Loading ...
Sorry, an error occurred while loading the content.

Unable to authenticate

Expand Messages
  • Gerard Seibert
    My installation of Postfix has been running without a problem for over two years. Suddenly it refused to accept mail from my MUA Claws-Mail. This is the
    Message 1 of 4 , Jan 7, 2013
    • 0 Attachment
      My installation of Postfix has been running without a problem for over
      two years. Suddenly it refused to accept mail from my MUA
      "Claws-Mail." This is the output of the claws mail log:

      [13:19:59] SMTP< 220 scorpio.seibercom.net ESMTP Postfix (2.10-20121031)
      [13:19:59] ESMTP> EHLO scorpio
      [13:19:59] ESMTP< 250-scorpio.seibercom.net
      [13:19:59] ESMTP< 250-PIPELINING
      [13:19:59] ESMTP< 250-SIZE 26214400
      [13:19:59] ESMTP< 250-ETRN
      [13:19:59] ESMTP< 250-STARTTLS
      [13:19:59] ESMTP< 250-ENHANCEDSTATUSCODES
      [13:19:59] ESMTP< 250-8BITMIME
      [13:19:59] ESMTP< 250 DSN
      ** No SMTP AUTH method available
      [13:19:59] ESMTP> STARTTLS
      [13:19:59] ESMTP< 220 2.0.0 Ready to start TLS
      [13:20:00] ESMTP> EHLO scorpio
      [13:20:00] ESMTP< 250-scorpio.seibercom.net
      [13:20:00] ESMTP< 250-PIPELINING
      [13:20:00] ESMTP< 250-SIZE 26214400
      [13:20:00] ESMTP< 250-ETRN
      [13:20:00] ESMTP< 250-AUTH CRAM-MD5 DIGEST-MD5 PLAIN LOGIN
      [13:20:00] ESMTP< 250-AUTH=CRAM-MD5 DIGEST-MD5 PLAIN LOGIN
      [13:20:00] ESMTP< 250-ENHANCEDSTATUSCODES
      [13:20:00] ESMTP< 250-8BITMIME
      [13:20:00] ESMTP< 250 DSN
      [13:20:00] ESMTP> AUTH CRAM-MD5
      [13:20:00] ESMTP< 334 PDYzNzUyMDA4NC4xNTQwNTYwMEBzY29ycGlvLnNlaWJlcmNvbS5uZXQ+
      [13:20:00] ESMTP< [Decoded: <637520084.15405600@...>]
      [13:20:00] ESMTP> [Encoded: gerard e4c26c028b7ad6537f6abfe9ba2b960b]
      [13:20:00] ESMTP> Z2VyYXJkIGU0YzI2YzAyOGI3YWQ2NTM3ZjZhYmZlOWJhMmI5NjBi
      [13:20:00] ESMTP< 535 5.7.8 Error: authentication failed: no mechanism
      available. For assistance, please provide the following information
      in your problem report: time (Jan 07 13:20:00), client
      (76.182.104.150) and server (scorpio.seibercom.net).
      ** error occurred on authentication
      *** Authentication failed:
      535 5.7.8 Error: authentication failed: no mechanism available. For
      assistance, please provide the following information in your problem
      report: time (Jan 07 13:20:00), client (76.182.104.150) and server
      (scorpio.seibercom.net).

      This is from the maillog:

      Jan 7 13:19:30 scorpio postfix/smtpd[11214]: connect from
      cpe-076-182-104-150.nc.res.rr.com[76.182.104.150]
      Jan 7 13:19:30 scorpio postfix/smtpd[11214]: warning:
      cpe-076-182-104-150.nc.res.rr.com[76.182.104.150]: SASL CRAM-MD5
      authentication failed: no mechanism available
      Jan 7 13:19:30 scorpio postfix/smtpd[11214]: lost connection after
      AUTH from cpe-076-182-104-150.nc.res.rr.com[76.182.104.150]
      Jan 7 13:19:30 scorpio postfix/smtpd[11214]: disconnect from
      cpe-076-182-104-150.nc.res.rr.com[76.182.104.150]
      Jan 7 13:19:59 scorpio postfix/smtpd[11214]: connect from
      cpe-076-182-104-150.nc.res.rr.com[76.182.104.150]
      Jan 7 13:20:00 scorpio postfix/smtpd[11214]: warning:
      cpe-076-182-104-150.nc.res.rr.com[76.182.104.150]: SASL CRAM-MD5
      authentication failed: no mechanism available
      Jan 7 13:20:00 scorpio postfix/smtpd[11214]: lost connection after
      AUTH from cpe-076-182-104-150.nc.res.rr.com[76.182.104.150]
      Jan 7 13:20:00 scorpio postfix/smtpd[11214]: disconnect from
      cpe-076-182-104-150.nc.res.rr.com[76.182.104.150]

