| 
 [ERLEDIGT]SASL PLAIN authentication failed: authentication failure - linuxjohnny -  07-30-2009 03:32 AM
 
 Hi,
 
 Wir ihr bestimmt aus dem Titel entnehmen könnt handelt es sich um ein Problem bei der Authentifizierung am Postfix per sasl.
 
 Leider habe ich bis jetzt noch keine passende Lösung für das Problem gefunden, auch nicht nach stunden langer Recherche im Internet.
 
 System: OpenSuse 11.1
 ISPCP: neuste Version stable
 
 main.cf:
 
 
Code:
 ## ispCP ω (OMEGA) a Virtual Hosting Control System
 #
 # @copyright    2001-2006 by moleSoftware GmbH
 # @copyright    2006-2008 by ispCP | http://isp-control.net
 # @version              SVN: $Id$
 # @link                 http://isp-control.net
 # @author               ispCP Team
 #
 # @license
 #   This program is free software; you can redistribute it and/or modify it under
 #   the terms of the MPL General Public License as published by the Free Software
 #   Foundation; either version 1.1 of the License, or (at your option) any later
 #   version.
 #   You should have received a copy of the MPL Mozilla Public License along with
 #   this program; if not, write to the Open Source Initiative (OSI)
 #   http://opensource.org | osi@opensource.org
 #
 ################################################################################
 
 # Postfix directory settings; These are critical for normal Postfix MTA functionallity
 command_directory            = /usr/sbin
 daemon_directory = /usr/lib/postfix
 
 # Some common configuration parameters
 
 mydomain = bithost.ch
 
 smtpd_banner                 = $myhostname ESMTP ispCP {MTA_VERSION} Managed
 setgid_group = maildrop
 
 # Receiving messages parameters
 mydestination = $myhostname, localhost.$mydomain
 append_dot_mydomain          = no
 append_at_myorigin           = yes
 local_transport              = local
 virtual_transport            = virtual
 transport_maps = hash:/etc/postfix/transport
 alias_maps = hash:/etc/aliases
 alias_database               = hash:/etc/aliases
 
 # Delivering local messages parameters
 mail_spool_directory = /var/mail
 
 # Mailboxquota
 # => 0 for unlimited
 # => 104857600 for 100 MB
 mailbox_size_limit = 0
 mailbox_command =
 
 # Message size limit
 # => 0 for unlimited
 # => 104857600 for 100 MB
 message_size_limit = 10240000
 
 biff                         = no
 recipient_delimiter = +
 
 local_destination_recipient_limit = 1
 local_recipient_maps         = unix:passwd.byname $alias_database
 
 # ispCP Autoresponder parameters
 ispcp-arpl_destination_recipient_limit = 1
 
 # Delivering virtual messages parameters
 virtual_mailbox_base         = /var/spool/mail/virtual
 virtual_mailbox_limit        = 0
 
 virtual_mailbox_domains      = hash:/etc/postfix/ispcp/domains
 virtual_mailbox_maps         = hash:/etc/postfix/ispcp/mailboxes
 
 virtual_alias_maps = hash:/etc/postfix/virtual
 
 virtual_minimum_uid          = 1000
 virtual_uid_maps             = static:1000
 virtual_gid_maps             = static:12
 
 # SASL paramters
 smtpd_sasl_auth_enable = yes
 smtpd_sasl_local_domain      =
 smtpd_sasl_security_options = noanonymous
 broken_sasl_auth_clients = yes
 
 smtpd_helo_required = no
 
 smtpd_helo_restrictions =
 
 smtpd_sender_restrictions = hash:/etc/postfix/access
 
 smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
 
 smtpd_data_restrictions      = reject_multi_recipient_bounce,
 reject_unauth_pipelining
 
 # TLS parameters; activate, if avaible/used
 #smtpd_use_tls               = yes
 #smtpd_tls_loglevel          = 2
 #smtpd_tls_cert_file         = /etc/postfix/cert.pem
 #smtpd_tls_key_file          = /etc/postfix/privkey.pem
 #smtpd_tls_auth_only         = no
 #smtpd_tls_received_header   = yes
 
