mail server problem,need help

[xwwu]

Hi Friends:

My mail server installed with postfix,mysql,courier-imap,sasl2, squirrelmail and postfixadmin. When I enter into squirrelmail and try to send some mail. The error message is:

Authentication failed
535 5.7.8 Error: authentication failed: generic failure

The maillog is:

Dec  7 09:03:01 xxx imapd: LOGIN, user=xxx@xxx, ip=[127.0.0.1], port=[44254], protocol=IMAP
Dec  7 09:03:01 xxx imapd: LOGOUT, user=xxx@xxx, ip=[127.0.0.1], headers=1186, body=0, rcvd=296, sent=3620, time=0
Dec  7 09:03:08 xxx postfix/smtpd[1297]: connect from localhost[127.0.0.1]
Dec  7 09:03:08 xxx postfix/smtpd[1297]: warning: SASL authentication failure: could not verify password
Dec  7 09:03:08 xxx postfix/smtpd[1297]: warning: localhost[127.0.0.1]: SASL LOGIN authentication failed: generic failure
Dec  7 09:03:08 xxx postfix/smtpd[1297]: lost connection after AUTH from localhost[127.0.0.1]
Dec  7 09:03:08 xxx postfix/smtpd[1297]: disconnect from localhost[127.0.0.1]
Dec  7 09:05:00 xxx postfix/sendmail[1309]: fatal: root(0): No recipient addresses found in message header
Dec  7 09:05:01 xxx postfix/sendmail[1311]: fatal: root(0): No recipient addresses found in message header
Dec  7 09:10:00 xxx postfix/sendmail[1327]: fatal: root(0): No recipient addresses found in message header
Dec  7 09:10:01 xxx postfix/sendmail[1329]: fatal: root(0): No recipient addresses found in message header
Dec  7 09:15:00 xxx postfix/sendmail[1355]: fatal: root(0): No recipient addresses found in message header
Dec  7 09:15:01 xxx postfix/sendmail[1357]: fatal: root(0): No recipient addresses found in message header
Dec  7 09:20:00 xxx postfix/sendmail[1371]: fatal: root(0): No recipient addresses found in message header
Dec  7 09:20:01 xxx postfix/sendmail[1373]: fatal: root(0): No recipient addresses found in message header
Dec  7 09:25:01 xxx postfix/sendmail[1399]: fatal: root(0): No recipient addresses found in message header
Dec  7 09:25:01 xxx postfix/sendmail[1401]: fatal: root(0): No recipient addresses found in message header
Dec  7 09:30:00 xxx postfix/sendmail[1415]: fatal: root(0): No recipient addresses found in message header
Dec  7 09:30:00 xxx postfix/sendmail[1417]: fatal: root(0): No recipient addresses found in message header
Dec  7 09:35:00 xxx postfix/sendmail[1443]: fatal: root(0): No recipient addresses found in message header
Dec  7 09:35:01 xxx postfix/sendmail[1445]: fatal: root(0): No recipient addresses found in message header
Dec  7 09:40:00 xxx postfix/sendmail[1459]: fatal: root(0): No recipient addresses found in message header
Dec  7 09:40:01 xxx postfix/sendmail[1461]: fatal: root(0): No recipient addresses found in message header
Dec  7 09:41:09 xxx imapd: LOGIN, user=###, ip=[127.0.0.1], port=[41672], protocol=IMAP
Dec  7 09:41:09 xxx imapd: LOGOUT, user=###, ip=[127.0.0.1], headers=1186, body=0, rcvd=296, sent=3620, time=0
Dec  7 09:45:00 xxx postfix/sendmail[1488]: fatal: root(0): No recipient addresses found in message header
Dec  7 09:45:01 xxx postfix/sendmail[1490]: fatal: root(0): No recipient addresses found in message header

postconf -n:

# postconf -n
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
home_mailbox = maildir/
html_directory = /usr/local/share/doc/postfix
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 5242880
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_recipient_restrictions = permit_sasl_authenticated permit_auth_destination reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql/virtual_alias_maps.cf
virtual_gid_maps = static:80
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql/virtual_domains_maps.cf
virtual_mailbox_limit = 52428800
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql/virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_maildir_extended = yes
virtual_minimum_uid = 80
virtual_uid_maps = static:80

Any help?

 

[Ruler2112]

I think your problem lies with this line:

smtpd_recipient_restrictions = permit_sasl_authenticated permit_auth_destination reject

Change the last reject to permit and see if the problem persists. If it goes away, you've found the problem, but you'll need to either tweak that line or use a SASL-enabled client. (Your last thread on this same problem indicates that you're using telnet to test, therefore the permit_sasl_authenticated directive does nothing. I'm not certain of how permit_auth_destination works as I've never used it.)

 

[xwwu]

I think your problem lies with this line:

smtpd_recipient_restrictions = permit_sasl_authenticated permit_auth_destination reject

Change the last reject to permit and see if the problem persists. If it goes away, you've found the problem, but you'll need to either tweak that line or use a SASL-enabled client. (Your last thread on this same problem indicates that you're using telnet to test, therefore the permit_sasl_authenticated directive does nothing. I'm not certain of how permit_auth_destination works as I've never used it.)

