cyrus-sasl2 mysql postfix freebsd problem

Berger, Stefan (IT - Management) stefan.berger at dima-systems.com
Fri Jan 6 11:38:27 EST 2006


do you have a syslog too? maillog is not really communicative

David Newman schrieb:

>On 1/6/06 7:08 AM, "Berger, Stefan (IT - Management)"
><stefan.berger at dima-systems.com> wrote:
>
>  
>
>>show your logs
>>    
>>
>
>Here's the log output from this conversation:
>
>petacchi# telnet localhost 25
>Trying ::1...
>telnet: connect to address ::1: Connection refused
>Trying 127.0.0.1...
>Connected to localhost.int.networktest.com.
>Escape character is '^]'.
>220 petacchi.int.networktest.com ESMTP Postfix
>ehlo networktest.com
>250-petacchi.int.networktest.com
>250-PIPELINING
>250-SIZE 10240000
>250-VRFY
>250-ETRN
>250-AUTH LOGIN PLAIN
>250-AUTH=LOGIN PLAIN
>250 8BITMIME
>AUTH PLAIN dGVzdAB0ZXN0AHRlc3RwYXNz
>535 Error: authentication failed
>quit
>221 Bye  
>
>auth.log:
>
>Jan  6 08:09:24 petacchi postfix/smtpd[29334]: sql plugin: no result found
>
>maillog:
>
>Jan  6 08:09:15 petacchi postfix/smtpd[29334]: connection established
>Jan  6 08:09:15 petacchi postfix/smtpd[29334]: master_notify: status 0
>Jan  6 08:09:15 petacchi postfix/smtpd[29334]: name_mask: resource
>Jan  6 08:09:15 petacchi postfix/smtpd[29334]: name_mask: software
>Jan  6 08:09:15 petacchi postfix/smtpd[29334]: name_mask: noanonymous
>Jan  6 08:09:15 petacchi postfix/smtpd[29334]: connect from
>localhost.int.networktest.com[127.0.0.1]
>Jan  6 08:09:15 petacchi postfix/smtpd[29334]: match_list_match:
>localhost.int.networktest.com: no match
>Jan  6 08:09:15 petacchi postfix/smtpd[29334]: match_list_match: 127.0.0.1:
>no match
>Jan  6 08:09:15 petacchi postfix/smtpd[29334]: match_list_match:
>localhost.int.networktest.com: no match
>Jan  6 08:09:15 petacchi postfix/smtpd[29334]: match_list_match: 127.0.0.1:
>no match
>Jan  6 08:09:15 petacchi postfix/smtpd[29334]: match_hostname:
>localhost.int.networktest.com ~? 64.239.163.224/28
>Jan  6 08:09:15 petacchi postfix/smtpd[29334]: match_hostaddr: 127.0.0.1 ~?
>64.239.163.224/28
>Jan  6 08:09:15 petacchi postfix/smtpd[29334]: match_hostname:
>localhost.int.networktest.com ~? 68.66.238.223/32
>Jan  6 08:09:15 petacchi postfix/smtpd[29334]: match_hostaddr: 127.0.0.1 ~?
>68.66.238.223/32  
>Jan  6 08:09:15 petacchi postfix/smtpd[29334]: match_hostname:
>localhost.int.networktest.com ~? 128.0.0.0/24
>Jan  6 08:09:15 petacchi postfix/smtpd[29334]: match_hostaddr: 127.0.0.1 ~?
>128.0.0.0/24
>Jan  6 08:09:15 petacchi postfix/smtpd[29334]: match_hostname:
>localhost.int.networktest.com ~? 127.0.0.0/8
>Jan  6 08:09:15 petacchi postfix/smtpd[29334]: match_hostaddr: 127.0.0.1 ~?
>127.0.0.0/8
>Jan  6 08:09:15 petacchi postfix/smtpd[29334]: >
>localhost.int.networktest.com[127.0.0.1]: 220 petacchi.int.networktest.com
>ESMTP Postfix
>Jan  6 08:09:20 petacchi postfix/smtpd[29334]: <
>localhost.int.networktest.com[127.0.0.1]: ehlo networktest.com
>Jan  6 08:09:20 petacchi postfix/smtpd[29334]: >
>localhost.int.networktest.com[127.0.0.1]: 250-petacchi.int.networktest.com
>Jan  6 08:09:20 petacchi postfix/smtpd[29334]: >
>localhost.int.networktest.com[127.0.0.1]: 250-PIPELINING
>Jan  6 08:09:20 petacchi postfix/smtpd[29334]: >