 # AMaViS parameters; activate, if available/used
 #content_filter               = amavis:[127.0.0.1]:10024
 
 # Quota support; activate, if available/used
 #virtual_create_maildirsize     = yes
 #virtual_mailbox_extended       = yes
 #virtual_mailbox_limit_maps     = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
 #virtual_mailbox_limit_override = yes
 #virtual_maildir_limit_message  = "The user you're trying to reach is over mailbox quota."
 #virtual_overquota_bounce       = yes
 canonical_maps = hash:/etc/postfix/canonical
 virtual_alias_domains = hash:/etc/postfix/virtual
 relocated_maps = hash:/etc/postfix/relocated
 sender_canonical_maps = hash:/etc/postfix/sender_canonical
 masquerade_exceptions = root
 masquerade_classes = envelope_sender, header_sender, header_recipient
 delay_warning_time = 1h
 message_strip_characters = \0
 program_directory = /usr/lib/postfix
 readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
 html_directory = /usr/share/doc/packages/postfix-doc/html
 sample_directory = /usr/share/doc/packages/postfix-doc/samples
 sendmail_path = /usr/sbin/sendmail
 manpage_directory = /usr/share/man
 newaliases_path = /usr/bin/newaliases
 mailq_path = /usr/bin/mailq
 inet_protocols = all
 masquerade_domains =
 defer_transports =
 disable_dns_lookups = no
 mailbox_transport =
 strict_8bitmime = no
 disable_mime_output_conversion = no
 smtpd_client_restrictions =
 strict_rfc821_envelopes = no
 smtp_sasl_auth_enable = no
 smtp_use_tls = no
 delay_notice_recipient = root
 bounce_notice_recipient = root
 2bounce_notice_recipient = root
 error_notice_recipient = root
 inet_interfaces = 127.0.0.1, xx.xx.xx.xx
 master.cf:
 
 
Code:
 ## Postfix master process configuration file.  For details on the format
 # of the file, see the master(5) manual page (command: "man 5 master").
 #
 # ==========================================================================
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (yes)   (never) (100)
 # ==========================================================================
 smtp      inet  n       -       n       -       -       smtpd
 #submission inet n       -       -       -       -       smtpd
 #  -o smtpd_enforce_tls=yes
 #  -o smtpd_sasl_auth_enable=yes
 #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 #smtps     inet  n       -       -       -       -       smtpd -o smtpd_tls_wrappermode=yes
 #  -o smtpd_tls_wrappermode=yes
 #  -o smtpd_sasl_auth_enable=yes
 #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 # For AOL-Accounts
 587       inet  n       -       -       -       -       smtpd
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination
 #628      inet  n       -       -       -       -       qmqpd
 pickup    fifo  n       -       n       60      1       pickup
 cleanup   unix  n       -       n       -       0       cleanup
 qmgr      fifo  n       -       n       300     1       qmgr
 #qmgr     fifo  n       -       -       300     1       oqmgr
 #tlsmgr    unix  -       -       -       1000?   1       tlsmgr
 rewrite   unix  -       -       n       -       -       trivial-rewrite
 bounce    unix  -       -       n       -       0       bounce
 defer     unix  -       -       n       -       0       bounce
 trace     unix  -       -       -       -       0       bounce
 verify    unix  -       -       -       -       1       verify
 flush     unix  n       -       -       1000?   0       flush
 proxymap  unix  -       -       n       -       -       proxymap
 smtp      unix  -       -       n       -       -       smtp
 # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
 relay     unix  -       -       -       -       -       smtp
 -o fallback_relay=
 #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
 showq     unix  n       -       n       -       -       showq
 error     unix  -       -       n       -       -       error
 discard   unix  -       -       -       -       -       discard
 local     unix  -       n       n       -       -       local
 virtual   unix  -       n       n       -       -       virtual
 lmtp      unix  -       -       n       -       -       lmtp
 anvil     unix  -       -       -       -       1       anvil
 scache    unix  -       -       -       -       1       scache
 # ====================================================================
 # ispCP ω (OMEGA) a Virtual Hosting Control System
 #
 # @copyright    2001-2006 by moleSoftware GmbH
 # @copyright    2006-2008 by ispCP | http://isp-control.net
 # @version              SVN: $Id$
 # @link                 http://isp-control.net
 # @author               ispCP Team
 # ====================================================================
 # AMaViS => Antivir / Antispam
 amavis    unix  -       -       n       -       2       smtp
 -o smtp_data_done_timeout=1200
 -o smtp_send_xforward_command=yes
 -o disable_dns_lookups=yes
 
