cyrus-sasl2 mysql postfix freebsd problem
Berger, Stefan (IT - Management)
stefan.berger at dima-systems.com
Fri Jan 6 11:38:27 EST 2006
do you have a syslog too? maillog is not really communicative
David Newman schrieb:
>On 1/6/06 7:08 AM, "Berger, Stefan (IT - Management)"
><stefan.berger at dima-systems.com> wrote:
>
>
>
>>show your logs
>>
>>
>
>Here's the log output from this conversation:
>
>petacchi# telnet localhost 25
>Trying ::1...
>telnet: connect to address ::1: Connection refused
>Trying 127.0.0.1...
>Connected to localhost.int.networktest.com.
>Escape character is '^]'.
>220 petacchi.int.networktest.com ESMTP Postfix
>ehlo networktest.com
>250-petacchi.int.networktest.com
>250-PIPELINING
>250-SIZE 10240000
>250-VRFY
>250-ETRN
>250-AUTH LOGIN PLAIN
>250-AUTH=LOGIN PLAIN
>250 8BITMIME
>AUTH PLAIN dGVzdAB0ZXN0AHRlc3RwYXNz
>535 Error: authentication failed
>quit
>221 Bye
>
>auth.log:
>
>Jan 6 08:09:24 petacchi postfix/smtpd[29334]: sql plugin: no result found
>
>maillog:
>
>Jan 6 08:09:15 petacchi postfix/smtpd[29334]: connection established
>Jan 6 08:09:15 petacchi postfix/smtpd[29334]: master_notify: status 0
>Jan 6 08:09:15 petacchi postfix/smtpd[29334]: name_mask: resource
>Jan 6 08:09:15 petacchi postfix/smtpd[29334]: name_mask: software
>Jan 6 08:09:15 petacchi postfix/smtpd[29334]: name_mask: noanonymous
>Jan 6 08:09:15 petacchi postfix/smtpd[29334]: connect from
>localhost.int.networktest.com[127.0.0.1]
>Jan 6 08:09:15 petacchi postfix/smtpd[29334]: match_list_match:
>localhost.int.networktest.com: no match
>Jan 6 08:09:15 petacchi postfix/smtpd[29334]: match_list_match: 127.0.0.1:
>no match
>Jan 6 08:09:15 petacchi postfix/smtpd[29334]: match_list_match:
>localhost.int.networktest.com: no match
>Jan 6 08:09:15 petacchi postfix/smtpd[29334]: match_list_match: 127.0.0.1:
>no match
>Jan 6 08:09:15 petacchi postfix/smtpd[29334]: match_hostname:
>localhost.int.networktest.com ~? 64.239.163.224/28
>Jan 6 08:09:15 petacchi postfix/smtpd[29334]: match_hostaddr: 127.0.0.1 ~?
>64.239.163.224/28
>Jan 6 08:09:15 petacchi postfix/smtpd[29334]: match_hostname:
>localhost.int.networktest.com ~? 68.66.238.223/32
>Jan 6 08:09:15 petacchi postfix/smtpd[29334]: match_hostaddr: 127.0.0.1 ~?
>68.66.238.223/32
>Jan 6 08:09:15 petacchi postfix/smtpd[29334]: match_hostname:
>localhost.int.networktest.com ~? 128.0.0.0/24
>Jan 6 08:09:15 petacchi postfix/smtpd[29334]: match_hostaddr: 127.0.0.1 ~?
>128.0.0.0/24
>Jan 6 08:09:15 petacchi postfix/smtpd[29334]: match_hostname:
>localhost.int.networktest.com ~? 127.0.0.0/8
>Jan 6 08:09:15 petacchi postfix/smtpd[29334]: match_hostaddr: 127.0.0.1 ~?
