How to debug warning: SASL authentication failure: could not verify password?
Dan White
dwhite at olp.net
Thu Sep 25 10:08:33 EDT 2014
On 09/25/14 07:27 +0000, paul at odysen.com wrote:
>I've been having an issue sending emails and have looked online for the
>past few weeks and while I have learned a lot I still haven't been able to
>resolve my issue. Any help would be greatly appreciated.
>
>I'm able to receive emails but I'm unable to send email. I do not
>understand why the log states 'password matches successfully' and
>'Authenticated' then reports 'SASL authentication failure: could not
>verify password'.
>
>I've set my log levels to:
>/opt/local/etc/postfix/main.cf
>smtpd_tls_loglevel = 3
>
>/opt/local/etc/authlib/authdaemonrc
>DEBUG_LOGIN=7
>
>/opt/local/etc/sasl2/smtpd.conf
>log_level: 7
>Operating System: Solaris
>
>tail -f /var/log/auth.log partial when attempting to send email
>does not show anything changes when I try sending.
Verify you're capturing auth.debug in your syslog config.
>tail -f /var/log/courier.log partial when attempting to send email
>does not show anything changes when I try sending.
>
>tail -f /var/log/postfix partial when attempting to send email
>Sep 25 07:10:55 example.com authdaemond: [ID 702911 mail.info] Authenticated: sysusername=tester01-example, sysuserid=<null>, sysgroupid=1003, homedir=/home/example.com/homes/tester01, address=tester01-example, fullname=Tester, maildir=<null>, quota=<null>, options=<null>
>Sep 25 07:10:55 example.com postfix/smtpd[63124]: [ID 947731 mail.warning] warning: SASL authentication failure: could not verify password
>Why would it report it as 'password matches successfully' and
>'Authenticated' then report 'SASL authentication failure: could not verify
>password'?
There could be a bug between the sasl glue layer (libsasl2) and
authdaemond, which might have been triggered by a change on the authdaemond
query or response string formats. What version are you using? Use socat to
trouble shoot.
Within /opt/local/etc/sasl2/smtpd.conf, set your path to:
authdaemond_path: /tmp/my_mux
Reload postfix
rm /tmp/my_mux
socat UNIX-LISTEN:/tmp/my_mux - &
chmod 666 /tmp/my_mux
>From another shell:
smtptest -m PLAIN -a jsmith localhost
After providing your password, socat should output this:
AUTH 27
smtp
login
jsmith
password
"27" appears to represent the number of bytes in the last 4 lines,
including the newlines.
You could input this data directly to the authdaemond socket:
socat UNIX:/path/to/authdaemond/mux -
Another option would be to use saslauthd with its imap, configured to
relay authentication to your courier imap daemon.
--
Dan White
BTC Broadband
Network Admin Lead
Ph 918.366.0248 (direct) main: (918)366-8000
Fax 918.366.6610 email: dwhite at olp.net
http://www.btcbroadband.com
More information about the Cyrus-sasl
mailing list