>localhost.int.networktest.com[127.0.0.1]: 250-SIZE 10240000
>Jan  6 08:09:20 petacchi postfix/smtpd[29334]: >
>localhost.int.networktest.com[127.0.0.1]: 250-VRFY
>Jan  6 08:09:20 petacchi postfix/smtpd[29334]: >
>localhost.int.networktest.com[127.0.0.1]: 250-ETRN
>Jan  6 08:09:20 petacchi postfix/smtpd[29334]: >
>localhost.int.networktest.com[127.0.0.1]: 250-AUTH LOGIN PLAIN
>Jan  6 08:09:20 petacchi postfix/smtpd[29334]: match_list_match:
>localhost.int.networktest.com: no match
>Jan  6 08:09:20 petacchi postfix/smtpd[29334]: match_list_match: 127.0.0.1:
>no match
>Jan  6 08:09:20 petacchi postfix/smtpd[29334]: >
>localhost.int.networktest.com[127.0.0.1]: 250-AUTH=LOGIN PLAIN
>Jan  6 08:09:20 petacchi postfix/smtpd[29334]: >
>localhost.int.networktest.com[127.0.0.1]: 250 8BITMIME
>Jan  6 08:09:24 petacchi postfix/smtpd[29334]: <
>localhost.int.networktest.com[127.0.0.1]: auth plain
>dGVzdAB0ZXN0AHRlc3RwYXNz
>Jan  6 08:09:24 petacchi postfix/smtpd[29334]: smtpd_sasl_authenticate:
>sasl_method plain, init_response dGVzdAB0ZXN0AHRlc3RwYXNz
>Jan  6 08:09:24 petacchi postfix/smtpd[29334]: smtpd_sasl_authenticate:
>decoded
>initial response test
>Jan  6 08:09:24 petacchi postfix/smtpd[29334]: warning: SASL authentication
>failure: Password verification failed
>Jan  6 08:09:24 petacchi postfix/smtpd[29334]: warning:
>localhost.int.networktest.com[127.0.0.1]: SASL plain authentication failed
>
>messages:
>Jan  6 08:09:24 petacchi postfix/smtpd[29334]: sql plugin: no result found
>
>dn
>
>
>  
>
>>David Newman schrieb:
>>
>>    
>>
>>>FreeBSD 6.0-RELEASE, cyrus-sasl2-2.1.21, postfix-2.2.5, mysql-4.1.13
>>>
>>>Using the Hlidebrandt/Koetter book as a guide, I'm trying to set up Postfix
>>>with cyrus-sasl2 and MySQL. I am getting SMTP AUTH failures.
>>>
>>>I believe this has something to do with cyrus-sasl, as I have tested MySQL
>>>and postfix separately and they work ok.
>>>
>>>Two problems:
>>>
>>>1. The FreeBSD ports version of cyrus-sasl2 does not include the "client"
>>>and "server" programs described in testing.txt, making it impossible to test
>>>cyrus-sasl2 on its own.
>>>
>>>2. When I use Postfix to test SMTP AUTH, I'm  just getting authentication
>>>failures using an mmencoded version of "test" and "testpass".
>>>
>>>I've attached the output of saslfinger -s below.
>>>
>>>Thanks in advance for any clues.
>>>
>>>dn
>>>
>>>
>>>
>>>saslfinger - postfix Cyrus sasl configuration Fri Jan  6 06:21:31 PST 2006
>>>version: 1.0
>>>mode: server-side SMTP AUTH
>>>
>>>-- basics --
>>>Postfix: 2.2.5
>>>System: FreeBSD 6.0-RELEASE-p1 (SMP) #0: Fri Dec 23 17:35:11 PST 2005
>>>
>>>
>>>-- smtpd is linked to --
>>>       libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x800688000)
>>>
>>>-- active SMTP AUTH and TLS parameters for smtpd --
>>>broken_sasl_auth_clients = yes
>>>smtpd_sasl_auth_enable = yes
>>>smtpd_sasl_local_domain =
>>>smtpd_sasl_security_options = noanonymous
>>>
>>>
>>>-- listing of /usr/lib/sasl2 --
>>>total 358
>>>drwxr-xr-x  3 root  wheel   1024 Jan  6 05:48 .
>>>drwxr-xr-x  9 root  wheel   2048 Jan  6 05:48 ..
>>>drwxr-xr-x  2 root  wheel    512 Jan  2 12:49 deactivated
>>>-rw-r--r--  1 root  wheel  18732 Jan  6 05:48 libanonymous.a
