006
      • 0 Attachment
        * Frédéric Martinoty <frederic.martinoty@...>:
        > Hi,
        >
        > I've got a problem with my mail server. It's running on Debian Sarge
        > 3.1, Postfix 2.1.5-9, libsasl 2.1.19-1.5sarge
        >
        > I use LDAP to authenticate the smtp users (using IMAP). Everything
        > worked perfectly but when I used apt-get to upgrade libsasl2, it screwed
        > up the authentification mechanism. I tried and revert to the previous
        > version but it didn't help. I thought that the problem was linked to
        > postfix being chrooted, so I changed this parameter without success. I
        > attach the output of a "saslfinger -s" to show you my configuration.
        >
        > Right now, the smtpd_sasl_auth_enable is commented to avoid the "fatal :
        > no SASL authentication mechanisms" error message. The authentication is
        > currently done via IP addresses (mynetworks = 192.168.1.0/24) , but some
        > people are connecting with notebooks and don't have a fixed IP so that
        > doesn't solve completly my problem. Any help would be greatly appreciated.
        >
        > Thanks
        >
        > Fred
        >
        >
        >
        > **********************************************************
        > saslfinger - postfix Cyrus sasl configuration Mon Jul 31 16:53:15 CEST 2006
        > version: 1.0
        > mode: server-side SMTP AUTH
        >
        > -- basics --
        > Postfix: 2.1.5
        > System: Debian GNU/Linux 3.1 \n \l
        >
        > -- smtpd is linked to --
        > libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x401a0000)
        >
        > -- active SMTP AUTH and TLS parameters for smtpd --
        > broken_sasl_auth_clients = yes
        > smtpd_sasl_application_name = smtpd
        > smtpd_sasl_local_domain = $myhostname
        > smtpd_sasl_security_options = noanonymous
        >
        >
        > -- listing of /usr/lib/sasl2 --
        > total 104
        > drwxr-xr-x 2 root root 109 May 9 12:46 .
        > drwxr-xr-x 45 root root 12288 Jul 31 14:30 ..
        > -rw-r--r-- 1 root root 21810 Apr 24 19:27 libsasldb.a
        > -rw-r--r-- 1 root root 852 Apr 24 19:26 libsasldb.la
        > -rw-r--r-- 1 root root 18692 Apr 24 19:27 libsasldb.so
        > -rw-r--r-- 1 root root 18692 Apr 24 19:27 libsasldb.so.2
        > -rw-r--r-- 1 root root 18692 Apr 24 19:27 libsasldb.so.2.0.19

        The error message is correct. There aren't any SASL mechanisms installed. You
        want something like this:

        $ ls -l /usr/lib/sasl2/
        total 548
        -rwxr-xr-x 1 root root 683 10. Mär 2005 libcrammd5.la
        lrwxrwxrwx 1 root root 20 10. Mär 2005 libcrammd5.so -> libcrammd5.so.2.0.20
        lrwxrwxrwx 1 root root 20 10. Mär 2005 libcrammd5.so.2 -> libcrammd5.so.2.0.20
        -rwxr-xr-x 1 root root 50347 10. Mär 2005 libcrammd5.so.2.0.20
        -rwxr-xr-x 1 root root 713 10. Mär 2005 libdigestmd5.la
        lrwxrwxrwx 1 root root 22 10. Mär 2005 libdigestmd5.so -> libdigestmd5.so.2.0.20
        lrwxrwxrwx 1 root root 22 10. Mär 2005 libdigestmd5.so.2 -> libdigestmd5.so.2.0.20
        -rwxr-xr-x 1 root root 96876 10. Mär 2005 libdigestmd5.so.2.0.20
        -rwxr-xr-x 1 root root 749 10. Mär 2005 libgssapiv2.la
        lrwxrwxrwx 1 root root 21 10. Mär 2005 libgssapiv2.so -> libgssapiv2.so.2.0.20
        lrwxrwxrwx 1 root root 21 10. Mär 2005 libgssapiv2.so.2 -> libgssapiv2.so.2.0.20
        -rwxr-xr-x 1 root root 63380 10. Mär 2005 libgssapiv2.so.2.0.20
        -rwxr-xr-x 1 root root 679 10. Mär 2005 liblogin.la
        lrwxrwxrwx 1 root root 18 10. Mär 2005 liblogin.so -> liblogin.so.2.0.20
        lrwxrwxrwx 1 root root 18 10. Mär 2005 liblogin.so.2 -> liblogin.so.2.0.20
        -rwxr-xr-x 1 root root 46040 10. Mär 2005 liblogin.so.2.0.20
        -rwxr-xr-x 1 root root 679 10. Mär 2005 libplain.la
        lrwxrwxrwx 1 root root 18 10. Mär 2005 libplain.so -> libplain.so.2.0.20
        lrwxrwxrwx 1 root root 18 10. Mär 2005 libplain.so.2 -> libplain.so.2.0.20
        -rwxr-xr-x 1 root root 45942 10. Mär 2005 libplain.so.2.0.20
        -rwxr-xr-x 1 root root 709 10. Mär 2005 libsasldb.la
        lrwxrwxrwx 1 root root 19 10. Mär 2005 libsasldb.so -> libsasldb.so.2.0.20
        lrwxrwxrwx 1 root root 19 10. Mär 2005 libsasldb.so.2 -> libsasldb.so.2.0.20
        -rwxr-xr-x 1 root root 80998 10. Mär 2005 libsasldb.so.2.0.20


        Use apt-get to install Cyrus SASL mechanisms...

        p@rick

        --
        The Book of Postfix
        <http://www.postfix-book.com>
        saslfinger (debugging SMTP AUTH):
        <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
      Your message has been successfully submitted and would be delivered to recipients shortly.