FreeBSD 8 / Postfix / SASL / authdaemond issue

I've configured a Postfix/Courier/Authdaemond/SASL setup. SASL is configured to use Courier's authdaemond. The authdaemond works since I am able to log in to a POP or IMAP account (provided by Courier).

SASL however won't accept credentials (of which I'm sure they work) and gives me the following error:

Code: 
Dec  2 18:00:09 mailtest postfix/smtpd[58028]: warning: x.x.x.x[x.x.x.x]: SASL PLAIN authentication failed: generic failure
Dec  2 18:00:09 mailtest postfix/smtpd[58028]: warning: SASL authentication failure: could not verify password

I've tried everything from increasing debug levels, use the postfix-devel port, reinstalling cyrus-sasl2, fixed chmod and ownership for authdaemond socket, etc...

What makes this extra weird is that I have an exact copy of this setup in 7.2-RELEASE, which works like a charm... Any ideas?
 
Oops, I'm a 'tard. At least for me, the answer was installing cyrus-sasl-saslauthd and setting saslauthd_enable="YES" in my /etc/rc.donf and running /usr/local/etc/rc.d/saslauthd start.
 
Well that only worked for me because I had both saslauthd and authdaemond configured in my smtpd.conf. So the authdaemond issue still remains.
 
Code: 
Dec  8 15:09:55 erudite authdaemond: Authenticated: sysusername=lostlogic, sysuserid=<null>, sysgroupid=1001, homedir=/home/lostlogic, 
address=lostlogic, fullname=***********, maildir=<null>, quota=<null>, options=<null>
Dec  8 15:09:55 erudite postfix/smtpd[19745]: warning: SASL authentication failure: could not verify password
Dec  8 15:09:55 erudite postfix/smtpd[19745]: warning: 173-128-18-71.pools.spcsdns.net[173.128.18.71]: SASL LOGIN authentication failed: generic 
failure

More information!
 
My mail server has same problem also. I hope some one who can speak English well to submit this issue to FreeBSD team.
 
http://www.freebsd.org/cgi/query-pr.cgi?pr=141308

That link doesn't seem to be valid yet, but it should be eventually.

Ironically, I think that FreeBSD.org's email server might be having issues of some sort itself.

Code: 
Dec  8 17:35:38 erudite postfix/smtp[23154]: 28C9127BC2: to=<freebsd-security-request@freebsd.org>, 
relay=mx1.freebsd.org[69.147.83.52]:25, delay=0.39, delays=0.02/0/0.19/0.18, dsn=4.7.1, status=deferred (host mx1.freebsd.org[69.147.83.52] 
said: 450 4.7.1 <freebsd-security-request@freebsd.org>: Recipient address rejected: Service is unavailable (in reply to RCPT TO command))
 
lib/checkpw.c:484 in security/cyrus-sasl2 is a culprit here.

after upgrading to 8.0, both read and error fds are set when calling select in read_wait function. maybe i'm a bad coder, but i believe that after having read bit set, you can safely read something out of socket...

so i've coined a small hack to fix this issue (at least for now)

http://netvor.sk/~johnny/hacks/cyrus-sasl-2.1.23/lib:checkpw.c.diff
 

Attachments

  • lib:checkpw.c.diff
    286 bytes · Views: 442
  • Thanks
Reactions: AM
sk-netvor-johnny said:
lib/checkpw.c:484 in security/cyrus-sasl2 is a culprit here.

after upgrading to 8.0, both read and error fds are set when calling select in read_wait function. maybe i'm a bad coder, but i believe that after having read bit set, you can safely read something out of socket...

so i've coined a small hack to fix this issue (at least for now)

http://netvor.sk/~johnny/hacks/cyrus-sasl-2.1.23/lib:checkpw.c.diff
Click to expand...

Many thanks for your good job. I have patched your diff. But my mail server just worked once. And then no work and no error message.

But when I try to send a blank mail, No mail can be received, and
if tail -f /var/log/maillog
Code: 
 tail -f /var/log/maillog
Jan 28 09:41:49 xxx amavis[1124]: (01124-07) Passed CLEAN, MYNETS LOCAL [127.0.0.1] [127.0.0.1] <xxx@xxx.xxx.xxx.xxx> -> 
<xxx@xxx.xxx.xxx.xxx>, Message-ID: <8af8b61a0892620b31f16383a562b9aa.squirrel@192.168.1.6>, mail_id: yLjAejxkSMpF, Hits: 3.714, size: 726, 
queued_as: 9745A2DE86, 22434 ms
Jan 28 09:41:49 xxx postfix/virtual[6984]: 9745A2DE86: to=<xxx@xxx.xxx.xxx.xxx>, relay=virtual, delay=0.06, delays=0.01/0.02/0/0.03, 
dsn=5.2.2, status=bounced (maildir delivery failed: Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.)
Jan 28 09:41:49 xxx postfix/smtp[6974]: 19C3D2DE1B: to=<xxx@xxx.xxx.xxx.xxx>, relay=127.0.0.1[127.0.0.1]:10024, delay=23, delays=0.13/0.02
/0.01/22, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 9745A2DE86)
Jan 28 09:41:49 xxx postfix/qmgr[961]: 19C3D2DE1B: removed
Jan 28 09:41:49 xxx postfix/cleanup[6972]: A60F12DE96: message-id=<20100128014149.A60F12DE96@asus.concord.bj.cn>
Jan 28 09:41:49 xxx postfix/bounce[6985]: 9745A2DE86: sender non-delivery notification: A60F12DE96
Jan 28 09:41:49 xxx postfix/qmgr[961]: A60F12DE96: from=<>, size=3581, nrcpt=1 (queue active)
Jan 28 09:41:49 xxx postfix/qmgr[961]: 9745A2DE86: removed
Jan 28 09:41:49 xxx postfix/virtual[6984]: A60F12DE96: to=<xxx@xxx.xxx.xxx.xxx>, relay=virtual, delay=0.02, delays=0.01/0/0/0.01, dsn=5.2.2, 
status=bounced (maildir delivery failed: Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.)
Jan 28 09:41:49 xxx postfix/qmgr[961]: A60F12DE96: removed

What's "overdrawn his diskspace"?

Why?

Need you help.

Thanks again

problem solved by re-establish mailbox.
 
Thanks!

What should we do without the nerds :) Thanks!

For semi-nerds like myself who just learned how to patch:
click on the file lib:checkpw.c.diff and copy the contents
make a new file in /usr/ports/security/cyrus-sasl2/files with the filename: "patch-lib::checkpw.c" (which means that the file patches the file in work/lib/checkpw.c)
(I use [CMD=""]edit patch-lib::checkpw.c[/CMD] - which creates the file as an empty file)

and copy the contents of lib:checkpw.c.diff into it (CTRL+SHIFT+V) and save.

then:

Code: 
cd /usr/ports/security/cyrus-sasl2/ 
make deinstall 
make reinstall
 
First time playing with postfix / sasl / authdaemond so I naturally spent hours looking for my fat fingering. Last thing I expected was a bug but it sorted the issues! Thanks!
 
You must log in or register to reply here.
Back
Top