Thanks very mych for your help. I have changed the last "reject" to be "permit". Things are quite different. First, when I enter into squirrelmail and try to send mail, no response and no any error message, just waiting forever. when telnet,just:

s# telnet localhost 25
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

Very simple than before also. No sentence:

220 XXX ESMTP Postfix

The maillog is:

Dec  8 05:58:33 xxx postfix/smtpd[31038]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: 
check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit
Dec  8 05:58:34 xxx postfix/master[871]: warning: process /usr/local/libexec/postfix/smtpd pid 31038 exit status 1
Dec  8 05:58:34 xxx postfix/master[871]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling

So, what's wrong?

 

[arp242]

Change that line back. It didn't have anything to do with your issue. You will probably want to modify your smtpd_recipient_restrictions, but this is another topic.

The problem is:

Dec  7 09:03:08 xxx postfix/smtpd[1297]: warning: SASL authentication failure: could not verify password
Dec  7 09:03:08 xxx postfix/smtpd[1297]: warning: localhost[127.0.0.1]: SASL LOGIN authentication failed: generic failure

I suspect the authentication backend isn't working properly. Postfix can't lookup the user/password combinations.
I assume you are using Cyrus sasl2? Check your cyrus sasl configuration.
Also make sure it's running.

 

[xwwu]

Change that line back. It didn't have anything to do with your issue. You will probably want to modify your smtpd_recipient_restrictions, but this is another topic.

The problem is:

Dec  7 09:03:08 xxx postfix/smtpd[1297]: warning: SASL authentication failure: could not verify password
Dec  7 09:03:08 xxx postfix/smtpd[1297]: warning: localhost[127.0.0.1]: SASL LOGIN authentication failed: generic failure

I suspect the authentication backend isn't working properly. Postfix can't lookup the user/password combinations.
I assume you are using Cyrus sasl2? Check your cyrus sasl configuration.
Also make sure it's running.

Yes. You are right. When I use authtest command, authentication is working. Yes, I just use cyrus-sasl2 which is involved in courier-authdaemond.
But why it doesn't work?

/usr/local/lib/sasl2/smtpd.conf is:

pwcheck_method:authdaemond
log_level:3
mech_list:PLAIN LOGIN
authdaemond_path:/var/run/authdaemond/socket

 

[arp242]

Maybe you need to set some sasl settings in your main.cf? I haven't used cyrus-sasl for years, but for dovecot-sasl for example I need to set smtpd_sasl_path to the sasl socket provided by dovecot.

Also make sure the aforementioned socket has the correct permissions. It's no good if postfix isn't allowed to read from it.

There are also a number of other sasl-related options that may be of influence. postconf(5) lists them.

There are also a number of debugging options which may give you more information on what is going wrong. postconf(5) also lists these.

 

[xwwu]

Maybe you need to set some sasl settings in your main.cf? I haven't used cyrus-sasl for years, but for dovecot-sasl for example I need to set smtpd_sasl_path to the sasl socket provided by dovecot.

Also make sure the aforementioned socket has the correct permissions. It's no good if postfix isn't allowed to read from it.

There are also a number of other sasl-related options that may be of influence. postconf(5) lists them.

There are also a number of debugging options which may give you more information on what is going wrong. postconf(5) also lists these.

Thanks again for your help.

Part of postconf is (whole file is too big to be quoted):

virtual_alias_domains = $virtual_alias_maps
virtual_alias_expansion_limit = 1000
virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql/virtual_alias_maps.cf
virtual_alias_recursion_limit = 1000
virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
virtual_destination_concurrency_limit = $default_destination_concurrency_limit
virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
virtual_destination_rate_delay = $default_destination_rate_delay
virtual_destination_recipient_limit = $default_destination_recipient_limit
virtual_gid_maps = static:80
virtual_initial_destination_concurrency = $initial_destination_concurrency
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql/virtual_domains_maps.cf
virtual_mailbox_limit = 52428800
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql/virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_mailbox_lock = fcntl, dotlock
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_maildir_extended = yes
virtual_maildir_filter = no
virtual_maildir_filter_maps =
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_maildir_limit_message_maps =
virtual_maildir_suffix =
virtual_minimum_uid = 80
virtual_overquota_bounce = no
virtual_transport = virtual
virtual_trash_count = no
virtual_trash_name = .Trash
virtual_uid_maps = static:80

Something regarding disk quota. What's wrong?

 

[arp242]

Disk quota's? What? Where did you get that from?

The postfix configuration is just part of the complete mailserver, another part is the cyrus-sasl configuration.

 

[xwwu]

Disk quota's? What? Where did you get that from?

The postfix configuration is just part of the complete mailserver, another part is the cyrus-sasl configuration.

I found it in postconf:

virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.

Where is config file for cyrus-sasl2?

 

[arp242]

The configuration is mentioned in the pkg-message of the package/port, along with some other configuration hints.

That message is a variable. Not an error message. You got it from postconf I assume?

 

[xwwu]

The configuration is mentioned in the pkg-message of the package/port, along with some other configuration hints.

That message is a variable. Not an error message. You got it from postconf I assume?

The config file is in /usr/local/lib/sasl2:

pwcheck_method:authdaemond
log_level:3
mech_list:PLAIN LOGIN
authdaemond_path:/var/run/authdaemond/socket
~

Sorry for my poor English. You are right. It is not regarding any error.

 

[Ruler2112]

Sorry for leading you in the wrong direction xwwu. I was going on the info in your original post and didn't read this one entirely, not noticing the authentication errors in the log snippet here. The [cmd=]No recipient addresses found in message header[/cmd] error led me to believe the problem was due to the recipient not being accepted, hence pointing me to the smtpd_recipient_restrictions directive. Glad carpetsmoker was able to help you find the real problem and hope you're able to figure it out.