>>>-rwxr-xr-x  1 root  wheel  20008 Jan  6 05:48 libanonymous.so
>>>-rwxr-xr-x  1 root  wheel  20008 Jan  6 05:48 libanonymous.so.2
>>>-rw-r--r--  1 root  wheel  18894 Jan  6 05:48 liblogin.a
>>>-rwxr-xr-x  1 root  wheel  20439 Jan  6 05:48 liblogin.so
>>>-rwxr-xr-x  1 root  wheel  20439 Jan  6 05:48 liblogin.so.2
>>>-rw-r--r--  1 root  wheel  18974 Jan  6 05:48 libplain.a
>>>-rwxr-xr-x  1 root  wheel  20453 Jan  6 05:48 libplain.so
>>>-rwxr-xr-x  1 root  wheel  20453 Jan  6 05:48 libplain.so.2
>>>-rw-r--r--  1 root  wheel  28404 Jan  6 05:48 libsasldb.a
>>>-rwxr-xr-x  1 root  wheel  25814 Jan  6 05:48 libsasldb.so
>>>-rwxr-xr-x  1 root  wheel  25814 Jan  6 05:48 libsasldb.so.2
>>>-rw-r--r--  1 root  wheel  26776 Jan  6 05:48 libsql.a
>>>-rwxr-xr-x  1 root  wheel  29202 Jan  6 05:48 libsql.so
>>>-rwxr-xr-x  1 root  wheel  29202 Jan  6 05:48 libsql.so.2
>>>-rw-r--r--  1 root  wheel    350 Jan  6 06:14 sample.conf
>>>-rw-r--r--  1 root  wheel    350 Jan  6 06:14 smtpd.conf
>>>
>>>-- listing of /usr/local/lib/sasl2 --
>>>total 358
>>>drwxr-xr-x  3 root  wheel   1024 Jan  6 05:48 .
>>>drwxr-xr-x  9 root  wheel   2048 Jan  6 05:48 ..
>>>drwxr-xr-x  2 root  wheel    512 Jan  2 12:49 deactivated
>>>-rw-r--r--  1 root  wheel  18732 Jan  6 05:48 libanonymous.a
>>>-rwxr-xr-x  1 root  wheel  20008 Jan  6 05:48 libanonymous.so
>>>-rwxr-xr-x  1 root  wheel  20008 Jan  6 05:48 libanonymous.so.2
>>>-rw-r--r--  1 root  wheel  18894 Jan  6 05:48 liblogin.a
>>>-rwxr-xr-x  1 root  wheel  20439 Jan  6 05:48 liblogin.so
>>>-rwxr-xr-x  1 root  wheel  20439 Jan  6 05:48 liblogin.so.2
>>>-rw-r--r--  1 root  wheel  18974 Jan  6 05:48 libplain.a
>>>-rwxr-xr-x  1 root  wheel  20453 Jan  6 05:48 libplain.so
>>>-rwxr-xr-x  1 root  wheel  20453 Jan  6 05:48 libplain.so.2
>>>-rw-r--r--  1 root  wheel  28404 Jan  6 05:48 libsasldb.a
>>>-rwxr-xr-x  1 root  wheel  25814 Jan  6 05:48 libsasldb.so
>>>-rwxr-xr-x  1 root  wheel  25814 Jan  6 05:48 libsasldb.so.2
>>>-rw-r--r--  1 root  wheel  26776 Jan  6 05:48 libsql.a
>>>-rwxr-xr-x  1 root  wheel  29202 Jan  6 05:48 libsql.so
>>>-rwxr-xr-x  1 root  wheel  29202 Jan  6 05:48 libsql.so.2
>>>-rw-r--r--  1 root  wheel    350 Jan  6 06:14 sample.conf
>>>-rw-r--r--  1 root  wheel    350 Jan  6 06:14 smtpd.conf
>>>
>>>
>>>
>>>
>>>-- content of /usr/lib/sasl2/smtpd.conf --
>>># Global parameters
>>>log_level: 3
>>>pwcheck_method: auxprop
>>>mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
>>># Auxiliary parameters
>>>auxprop_plugin: sql
>>>sql_engine: mysql
>>>sql_hostnames: localhost
>>>sql_database: mail
>>>sql_user: --- replaced ---
>>>sql_passwd: --- replaced ---
>>>sql_select: SELECT %p FROM users WHERE username = '%u' AND userrealm = '%r'
>>>AND auth = '1'
>>>sql_usessl: no
>>>
>>>-- content of /usr/local/lib/sasl2/smtpd.conf --
>>># Global parameters
>>>log_level: 3
>>>pwcheck_method: auxprop
>>>mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
>>># Auxiliary parameters
>>>auxprop_plugin: sql
>>>sql_engine: mysql
>>>sql_hostnames: localhost
>>>sql_database: mail
>>>sql_user: --- replaced ---
>>>sql_passwd: --- replaced ---
>>>sql_select: SELECT %p FROM users WHERE username = '%u' AND userrealm = '%r'
>>>AND auth = '1'
>>>sql_usessl: no
>>>
>>>