>127.0.0.0/8
>Jan 6 08:09:15 petacchi postfix/smtpd[29334]: >
>localhost.int.networktest.com[127.0.0.1]: 220 petacchi.int.networktest.com
>ESMTP Postfix
>Jan 6 08:09:20 petacchi postfix/smtpd[29334]: <
>localhost.int.networktest.com[127.0.0.1]: ehlo networktest.com
>Jan 6 08:09:20 petacchi postfix/smtpd[29334]: >
>localhost.int.networktest.com[127.0.0.1]: 250-petacchi.int.networktest.com
>Jan 6 08:09:20 petacchi postfix/smtpd[29334]: >
>localhost.int.networktest.com[127.0.0.1]: 250-PIPELINING
>Jan 6 08:09:20 petacchi postfix/smtpd[29334]: >
>localhost.int.networktest.com[127.0.0.1]: 250-SIZE 10240000
>Jan 6 08:09:20 petacchi postfix/smtpd[29334]: >
>localhost.int.networktest.com[127.0.0.1]: 250-VRFY
>Jan 6 08:09:20 petacchi postfix/smtpd[29334]: >
>localhost.int.networktest.com[127.0.0.1]: 250-ETRN
>Jan 6 08:09:20 petacchi postfix/smtpd[29334]: >
>localhost.int.networktest.com[127.0.0.1]: 250-AUTH LOGIN PLAIN
>Jan 6 08:09:20 petacchi postfix/smtpd[29334]: match_list_match:
>localhost.int.networktest.com: no match
>Jan 6 08:09:20 petacchi postfix/smtpd[29334]: match_list_match: 127.0.0.1:
>no match
>Jan 6 08:09:20 petacchi postfix/smtpd[29334]: >
>localhost.int.networktest.com[127.0.0.1]: 250-AUTH=LOGIN PLAIN
>Jan 6 08:09:20 petacchi postfix/smtpd[29334]: >
>localhost.int.networktest.com[127.0.0.1]: 250 8BITMIME
>Jan 6 08:09:24 petacchi postfix/smtpd[29334]: <
>localhost.int.networktest.com[127.0.0.1]: auth plain
>dGVzdAB0ZXN0AHRlc3RwYXNz
>Jan 6 08:09:24 petacchi postfix/smtpd[29334]: smtpd_sasl_authenticate:
>sasl_method plain, init_response dGVzdAB0ZXN0AHRlc3RwYXNz
>Jan 6 08:09:24 petacchi postfix/smtpd[29334]: smtpd_sasl_authenticate:
>decoded
>initial response test
>Jan 6 08:09:24 petacchi postfix/smtpd[29334]: warning: SASL authentication
>failure: Password verification failed
>Jan 6 08:09:24 petacchi postfix/smtpd[29334]: warning:
>localhost.int.networktest.com[127.0.0.1]: SASL plain authentication failed
>
>messages:
>Jan 6 08:09:24 petacchi postfix/smtpd[29334]: sql plugin: no result found
>
>dn
>
>
>
>
>>David Newman schrieb:
>>
>>
>>
>>>FreeBSD 6.0-RELEASE, cyrus-sasl2-2.1.21, postfix-2.2.5, mysql-4.1.13
>>>
>>>Using the Hlidebrandt/Koetter book as a guide, I'm trying to set up Postfix
>>>with cyrus-sasl2 and MySQL. I am getting SMTP AUTH failures.
>>>
>>>I believe this has something to do with cyrus-sasl, as I have tested MySQL
>>>and postfix separately and they work ok.
>>>
>>>Two problems:
>>>
>>>1. The FreeBSD ports version of cyrus-sasl2 does not include the "client"
>>>and "server" programs described in testing.txt, making it impossible to test
>>>cyrus-sasl2 on its own.
>>>
>>>2. When I use Postfix to test SMTP AUTH, I'm just getting authentication
>>>failures using an mmencoded version of "test" and "testpass".
>>>
>>>I've attached the output of saslfinger -s below.
>>>
>>>Thanks in advance for any clues.
