FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 04-21-2010, 05:19 PM
 
Default cyrus-sasl 2.1.23 remote server rejected your credentials

Hi,

Using Postfix and TLS for a MTA, my password is rejected.

Here the log message:
saslauthd[4358]: do_auth : auth failure: [user=user@domain.com]
[service=smtp] [realm=domain.com] [mech=rimap] [reason=remote server
rejected your credentials]

could it be a bug from cyrus-sasl 2.1.23 ?

thx
Laurent
 
Old 04-21-2010, 07:56 PM
 
Default cyrus-sasl 2.1.23 remote server rejected your credentials

ok, it's 3 days I'm tryin to fix my smtp connection, I have been through
the whole configuration many times and getting the certificates also.

The last thing I did is add this line again in /etc/postfix/main.cf:
smtpd_sasl_path = smtpd

which changed the error into a warning for postfix:
warning: foo[b.a.r.x]: SASL PLAIN authentication failed: authentication
failure

then, same for LOGIN:
postfix/smtpd[3962]: warning: foo[b.a.r.x]: SASL LOGIN authentication
failed: authentication failure

I used this howto at first:
http://www.gentoo.org/doc/fr/virt-mail-howto.xml

and it was working for a long time.

I can post mor info if you need.

thx
Laurent
 
Old 04-21-2010, 10:00 PM
kashani
 
Default cyrus-sasl 2.1.23 remote server rejected your credentials

On 4/21/2010 12:56 PM, laurent@logiquefloue.org wrote:

ok, it's 3 days I'm tryin to fix my smtp connection, I have been through
the whole configuration many times and getting the certificates also.

The last thing I did is add this line again in /etc/postfix/main.cf:
smtpd_sasl_path = smtpd

which changed the error into a warning for postfix:
warning: foo[b.a.r.x]: SASL PLAIN authentication failed: authentication
failure

then, same for LOGIN:
postfix/smtpd[3962]: warning: foo[b.a.r.x]: SASL LOGIN authentication
failed: authentication failure

I used this howto at first:
http://www.gentoo.org/doc/fr/virt-mail-howto.xml

and it was working for a long time.

I can post mor info if you need.


You shouldn't need to add that line because it's part of the default
config. Post the output of postconf | grep smtpd_sasl so we can see if
their is anything odd in your config.


Also make sure that you allow mynetworks before requiring authentication
like this example below. If you don't, your mail server will try to
authenticate access from localhost.


smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated

kashani
 
Old 04-22-2010, 12:39 PM
 
Default cyrus-sasl 2.1.23 remote server rejected your credentials

Hi!

I changed the restrictions line like you said:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination

but this way it will try to see if the ip is part of mynetworks first, and
as it wont be it will reject or ... because my squirremail morks and I
think it does not use the authentification but rather the mynetworks.
Well..

here is postconf | grep smtpd_sasl
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain =
smtpd_sasl_path = smtp
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus


I also now have all the authentification methods in the telnet EHLO
response. Which should not be
telnet localhost 587
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 ks359684.kimsufi.com ESMTP Postfix
EHLO localhost
250-ks359684.kimsufi.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-AUTH=NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
STARTTLS
220 2.0.0 Ready to start TLS

Which I don't understand how because the /etc/sasl2/smtpd.conf is sayin:
mech_list: PLAIN LOGIN
pwcheck_method: saslauthd

I will continue to look now, need to clean somethin somewhere.
Thank you for the help

Laurent
 
Old 04-22-2010, 01:42 PM
 
Default cyrus-sasl 2.1.23 remote server rejected your credentials

I changed back to a saved /etc/postfix/main.cf file I had.
The PLAIN LOGIN auth reappear fine, STARTLS work

still

testsaslauthd -u user@domain.com -p password
0: NO "authentication failed"

logs:

Apr 22 14:08:48 xx saslauthd[12159]: do_auth : auth failure:
[user=user@domain.com] [service=imap] [realm=] [mech=rimap] [reason=remote
server rejected your credentials]
Apr 22 14:48:47 xx saslauthd[12161]: do_auth : auth failure:
[user=user@domain.com] [service=imap] [realm=] [mech=rimap] [reason=remote
server rejected your credentials]

so I tried with telnet and my username password base64 encoded with this:
% printf 'usernameusernamepassword' | openssl base64

and I got those:

telnet localhost 587
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 host.domain.com ESMTP Postfix
EHLO localhost
250-host.domain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
STARTTLS
220 2.0.0 Ready to start TLS
AUTH PLAIN myencodedbase64string=
Connection closed by foreign host.

~ # telnet localhost 587
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 host.domain.com ESMTP Postfix
EHLO localhost
250-host.domain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN myencodedbase64string=
535 5.7.8 Error: authentication failed: authentication failure


saslauthd is like a black box now. How could I open it?

thx
Laurent
 

Thread Tools




All times are GMT. The time now is 11:48 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org