postfix - sasl - authdaemon - postfix - mysql

[mibeas]

Hie all,

I've upgraded my FreeBSD box 7.3 to FreeBSD 8.0 STABLE. Since this upgrade, i can't send mail from smtp auth. i got the same problem like this: http://www.freebsd.org/cgi/query-pr.cgi?pr=141308

i've tried the patch, i've read a lot of things on the internet....but no success

before my upgrade, everything worked fine.....but now i cant send mails...

does anyone has a sugestion other than the patch in the above URL?

postfix
courier-imap
SSL/TLS
cyrus-sasl
courier-authdaemon
mysql

i can authenticate using authtest:

#authtest -s imaps.domain.com -u myname@domain.com mypassword
authentication succeed
....
...

log from maillog says:

warning: SASL authentication failure: could not verify password
authdaemond: Authenticated: clearpasswd=XXXXXXXXXXX, passwd=XXXXXXXXXXXX
warning: SASL authentication failure: Password verification failed
SASL PLAIN authentication failed: generic failure

Please help, i've got this problem since 3rd juany 2010...it's been a long time now..

thank you in advance.
--
mike

 

[jailed]

Hello,

Do you have saslauthd installed?

Please add

log_level: 7

to your smtpd.conf

Then analyze the logs again. Please look to /var/log/auth.log too.

You can also debug SQL queries too.

Edit my.cnf and add

log=/var/log/mysql.log

Then check this mysql log too.

Are the passwords on SQL table plain text or crypted?

If I'm not wrong, SASL doesn't support crypted passwords on SQL. If so, try to use PAM.

 

[mibeas]

Thank you for Helping me


i have saslautd installed but it's not started because i use courier-authlib instead (it works fine like this before the upgrade)


here is my smtpd.conf with loglevel changed

log_level: 7
pwcheck_method:authdaemond
mech_list: plain login
authdaemond_path: /var/run/authdaemond/socket

i have add this in my my.cnf for log:

[...]
log=/var/log/mysql.log
[...]

then
# chown mysql /var/log/mysql.log

i have restarted mysql server and when i try to send an email, i have a lot of logs in this logfile but no errors...

in /var/log/auth.log, i got no log...


i got logs in /var/log/maillog

zeus postfix/smtpd[12750]: warning: SASL authentication failure: could not verify password
zeus postfix/smtpd[12750]: warning: SASL authentication failure: Password verification
failed
zeus postfix/smtpd[12750]: warning: HOSTNAME.domain.tld[192.168.77.254]: SASL PLAIN authentication failed: generic failure
HOSTNAME authdaemond: Authenticated: [....]      ====> (so authentication is OK)

i can autenticate using sasl by this command;

#authtest -s imaps.domain.tld -u [email]me@domain.tld[/email] password
Authentication succeeded

i don't think that is a DB issue...



In SQL table, passwords are in plain text AND crypted


here is my authmysqlrc:

MYSQL_SERVER localhost
MYSQL_USERNAME postfixuser
MYSQL_PASSWORD postfixpasswd
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_DATABASE postfixdb 
MYSQL_USER_TABLE users
MYSQL_CRYPT_PWFIELD crypt
MYSQL_CLEAR_PWFIELD clear
MYSQL_UID_FIELD uid
MYSQL_GID_FIELD gid
MYSQL_LOGIN_FIELD address
MYSQL_HOME_FIELD home 
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
MYSQL_WHERE_CLAUSE imapok=1 AND bool1=1 AND bool2=1
MYSQL_PORT 0
MYSQL_OPT 0

Thank you for helping !!!!!!!!!!



--
mike

 

[DutchDaemon]

Please format your posts, mibeas.

 

[jailed]

I upgraded my server to 8.0 from 7.2 too. And lived the same issue. It's been too much so I forgot sorry.

I asked saslauthd first, because before the patch I must use saslauthd with pam to challenge this problem quickly. I also tried auxprop too.

The patch is actually working without problem on my server.

How did you patched it? Are you using ports or compiling it manually? If you're using ports, save the patch file into /usr/ports/security/cyrus-sasl2/files/patch-checkpw.c . Filename is not important.

It works. You said you patched in your first post but I just wanted to clear it.

Courier imap and smtp is different things. You can log into your "mailbox" with imap. So your auth test is normal. There is nothing with authmysqlrc because it's working with imap. The problem is with sasl & smtp.

If the patch doesn't work even if you tried as I said, I suggest you to use saslauthd + pam temporarily until this bug will be fixed.