 #localhost:10025 inet  n -       n       -      -        smtpd
 -o content_filter=
 -o local_recipient_maps=
 -o relay_recipient_maps=
 -o smtpd_restriction_classes=
 -o smtpd_client_restrictions=
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o smtpd_override_options=no_address_mappings
 -o mynetworks=127.0.0.0/8
 -o strict_rfc821_envelopes=yes
 
 # ispCP autoresponder
 ispcp-arpl unix  -      n       n       -       -       pipe
 flags=O user=vmail argv=/var/www/ispcp/engine/messager/ispcp-arpl-msgr
 
 # TLS - Activate, if TLS is avaiable/used
 -o smtpd_tls_wrappermode=yes
 -o smtpd_sasl_auth_enable=yes
 #   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 #
 # ====================================================================
 # Interfaces to non-Postfix software. Be sure to examine the manual
 # pages of the non-Postfix software to find out what options it wants.
 #
 # Many of the following services use the Postfix pipe(8) delivery
 # agent.  See the pipe(8) man page for information about ${recipient}
 # and other message envelope options.
 # ====================================================================
 #
 # maildrop. See the Postfix MAILDROP_README file for details.
 # Also specify in main.cf: maildrop_destination_recipient_limit=1
 #
 maildrop  unix  -       n       n       -       -       pipe
 flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
 #
 # See the Postfix UUCP_README file for configuration details.
 #
 uucp      unix  -       n       n       -       -       pipe
 flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
 #
 # Other external delivery methods.
 #
 ifmail    unix  -       n       n       -       -       pipe
 flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
 bsmtp     unix  -       n       n       -       -       pipe
 flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
 scalemail-backend unix  -       n       n       -       2       pipe
 flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
 mailman   unix  -       n       n       -       -       pipe
 flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
 ${nexthop} ${user}
 mail log:
 
 
Code:
 Jul 29 19:12:12 bithost postfix/smtpd[3576]: warning: SASL authentication failure: Password verification failedJul 29 19:12:12 bithost postfix/smtpd[3576]: warning: 183-205.5-85.cust.bluewin.ch[85.5.205.183]: SASL PLAIN authentication failed: authentication failure
 Jul 29 19:12:12 bithost postfix/smtpd[3576]: warning: 183-205.5-85.cust.bluewin.ch[85.5.205.183]: SASL LOGIN authentication failed: authentication failure
 Jul 29 19:13:10 bithost imapd: Failed to create cache file: maildirwatch (stvinfo@stvkesswil.ch)
 Jul 29 19:13:10 bithost imapd: Error: Input/output error
 Jul 29 19:13:10 bithost imapd: Check for proper operation and configuration
 Jul 29 19:13:10 bithost imapd: of the File Access Monitor daemon (famd).
 /etc/init.d/saslauthd:
 
 
Code:
 #! /bin/sh# Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany.
 #
 # Author: Carsten Hoeger, Ralf Haferkamp
 #
 # /etc/init.d/saslauthd
 #
 ### BEGIN INIT INFO
 # Provides:       saslauthd
 # Required-Start: $network $remote_fs
 # Required-Stop: $network $remote_fs
 # Default-Start:  3 5
 # Description:    cyrus-sasl auth daemon
 ### END INIT INFO
 