      I even tried with new passwords, the ones shown above, but the problem remains.

      ~ $ postconf -n
      alias_database = hash:/usr/local/etc/postfix/aliases
      alias_maps = $alias_database
      authorized_submit_users = !www, static:all
      broken_sasl_auth_clients = yes
      canonical_maps = hash:/usr/local/etc/postfix/canonical
      command_directory = /usr/local/sbin
      config_directory = /usr/local/etc/postfix
      daemon_directory = /usr/local/libexec/postfix
      data_directory = /var/db/postfix
      debug_peer_level = 2
      debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
      ddd $daemon_directory/$process_name $process_id & sleep 5
      delay_warning_time = 12h
      disable_vrfy_command = yes
      dovecot_destination_recipient_limit = 1
      enable_long_queue_ids = yes
      html_directory = /usr/local/share/doc/postfix
      inet_protocols = ipv4
      mail_owner = postfix
      mailq_path = /usr/local/bin/mailq
      manpage_directory = /usr/local/man
      message_size_limit = 26214400
      milter_default_action = accept
      mydestination =
      mydomain = seibercom.net
      myhostname = scorpio.seibercom.net
      mynetworks = 127.0.0.0/8 192.168.1.1/32 192.168.1.2/31 192.168.1.4/30
      192.168.1.8/29 192.168.1.16/28 192.168.1.32/27 192.168.1.64/27
      192.168.1.96/29 192.168.1.104/31 192.168.1.106/32
      mynetworks_style = subnet
      myorigin = $mydomain
      newaliases_path = /usr/local/bin/newaliases
      queue_directory = /var/spool/postfix
      readme_directory = /usr/local/share/doc/postfix
      recipient_delimiter = +
      sample_directory = /usr/local/etc/postfix
      sender_dependent_relayhost_maps =
      mysql:/usr/local/etc/postfix/mysql-sender_relay
      sendmail_path = /usr/local/sbin/sendmail
      setgid_group = maildrop
      smtp_sasl_auth_enable = yes
      smtp_sasl_password_maps = mysql:/usr/local/etc/postfix/mysql-sasl_passwd
      smtp_sasl_security_options = noanonymous
      smtp_sasl_type = cyrus
      smtp_sender_dependent_authentication = yes
      smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
      smtp_tls_CApath = /usr/local/etc/postfix/certs/
      smtp_tls_note_starttls_offer = yes
      smtp_tls_policy_maps = hash:/usr/local/etc/postfix/tls_policy
      smtp_tls_security_level = may
      smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_tls_session_cache
      smtpd_authorized_verp_clients = $mynetworks
      smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
      smtpd_client_restrictions = reject_unauth_pipelining
      permit_sasl_authenticated reject_unknown_client_hostname
      smtpd_milters = unix:/var/run/clamav/clmilter.sock
      smtpd_recipient_restrictions = reject_non_fqdn_recipient
      reject_unlisted_recipient reject_non_fqdn_sender
      smtpd_reject_footer = \c. For assistance, please provide the following
      information in your problem report: time ($localtime), client
      ($client_address) and server ($server_name).
      smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
      defer_unauth_destination
      smtpd_sasl_auth_enable = yes
      smtpd_sasl_authenticated_header = yes
      smtpd_sasl_local_domain = $myhostname
      smtpd_sasl_path = smtpd
      smtpd_sasl_security_options = noanonymous, noplaintext
      smtpd_sasl_tls_security_options = noanonymous
      smtpd_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
      smtpd_tls_cert_file = /usr/local/etc/postfix/certs/postfix-cert.pem
      smtpd_tls_key_file = /usr/local/etc/postfix/certs/postfix-key.pem
      smtpd_tls_received_header = yes
      smtpd_tls_security_level = may
      smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_tls_session_cache
      tls_random_source = dev:/dev/urandom
      transport_maps = mysql:/usr/local/etc/postfix/mysql-transport
      unknown_local_recipient_reject_code = 550
      virtual_gid_maps = static:1002
      virtual_mailbox_base = /var/mail/vhost
      virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql-domains
      virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql-vmailbox
      virtual_minimum_uid = 100
      virtual_transport = dovecot
      virtual_uid_maps = static:1002


