How to debug warning: SASL authentication failure: could not verify password?

Dan White dwhite at olp.net
Thu Sep 25 10:08:33 EDT 2014


On 09/25/14 07:27 +0000, paul at odysen.com wrote:
>I've been having an issue sending emails and have looked online for the
>past few weeks and while I have learned a lot I still haven't been able to
>resolve my issue.  Any help would be greatly appreciated.
>
>I'm able to receive emails but I'm unable to send email. I do not
>understand why the log states 'password matches successfully' and
>'Authenticated' then reports 'SASL authentication failure: could not
>verify password'.
>
>I've set my log levels to:
>/opt/local/etc/postfix/main.cf
>smtpd_tls_loglevel = 3
>
>/opt/local/etc/authlib/authdaemonrc
>DEBUG_LOGIN=7
>
>/opt/local/etc/sasl2/smtpd.conf
>log_level: 7


>Operating System: Solaris
>
>tail -f /var/log/auth.log partial when attempting to send email
>does not show anything changes when I try sending.

Verify you're capturing auth.debug in your syslog config.

>tail -f /var/log/courier.log partial when attempting to send email
>does not show anything changes when I try sending.
>
>tail -f /var/log/postfix partial when attempting to send email

>Sep 25 07:10:55 example.com authdaemond: [ID 702911 mail.info] Authenticated: sysusername=tester01-example, sysuserid=<null>, sysgroupid=1003, homedir=/home/example.com/homes/tester01, address=tester01-example, fullname=Tester, maildir=<null>, quota=<null>, options=<null>

>Sep 25 07:10:55 example.com postfix/smtpd[63124]: [ID 947731 mail.warning] warning: SASL authentication failure: could not verify password

>Why would it report it as 'password matches successfully' and
>'Authenticated' then report 'SASL authentication failure: could not verify
>password'?

There could be a bug between the sasl glue layer (libsasl2) and
authdaemond, which might have been triggered by a change on the authdaemond
query or response string formats. What version are you using? Use socat to
trouble shoot.

Within /opt/local/etc/sasl2/smtpd.conf, set your path to:

authdaemond_path: /tmp/my_mux

Reload postfix

rm /tmp/my_mux
socat UNIX-LISTEN:/tmp/my_mux - &
chmod 666 /tmp/my_mux

>From another shell:

smtptest -m PLAIN -a jsmith localhost

After providing your password, socat should output this:

AUTH 27
smtp
login
jsmith
password

"27" appears to represent the number of bytes in the last 4 lines,
including the newlines.

You could input this data directly to the authdaemond socket:

socat UNIX:/path/to/authdaemond/mux -

Another option would be to use saslauthd with its imap, configured to
relay authentication to your courier imap daemon.

-- 
Dan White
BTC Broadband
Network Admin Lead
Ph  918.366.0248 (direct)   main: (918)366-8000
Fax 918.366.6610            email: dwhite at olp.net
http://www.btcbroadband.com


More information about the Cyrus-sasl mailing list