 
 AUTHD_BIN=/usr/sbin/saslauthd
 test -x $AUTHD_BIN || exit 5
 
 SASLAUTHD_AUTHMECH="pam"
 SASLAUTHD_THREADS=5
 test -f /etc/sysconfig/saslauthd && . /etc/sysconfig/saslauthd
 
 # Shell functions sourced from /etc/rc.status:
 #      rc_check         check and set local and overall rc status
 #      rc_status        check and set local and overall rc status
 #      rc_status -v     ditto but be verbose in local rc status
 #      rc_status -v -r  ditto and clear the local rc status
 #      rc_failed        set local and overall rc status to failed
 #      rc_failed <num>  set local and overall rc status to <num><num>
 #      rc_reset         clear local rc status (overall remains)
 #      rc_exit          exit appropriate to overall rc status
 . /etc/rc.status
 
 # First reset status of this service
 rc_reset
 
 # Return values acc. to LSB for all commands but status:
 # 0 - success
 # 1 - generic or unspecified error
 # 2 - invalid or excess argument(s)
 # 3 - unimplemented feature (e.g. "reload")
 # 4 - insufficient privilege
 # 5 - program is not installed
 # 6 - program is not configured
 # 7 - program is not running
 #
 # Note that starting an already running service, stopping
 # or restarting a not-running service as well as the restart
 # with force-reload (in case signalling is not supported) are
 # considered a success.
 
 case "$1" in
 start)
 echo -n "Starting service saslauthd"
 ## Start daemon with startproc(8). If this fails
 ## the echo return value is set appropriate.
 
 # NOTE: startproc return 0, even if service is
 # already running to match LSB spec.
 /sbin/startproc $AUTHD_BIN $SASLAUTHD_PARAMS -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1
 
 # Remember status and be verbose
 rc_status -v
 ;;
 stop)
 echo -n "Shutting down service saslauthd"
 ## Stop daemon with killproc(8) and if this fails
 ## set echo the echo return value.
 
 /sbin/killproc -TERM $AUTHD_BIN > /dev/null 2>&1
 
 # Remember status and be verbose
 rc_status -v
 ;;
 try-restart)
 ## Stop the service and if this succeeds (i.e. the
 ## service was running before), start it again.
 ## Note: try-restart is not (yet) part of LSB (as of 0.7.5)
 $0 status >/dev/null &&  $0 restart
 
 # Remember status and be quiet
 rc_status
 ;;
 restart)
 ## Stop the service and regardless of whether it was
 ## running or not, start it again.
 $0 stop
 $0 start
 
 # Remember status and be quiet
 rc_status
 ;;
 force-reload)
 ## Signal the daemon to reload its config. Most daemons
 ## do this on signal 1 (SIGHUP).
 ## If it does not support it, restart.
 
 echo -n "Reload service saslauthd"
 ## if it supports it:
 #/sbin/killproc -HUP $AUTHD_BIN
 #touch /var/run/FOO.pid
 #rc_status -v
 
 # Otherwise:
 $0 stop  &&  $0 start
 rc_status
 ;;
 reload)
 ## Like force-reload, but if daemon does not support
 ## signalling, do nothing (!)
 
 echo -n "Reload service saslauthd"
 # If it supports signalling:
 #/sbin/killproc -HUP $AUTHD_BIN
 #touch /var/run/FOO.pid
 #rc_status -v
 
 # Otherwise if it does not support reload:
 rc_failed 3
 rc_status -v
 ;;
 status)
 echo -n "Checking for service saslauthd: "
 ## Check status with checkproc(8), if process is running
 ## checkproc will return with exit status 0.
 