      I have tried rebooting the system; however, the problem still remains.
      This is on a FreeBSD-8.3 system.

      Thanks!
    • Noel Jones
      ... OK, AUTH is offered with CRAM-MD5 and others. ... The client tries to AUTH with CRAM-MD5... ... ... but CRAM-MD5 is broken. This looks like some sort of
      Message 2 of 4 , Jan 7, 2013
      • 0 Attachment
        On 1/7/2013 12:32 PM, Gerard Seibert wrote:
        > My installation of Postfix has been running without a problem for over
        > two years. Suddenly it refused to accept mail from my MUA
        > "Claws-Mail." This is the output of the claws mail log:
        >
        ...
        > [13:20:00] ESMTP< 250-AUTH CRAM-MD5 DIGEST-MD5 PLAIN LOGIN
        > [13:20:00] ESMTP< 250-AUTH=CRAM-MD5 DIGEST-MD5 PLAIN LOGIN

        OK, AUTH is offered with CRAM-MD5 and others.

        > [13:20:00] ESMTP> AUTH CRAM-MD5
        > [13:20:00] ESMTP< 334 PDYzNzUyMDA4NC4xNTQwNTYwMEBzY29ycGlvLnNlaWJlcmNvbS5uZXQ+

        The client tries to AUTH with CRAM-MD5...

        > [13:20:00] ESMTP< 535 5.7.8 Error: authentication failed: no mechanism
        > available. For assistance, please provide the following information
        > in your problem report: time (Jan 07 13:20:00), client
        > (76.182.104.150) and server (scorpio.seibercom.net).

        ... but CRAM-MD5 is broken. This looks like some sort of problem in
        the SASL backend.


        > ~ $ postconf -n
        ...
        > dovecot_destination_recipient_limit = 1

        Looks as if you're using Dovecot.

        > smtp_sasl_type = cyrus

        You've defined cyrus for outgoing SASL. That's probably OK since
        dovecot doesn't provide outgoing SASL.

        > smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
        > defer_unauth_destination

        Appears you're using a recent postfix snapshot. Obviously some
        things have changed in the last 2 years, so "suddenly stopped
        working" isn't entirely accurate.

        > smtpd_sasl_auth_enable = yes
        > smtpd_sasl_authenticated_header = yes
        > smtpd_sasl_local_domain = $myhostname
        > smtpd_sasl_path = smtpd
        > smtpd_sasl_security_options = noanonymous, noplaintext
        > smtpd_sasl_tls_security_options = noanonymous
        > smtpd_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem

        I don't see smtpd_sasl_type listed. The default type is cyrus. Is
        that what you intend? Looks as if you're using dovecot elsewhere.