>>>-- active services in /usr/local/etc/postfix/master.cf --
>>># service type  private unpriv  chroot  wakeup  maxproc command + args
>>>#               (yes)   (yes)   (yes)   (never) (100)
>>>smtp      inet  n       -       n       -       -       smtpd -v
>>>pickup    fifo  n       -       n       60      1       pickup
>>>cleanup   unix  n       -       n       -       0       cleanup
>>>qmgr      fifo  n       -       n       300     1       qmgr
>>>tlsmgr    unix  -       -       n       1000?   1       tlsmgr
>>>rewrite   unix  -       -       n       -       -       trivial-rewrite
>>>bounce    unix  -       -       n       -       0       bounce
>>>defer     unix  -       -       n       -       0       bounce
>>>trace     unix  -       -       n       -       0       bounce
>>>verify    unix  -       -       n       -       1       verify
>>>flush     unix  n       -       n       1000?   0       flush
>>>proxymap  unix  -       -       n       -       -       proxymap
>>>smtp      unix  -       -       n       -       -       smtp
>>>relay     unix  -       -       n       -       -       smtp
>>>       -o fallback_relay=
>>>showq     unix  n       -       n       -       -       showq
>>>error     unix  -       -       n       -       -       error
>>>discard   unix  -       -       n       -       -       discard
>>>local     unix  -       n       n       -       -       local
>>>virtual   unix  -       n       n       -       -       virtual
>>>lmtp      unix  -       -       n       -       -       lmtp
>>>anvil     unix  -       -       n       -       1       anvil
>>>scache    unix  -       -       n       -       1       scache
>>>maildrop  unix  -       n       n       -       -       pipe
>>> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
>>>old-cyrus unix  -       n       n       -       -       pipe
>>> flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
>>>cyrus     unix  -       n       n       -       -       pipe
>>> user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
>>>uucp      unix  -       n       n       -       -       pipe
>>> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
>>>($recipient)ifmail    unix  -       n       n       -       -       pipe
>>> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
>>>bsmtp     unix  -       n       n       -       -       pipe
>>> flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
>>>$recipient
>>>
>>>-- mechanisms on localhost --
>>>250-AUTH LOGIN PLAIN
>>>250-AUTH=LOGIN PLAIN
>>>
>>>
>>>-- end of saslfinger output --
>>>                
>>>
>>>
>>> 
>>>
>>>      
>>>
>
>
>  
>

-- 
Stefan Berger

- Systemadministrator -

DIMA Systems AG
Nonnenstraße 39
04229 Leipzig

Tel.:   +49 341  2668 - 0
Fax.:   +49 341  2866 - 333
mailto: stefan.berger at dima-systems.de
        www.dima-systems.de

This e-mail may contain information that is privileged and confidential.
The information is intended only for the use of the addressee. If you are not the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited and may be unlawful. If you have received this e-mail in error, please notify DIMA Systems AG immediately and erase all copies of the message.




More information about the Cyrus-sasl mailing list