 # Status has a slightly different for the status command:
 # 0 - service running
 # 1 - service dead, but /var/run/  pid  file exists
 # 2 - service dead, but /var/lock/ lock file exists
 # 3 - service not running
 
 # NOTE: checkproc returns LSB compliant status values.
 /sbin/checkproc $AUTHD_BIN
 rc_status -v
 ;;
 *)
 echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}"
 exit 1
 ;;
 esac
 rc_exit
 /etc/sysconfig/saslauthd:
 
 
Code:
 ## Path:           System/Security/SASL## Type:           list(getpwent,kerberos5,pam,rimap,shadow,ldap)
 ## Default:        pam
 ## ServiceRestart: saslauthd
 #
 # Authentication mechanism to use by saslauthd.
 # See man 8 saslauthd for available mechanisms.
 #
 SASLAUTHD_AUTHMECH=pam
 
 ## Path:           System/Security/SASL
 ## Type:           integer(0:)
 ## Default:        5
 ## ServiceRestart: saslauthd
 #
 # Authentication mechanism to use by saslauthd.
 # See man 8 saslauthd for available mechanisms.
 #
 SASLAUTHD_THREADS=5
 
 ## Path:           System/Security/SASL
 ## Type:           string
 ## Default:        ""
 ## ServiceRestart: saslauthd
 #
 # Additional parameters to use by saslauthd.
 # See the saslauthd(8) manpage for available parameters.
 #
 SASLAUTHD_PARAMS=""
 So ich hoffe mal das die Infos hier reichen, um dem Problem eine Spur näher zu kommen.
 
 Besten Dank schon mal für eure Hilfe!!!
 
 Freundliche Grüsse
 linuxjohnny
 
 
 RE: SASL PLAIN authentication failed: authentication failure - joximu -  07-30-2009 07:12 AM
 
 Hi
 
 ist zwar schon ne Weile her, dass ich das mit Suse versucht hab, aber bisher hab ich jeweils festgestellt, dass es den saslauth-daemon nicht unbedingt braucht - postfix kann das auch.
 
 Aber man muss postfix auch sagen, dass er sasl machen soll.
 
 
 Andere Leute hier benutzen den daemon - also muss wohl beides irgendwie gehen.
 
 Am hilfreichsten dürften noch Einträge in den Logfiles sein.
 
 /J
 
 
 RE: SASL PLAIN authentication failed: authentication failure - linuxjohnny -  07-30-2009 10:12 AM
 
 Was mich irirtiert ist folgende Meldung:
 
 
Ich habe ja nicht eine Meldung das SASL nicht läuft sonder das irgendwie die PLAIN Passwort authentifizierung nicht Funktioniert und meine Frage ist, wie es zu diesem Problem führt, sprich was ich dagegen tun kann.?Code:
 SASL PLAIN authentication failed: authentication failure
 
 Freundliche Grüsse
 linuxjohnny
 
 
 RE: SASL PLAIN authentication failed: authentication failure - linuxjohnny -  07-31-2009 08:40 PM
 
 Sind wirklich keine Ideen vorhanden die mir bei diesem Problem helfen könnten?
 
 Freundliche Grüsse
 linuxjohnny
 
 
 RE: SASL PLAIN authentication failed: authentication failure - joximu -  08-01-2009 01:25 AM
 
 ich bin nach wie vor der Meinung, dass der saslauthd nicht auf die richtige Userdb zugreift. bzw. der geht auf pam zurück und pam... ???
 
 Schalte den ab und vrsuch, alles über postfix zu machen.
 
 Und: woher kommt die oben mitgeteilte Meldung?
 
 /J
 
 
 RE: SASL PLAIN authentication failed: authentication failure - Kotty -  08-01-2009 03:43 AM
 
 Poste mal den inhalt von
 /etc/pam.d/smtp
 
 da müsste eigentlich wenn ich nicht irre die daten zur DB drinnen stehen.
 