>>>
>>>dn
>>>
>>>
>>>
>>>saslfinger - postfix Cyrus sasl configuration Fri Jan 6 06:21:31 PST 2006
>>>version: 1.0
>>>mode: server-side SMTP AUTH
>>>
>>>-- basics --
>>>Postfix: 2.2.5
>>>System: FreeBSD 6.0-RELEASE-p1 (SMP) #0: Fri Dec 23 17:35:11 PST 2005
>>>
>>>
>>>-- smtpd is linked to --
>>> libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x800688000)
>>>
>>>-- active SMTP AUTH and TLS parameters for smtpd --
>>>broken_sasl_auth_clients = yes
>>>smtpd_sasl_auth_enable = yes
>>>smtpd_sasl_local_domain =
>>>smtpd_sasl_security_options = noanonymous
>>>
>>>
>>>-- listing of /usr/lib/sasl2 --
>>>total 358
>>>drwxr-xr-x 3 root wheel 1024 Jan 6 05:48 .
>>>drwxr-xr-x 9 root wheel 2048 Jan 6 05:48 ..
>>>drwxr-xr-x 2 root wheel 512 Jan 2 12:49 deactivated
>>>-rw-r--r-- 1 root wheel 18732 Jan 6 05:48 libanonymous.a
>>>-rwxr-xr-x 1 root wheel 20008 Jan 6 05:48 libanonymous.so
>>>-rwxr-xr-x 1 root wheel 20008 Jan 6 05:48 libanonymous.so.2
>>>-rw-r--r-- 1 root wheel 18894 Jan 6 05:48 liblogin.a
>>>-rwxr-xr-x 1 root wheel 20439 Jan 6 05:48 liblogin.so
>>>-rwxr-xr-x 1 root wheel 20439 Jan 6 05:48 liblogin.so.2
>>>-rw-r--r-- 1 root wheel 18974 Jan 6 05:48 libplain.a
>>>-rwxr-xr-x 1 root wheel 20453 Jan 6 05:48 libplain.so
>>>-rwxr-xr-x 1 root wheel 20453 Jan 6 05:48 libplain.so.2
>>>-rw-r--r-- 1 root wheel 28404 Jan 6 05:48 libsasldb.a
>>>-rwxr-xr-x 1 root wheel 25814 Jan 6 05:48 libsasldb.so
>>>-rwxr-xr-x 1 root wheel 25814 Jan 6 05:48 libsasldb.so.2
>>>-rw-r--r-- 1 root wheel 26776 Jan 6 05:48 libsql.a
>>>-rwxr-xr-x 1 root wheel 29202 Jan 6 05:48 libsql.so
>>>-rwxr-xr-x 1 root wheel 29202 Jan 6 05:48 libsql.so.2
>>>-rw-r--r-- 1 root wheel 350 Jan 6 06:14 sample.conf
>>>-rw-r--r-- 1 root wheel 350 Jan 6 06:14 smtpd.conf
>>>
>>>-- listing of /usr/local/lib/sasl2 --
>>>total 358
>>>drwxr-xr-x 3 root wheel 1024 Jan 6 05:48 .
>>>drwxr-xr-x 9 root wheel 2048 Jan 6 05:48 ..
>>>drwxr-xr-x 2 root wheel 512 Jan 2 12:49 deactivated
>>>-rw-r--r-- 1 root wheel 18732 Jan 6 05:48 libanonymous.a
>>>-rwxr-xr-x 1 root wheel 20008 Jan 6 05:48 libanonymous.so
>>>-rwxr-xr-x 1 root wheel 20008 Jan 6 05:48 libanonymous.so.2
>>>-rw-r--r-- 1 root wheel 18894 Jan 6 05:48 liblogin.a
>>>-rwxr-xr-x 1 root wheel 20439 Jan 6 05:48 liblogin.so
>>>-rwxr-xr-x 1 root wheel 20439 Jan 6 05:48 liblogin.so.2
>>>-rw-r--r-- 1 root wheel 18974 Jan 6 05:48 libplain.a
>>>-rwxr-xr-x 1 root wheel 20453 Jan 6 05:48 libplain.so
>>>-rwxr-xr-x 1 root wheel 20453 Jan 6 05:48 libplain.so.2
>>>-rw-r--r-- 1 root wheel 28404 Jan 6 05:48 libsasldb.a
>>>-rwxr-xr-x 1 root wheel 25814 Jan 6 05:48 libsasldb.so
>>>-rwxr-xr-x 1 root wheel 25814 Jan 6 05:48 libsasldb.so.2
>>>-rw-r--r-- 1 root wheel 26776 Jan 6 05:48 libsql.a
>>>-rwxr-xr-x 1 root wheel 29202 Jan 6 05:48 libsql.so
>>>-rwxr-xr-x 1 root wheel 29202 Jan 6 05:48 libsql.so.2
>>>-rw-r--r-- 1 root wheel 350 Jan 6 06:14 sample.conf
>>>-rw-r--r-- 1 root wheel 350 Jan 6 06:14 smtpd.conf
>>>
>>>
>>>
>>>
>>>-- content of /usr/lib/sasl2/smtpd.conf --
>>># Global parameters
>>>log_level: 3
>>>pwcheck_method: auxprop
