How to debug warning: SASL authentication failure: could not verify password?
paul at odysen.com
paul at odysen.com
Fri Sep 26 00:21:12 EDT 2014
Thanks Dan for your feedback.. comments in line below.
Dan White <dwhite at olp.net> wrote ..
> On 09/25/14 07:27 +0000, paul at odysen.com wrote:
> >I've been having an issue sending emails and have looked online for the
> >past few weeks and while I have learned a lot I still haven't been able to
> >resolve my issue. Any help would be greatly appreciated.
> >
> >I'm able to receive emails but I'm unable to send email. I do not
> >understand why the log states 'password matches successfully' and
> >'Authenticated' then reports 'SASL authentication failure: could not
> >verify password'.
> >
> >I've set my log levels to:
> >/opt/local/etc/postfix/main.cf
> >smtpd_tls_loglevel = 3
> >
> >/opt/local/etc/authlib/authdaemonrc
> >DEBUG_LOGIN=7
> >
> >/opt/local/etc/sasl2/smtpd.conf
> >log_level: 7
>
>
> >Operating System: Solaris
> >
> >tail -f /var/log/auth.log partial when attempting to send email
> >does not show anything changes when I try sending.
>
I believe so...
/etc/syslog.conf related lines for auth:
#auth.info /var/log/auth.log
auth.debug /var/log/auth.log
> Verify you're capturing auth.debug in your syslog config.
>
> >tail -f /var/log/courier.log partial when attempting to send email
> >does not show anything changes when I try sending.
> >
> >tail -f /var/log/postfix partial when attempting to send email
>
> >Sep 25 07:10:55 example.com authdaemond: [ID 702911 mail.info] Authenticated:
> sysusername=tester01-example, sysuserid=<null>, sysgroupid=1003, homedir=/home/example.com/homes/tester01,
> address=tester01-example, fullname=Tester, maildir=<null>, quota=<null>, options=<null>
>
> >Sep 25 07:10:55 example.com postfix/smtpd[63124]: [ID 947731 mail.warning] warning:
> SASL authentication failure: could not verify password
>
> >Why would it report it as 'password matches successfully' and
> >'Authenticated' then report 'SASL authentication failure: could not verify
> >password'?
>
> There could be a bug between the sasl glue layer (libsasl2) and
> authdaemond, which might have been triggered by a change on the authdaemond
> query or response string formats. What version are you using? Use socat to
> trouble shoot.
>
I don't think it's a bug, it was working... then one day it stopped. I know i was messing around with users and virtual hosts to be able to host multiple domains and around this time of my mocking around i think i messed something up or perhaps it was the same time my server upgraded... either way i'd like to understand why it's failing, how to properly debug the issue, and how to resolve it.
Versions:
$ uname -a
SunOS example.com 5.11 joyent_20140724T170801Z i86pc i386 i86pc Solaris
$ pkgin se courier
courier-authlib-0.63.0 = Courier Authentication Library
courier-imap-4.8.1 = IMAP server for access to maildir-style mailboxes
courier-maildir-0.65.2 = Courier maildir utilities
couriertcpd-0.65.2nb1 = Courier TCP socket and TLS servers
font-bitstream-type1-1.0.1 Bitstream Charter and Courier Type 1 outline fonts
font-ibm-type1-1.0.1 IBM Courier Type1 fonts
maildrop-2.5.2 Courier mail delivery agent with filtering abilities
$ pkgin se postfix
pflogsumm-1.1.0 Produce summaries from Postfix syslog data
pfqueue-0.5.6 Real-time queue scanner for postfix
postfix-2.8.5 = Postfix SMTP server and tools
postgrey-1.33nb2 Postfix Greylist Policy Server
libsasl2:
$more /opt/local/lib/libsasl2.la partial related to version:
# Version information for libsasl2.
current=2
age=0
revision=25
Auth Daemond: forgive me i'm not sure hot to check this, any ideas ?
I will be looking into socat and if the authdaemond_path is the same for my system... i know it's with only affects smtpd and is in /tmp but i still want to understand what going on here. Thanks again for your insight.
> Within /opt/local/etc/sasl2/smtpd.conf, set your path to:
>
> authdaemond_path: /tmp/my_mux
>
> Reload postfix
>
> rm /tmp/my_mux
> socat UNIX-LISTEN:/tmp/my_mux - &
> chmod 666 /tmp/my_mux
>
> From another shell:
>
> smtptest -m PLAIN -a jsmith localhost
>
> After providing your password, socat should output this:
>
> AUTH 27
> smtp
> login
> jsmith
> password
>
> "27" appears to represent the number of bytes in the last 4 lines,
> including the newlines.
>
> You could input this data directly to the authdaemond socket:
>
> socat UNIX:/path/to/authdaemond/mux -
>
> Another option would be to use saslauthd with its imap, configured to
> relay authentication to your courier imap daemon.
>
> --
> Dan White
> BTC Broadband
> Network Admin Lead
> Ph 918.366.0248 (direct) main: (918)366-8000
> Fax 918.366.6610 email: dwhite at olp.net
> http://www.btcbroadband.com
More information about the Cyrus-sasl
mailing list