 
 RE: SASL PLAIN authentication failed: authentication failure - linuxjohnny -  08-01-2009 09:22 PM
 
 Danke für eure Antworten
  
 @joximu
 Hmm das könnte natürlich sein das die DB nicht gefunden wird respektive das diese gar nicht angegeben ist.
 Das mit über den Postfix zu authentifizieren wäre evtl. auch eine Lösung, hättest du mir dazu gerade ein passendes HowTo?
 Diese Meldung ist im mail Log zu finden /var/log/mail
 
 @Kotty
 
 
Code:
 #%PAM-1.0auth     include        common-auth
 account  include        common-account
 password include        common-password
 session  include        common-session
 Wie es aussieht fehlt doch hier was, oder?
 
 [edit]
 Öhmm irgendwie ist mir aufgefallen das der Postfix ja im CHROOT läuft.
 Und das wiederrum würde ja bedeuten das die Configs z.b. in /var/spool/postfix/etc/pam.d/smtp
 liegen müssten, oder?
 
 Grüsse
 linuxjohnny
 
 
 RE: SASL PLAIN authentication failed: authentication failure - joximu -  08-01-2009 11:23 PM
 
 schalte mal den saslauthd ab.
 Postfix sollte schon soweit konfiguriert sein (main.cf hat die paar sasl-befehle drin), ggf. mal schauen, was in /etc/postfix/sasl/* steht (bzw. dem chroot-pendant - sollte aber dasselbe sein.)
 
 Bei mir gibt's in diesem verzeichnis nichts - andere haben da as und wenn man das umbenennt oder löscht, dann klappte es meist gut mit postfix-sasl
 
 /J
 
 
 RE: SASL PLAIN authentication failed: authentication failure - linuxjohnny -  08-02-2009 04:34 AM
 
 Leider ist bei mir in diesem Verzeichnis gar nichts vorhanden: /etc/postfix/sasl/*
 
 Wäre es möglich wenn du mir deine Configs schicken könntest?
 Oder Posten?
 
 [edit]
 Jetzt bin ich beim durchforsten der Logs noch auf etwas anderes vielleicht interessantes gestossen:
 
 
Code:
 ^Aug  1 23:06:37 bithost authdaemond: stopping authdaemond childrenAug  1 23:06:37 bithost postfix/postfix-script[22961]: starting the Postfix mail system
 Aug  1 23:06:37 bithost postfix/master[22962]: daemon started -- version 2.5.5, configuration /etc/postfix
 Aug  1 23:06:37 bithost authdaemond: modules="authuserdb authuserdb authpam authpgsql authldap authmysql authcustom authpipe", daemons=5
 Aug  1 23:06:37 bithost authdaemond: Installing libauthuserdb
 Aug  1 23:06:37 bithost authdaemond: Installation complete: authuserdb
 Aug  1 23:06:37 bithost authdaemond: Installing libauthuserdb
 Aug  1 23:06:37 bithost authdaemond: Installation complete: authuserdb
 Aug  1 23:06:37 bithost authdaemond: Installing libauthpam
 Aug  1 23:06:37 bithost authdaemond: Installation complete: authpam
 Aug  1 23:06:37 bithost authdaemond: Installing libauthpgsql
 Aug  1 23:06:37 bithost authdaemond: file not found
 Aug  1 23:06:37 bithost authdaemond: Installing libauthldap
 Aug  1 23:06:37 bithost authdaemond: file not found
 Aug  1 23:06:37 bithost authdaemond: Installing libauthmysql
 Aug  1 23:06:37 bithost authdaemond: file not found
 Aug  1 23:06:37 bithost authdaemond: Installing libauthcustom
 Aug  1 23:06:37 bithost authdaemond: Installation complete: authcustom
 Aug  1 23:06:37 bithost authdaemond: Installing libauthpipe
 Aug  1 23:06:37 bithost authdaemond: file not found
 
 
 Grüsse
 linuxjohnny
 
 
 RE: SASL PLAIN authentication failed: authentication failure - reynaldhan -  11-16-2009 04:52 AM
 
 I can't seem to authenticate trying to send mail out.
 
 
 
 
 
 ________________________
 rhinestone motif
 
 
 
 |