>>>mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
>>># Auxiliary parameters
>>>auxprop_plugin: sql
>>>sql_engine: mysql
>>>sql_hostnames: localhost
>>>sql_database: mail
>>>sql_user: --- replaced ---
>>>sql_passwd: --- replaced ---
>>>sql_select: SELECT %p FROM users WHERE username = '%u' AND userrealm = '%r'
>>>AND auth = '1'
>>>sql_usessl: no
>>>
>>>-- content of /usr/local/lib/sasl2/smtpd.conf --
>>># Global parameters
>>>log_level: 3
>>>pwcheck_method: auxprop
>>>mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
>>># Auxiliary parameters
>>>auxprop_plugin: sql
>>>sql_engine: mysql
>>>sql_hostnames: localhost
>>>sql_database: mail
>>>sql_user: --- replaced ---
>>>sql_passwd: --- replaced ---
>>>sql_select: SELECT %p FROM users WHERE username = '%u' AND userrealm = '%r'
>>>AND auth = '1'
>>>sql_usessl: no
>>>
>>>
>>>-- active services in /usr/local/etc/postfix/master.cf --
>>># service type private unpriv chroot wakeup maxproc command + args
>>># (yes) (yes) (yes) (never) (100)
>>>smtp inet n - n - - smtpd -v
>>>pickup fifo n - n 60 1 pickup
>>>cleanup unix n - n - 0 cleanup
>>>qmgr fifo n - n 300 1 qmgr
>>>tlsmgr unix - - n 1000? 1 tlsmgr
>>>rewrite unix - - n - - trivial-rewrite
>>>bounce unix - - n - 0 bounce
>>>defer unix - - n - 0 bounce
>>>trace unix - - n - 0 bounce
>>>verify unix - - n - 1 verify
>>>flush unix n - n 1000? 0 flush
>>>proxymap unix - - n - - proxymap
>>>smtp unix - - n - - smtp
>>>relay unix - - n - - smtp
>>> -o fallback_relay=
>>>showq unix n - n - - showq
>>>error unix - - n - - error
>>>discard unix - - n - - discard
>>>local unix - n n - - local
>>>virtual unix - n n - - virtual
>>>lmtp unix - - n - - lmtp
>>>anvil unix - - n - 1 anvil
>>>scache unix - - n - 1 scache
>>>maildrop unix - n n - - pipe
>>> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
>>>old-cyrus unix - n n - - pipe
>>> flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
>>>cyrus unix - n n - - pipe
>>> user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
>>>uucp unix - n n - - pipe
>>> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
>>>($recipient)ifmail unix - n n - - pipe
>>> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
>>>bsmtp unix - n n - - pipe
>>> flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
>>>$recipient
>>>
>>>-- mechanisms on localhost --
>>>250-AUTH LOGIN PLAIN
>>>250-AUTH=LOGIN PLAIN
>>>
>>>
>>>-- end of saslfinger output --
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>
>
>
>
--
Stefan Berger
- Systemadministrator -
DIMA Systems AG
Nonnenstraße 39
04229 Leipzig
Tel.: +49 341 2668 - 0
Fax.: +49 341 2866 - 333
mailto: stefan.berger at dima-systems.de
www.dima-systems.de
This e-mail may contain information that is privileged and confidential.
The information is intended only for the use of the addressee. If you are not the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited and may be unlawful. If you have received this e-mail in error, please notify DIMA Systems AG immediately and erase all copies of the message.
More information about the Cyrus-sasl
mailing list