        -- Noel Jones
      • Jerry
        On Mon, 07 Jan 2013 13:09:26 -0600 ... I discovered the problem. One of my soon to be EX associates updated some applications on the machine last night. One of
        Message 3 of 4 , Jan 7, 2013
        • 0 Attachment
          On Mon, 07 Jan 2013 13:09:26 -0600
          Noel Jones articulated:

          > On 1/7/2013 12:32 PM, Gerard Seibert wrote:
          > > My installation of Postfix has been running without a problem for
          > > over two years. Suddenly it refused to accept mail from my MUA
          > > "Claws-Mail." This is the output of the claws mail log:
          > >
          > ...
          > > [13:20:00] ESMTP< 250-AUTH CRAM-MD5 DIGEST-MD5 PLAIN LOGIN
          > > [13:20:00] ESMTP< 250-AUTH=CRAM-MD5 DIGEST-MD5 PLAIN LOGIN
          >
          > OK, AUTH is offered with CRAM-MD5 and others.
          >
          > > [13:20:00] ESMTP> AUTH CRAM-MD5
          > > [13:20:00] ESMTP< 334
          > > PDYzNzUyMDA4NC4xNTQwNTYwMEBzY29ycGlvLnNlaWJlcmNvbS5uZXQ+
          >
          > The client tries to AUTH with CRAM-MD5...
          >
          > > [13:20:00] ESMTP< 535 5.7.8 Error: authentication failed: no
          > > mechanism available. For assistance, please provide the following
          > > information in your problem report: time (Jan 07 13:20:00), client
          > > (76.182.104.150) and server (scorpio.seibercom.net).
          >
          > ... but CRAM-MD5 is broken. This looks like some sort of problem in
          > the SASL backend.
          >
          >
          > > ~ $ postconf -n
          > ...
          > > dovecot_destination_recipient_limit = 1
          >
          > Looks as if you're using Dovecot.
          >
          > > smtp_sasl_type = cyrus
          >
          > You've defined cyrus for outgoing SASL. That's probably OK since
          > dovecot doesn't provide outgoing SASL.
          >
          > > smtpd_relay_restrictions = permit_mynetworks
          > > permit_sasl_authenticated defer_unauth_destination
          >
          > Appears you're using a recent postfix snapshot. Obviously some
          > things have changed in the last 2 years, so "suddenly stopped
          > working" isn't entirely accurate.
          >
          > > smtpd_sasl_auth_enable = yes
          > > smtpd_sasl_authenticated_header = yes
          > > smtpd_sasl_local_domain = $myhostname
          > > smtpd_sasl_path = smtpd
          > > smtpd_sasl_security_options = noanonymous, noplaintext
          > > smtpd_sasl_tls_security_options = noanonymous
          > > smtpd_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
          >
          > I don't see smtpd_sasl_type listed. The default type is cyrus. Is
          > that what you intend? Looks as if you're using dovecot elsewhere.

          I discovered the problem. One of my soon to be EX associates updated
          some applications on the machine last night. One of them being
          cyrus-sasl2 port. They failed to compile either mysql or bdb support
          into the program. Once I became aware of the problem I simple
          recompiled the port and now all is well with the world again.

          --
          Jerry ✌
          postfix-user@...
          _____________________________________________________________________
          TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
          TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
        • /dev/rob0
          ... [postconf -n] ... I would not say ALL is well. If you re using Dovecot IMAP, it makes no sense at all not to use Dovecot SASL. -- http://rob0.nodns4.us/ --
          Message 4 of 4 , Jan 7, 2013
          • 0 Attachment
            On Mon, Jan 07, 2013 at 02:34:07PM -0500, Jerry wrote:
            > On Mon, 07 Jan 2013 13:09:26 -0600
            > Noel Jones articulated:
            >
            > > On 1/7/2013 12:32 PM, Gerard Seibert wrote:
            [postconf -n]
            > > I don't see smtpd_sasl_type listed. The default type is cyrus.
            > > Is that what you intend? Looks as if you're using dovecot
            > > elsewhere.
            >
            > I discovered the problem. One of my soon to be EX associates
            > updated some applications on the machine last night. One of them
            > being cyrus-sasl2 port. They failed to compile either mysql or bdb
            > support into the program. Once I became aware of the problem I
            > simple recompiled the port and now all is well with the world
            > again.

            I would not say ALL is well. If you're using Dovecot IMAP, it makes
            no sense at all not to use Dovecot SASL.
            --
            http://rob0.nodns4.us/ -- system administration and consulting
            Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
          Your message has been successfully submitted and would be delivered to recipients shortly.