SMTP - SASL Auth schlägt fehl

[ICPUI]

Hallo zusammen

Habe heute von lenny auf squeeze geupdatet. Leider geht nun der SMTP Server nicht mehr. Ich verwalte die Mailadressen mit Confixx und benutze postfix.

Ich erhalte beim Verbindungsaufbau und Login per SMTP die Meldung im log:

SASL LOGIN authentication failed: authentication failure

Hier die main.cf aus dem postfix Verzeichnis

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
data_directory = /var/lib/postfix
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
#smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
#smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

myhostname = domain1.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = domain1.com, localhost.localdomain, localhost*
mynetworks = 127.0.0.0/8
relayhost =
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
#home_mailbox = /Maildir/
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/pop-before-smtp, reject_unauth_destination
#smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

home_mailbox = Maildir/
### Virenscanner ###

#content_filter = amavis:[127.0.0.1]:10024
#receive_override_options = no_address_mappings

### CONFIXX POSTFIX ENTRY ###

virtual_alias_maps = hash:/etc/postfix/confixx_virtualUsers, hash:/etc/postfix/confixx_localDomains

Und hier die saslfinger-Ausgabe:

saslfinger - postfix Cyrus sasl configuration Wed Mar  9 18:28:21 CET 2011
version: 1.0.4
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.7.1
System: Debian GNU/Linux 6.0 \n \l

-- smtpd is linked to --
	libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xf7cb6000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = 
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_use_tls = yes


-- listing of /usr/lib/sasl2 --
total 688
drwxr-xr-x  2 root root  4096 Mar  9 09:43 .
drwxr-xr-x 63 root root 20480 Mar  9 10:04 ..
-rw-r--r--  1 root root 13436 Dec 19 13:29 libanonymous.a
-rw-r--r--  1 root root  1003 Dec 19 13:29 libanonymous.la
-rw-r--r--  1 root root 13076 Dec 19 13:29 libanonymous.so
-rw-r--r--  1 root root 13076 Dec 19 13:29 libanonymous.so.2
-rw-r--r--  1 root root 13076 Dec 19 13:29 libanonymous.so.2.0.23
-rw-r--r--  1 root root 15882 Dec 19 13:29 libcrammd5.a
-rw-r--r--  1 root root   989 Dec 19 13:29 libcrammd5.la
-rw-r--r--  1 root root 15444 Dec 19 13:29 libcrammd5.so
-rw-r--r--  1 root root 15444 Dec 19 13:29 libcrammd5.so.2
-rw-r--r--  1 root root 15444 Dec 19 13:29 libcrammd5.so.2.0.23
-rw-r--r--  1 root root 45328 Dec 19 13:29 libdigestmd5.a
-rw-r--r--  1 root root  1012 Dec 19 13:29 libdigestmd5.la
-rw-r--r--  1 root root 43144 Dec 19 13:29 libdigestmd5.so
-rw-r--r--  1 root root 43144 Dec 19 13:29 libdigestmd5.so.2
-rw-r--r--  1 root root 43144 Dec 19 13:29 libdigestmd5.so.2.0.23
-rw-r--r--  1 root root 13586 Dec 19 13:29 liblogin.a
-rw-r--r--  1 root root   983 Dec 19 13:29 liblogin.la
-rw-r--r--  1 root root 13552 Dec 19 13:29 liblogin.so
-rw-r--r--  1 root root 13552 Dec 19 13:29 liblogin.so.2
-rw-r--r--  1 root root 13552 Dec 19 13:29 liblogin.so.2.0.23
-rw-r--r--  1 root root 29140 Dec 19 13:29 libntlm.a
-rw-r--r--  1 root root   977 Dec 19 13:29 libntlm.la
-rw-r--r--  1 root root 28528 Dec 19 13:29 libntlm.so
-rw-r--r--  1 root root 28528 Dec 19 13:29 libntlm.so.2
-rw-r--r--  1 root root 28528 Dec 19 13:29 libntlm.so.2.0.23
-rw-r--r--  1 root root 13786 Dec 19 13:29 libplain.a
-rw-r--r--  1 root root   983 Dec 19 13:29 libplain.la
-rw-r--r--  1 root root 14096 Dec 19 13:29 libplain.so
-rw-r--r--  1 root root 14096 Dec 19 13:29 libplain.so.2
-rw-r--r--  1 root root 14096 Dec 19 13:29 libplain.so.2.0.23
-rw-r--r--  1 root root 21498 Dec 19 13:29 libsasldb.a
-rw-r--r--  1 root root  1014 Dec 19 13:29 libsasldb.la
-rw-r--r--  1 root root 18084 Dec 19 13:29 libsasldb.so
-rw-r--r--  1 root root 18084 Dec 19 13:29 libsasldb.so.2
-rw-r--r--  1 root root 18084 Dec 19 13:29 libsasldb.so.2.0.23

-- listing of /etc/postfix/sasl --
total 12
drwxr-xr-x 2 root root 4096 May  6  2007 .
drwxr-xr-x 3 root root 4096 Mar  9 09:49 ..
-rw-r--r-- 1 root root  109 Sep  8 13:05 smtpd.conf




-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN 
saslauthd_path: /var/run/saslauthd/mux
autotransition:true

-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN 
saslauthd_path: /var/run/saslauthd/mux
autotransition:true


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       n       -       -       smtpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       -       300     1       qmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
scalemail-backend unix	-	n	n	-	2	pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}


amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_bin_address=127.0.0.1
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
scache    unix  -       -       -       -       1       scache
discard   unix  -       -       -       -       -       discard
retry     unix  -       -       -       -       -       error

-- mechanisms on localhost --
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN

-- end of saslfinger output --

Ich hoffe jemand kann hier helfen. Dann wären endlich alle Update Probleme aus der Welt geschafft

 

[Huschi]

Kommt rund um die zitierte Fehlermeldung evtl. noch andere Meldungen? (Auch wenn sie Dir unwichtig erscheinen...)
Du kannst Postfix auch gesprächiger machen, indem Du in der master.cf hinter smtpd noch ein "-vv" anhängst.

Was mir spontan auffällt ist, dass der smtpd-Prozess bei Dir nicht in der chroot läuft. Dies weicht zumindest von einer Standard-Installation ab.

huschi.

 

[ICPUI]

Hallo Huschi

Hier die mail.log

Mar 10 08:55:56 vadmin1025 postfix/smtpd[5643]: connect from pingability.com[207.210.209.134]
Mar 10 08:55:57 vadmin1025 postfix/smtpd[5643]: warning: pingability.com[207.210.209.134]: SASL LOGIN authentication failed: authentication failure
Mar 10 08:55:57 vadmin1025 postfix/smtpd[5643]: lost connection after AUTH from pingability.com[207.210.209.134]
Mar 10 08:55:57 vadmin1025 postfix/smtpd[5643]: disconnect from pingability.com[207.210.209.134]

Die mail.warn:

Mar 10 08:55:56 vadmin1025 postfix/trivial-rewrite[5642]: warning: do not list domain domain1.com in BOTH mydestination and virtual_alias_domains
Mar 10 08:55:57 vadmin1025 postfix/smtpd[5643]: warning: pingability.com[207.210.209.134]: SASL LOGIN authentication failed: authentication failure

Wobei der Fehler mit der Fehler mit der doppelten Eintragungen bereits vor dem Update vorhanden war und kein Problem darstellte.

Hier noch der SMTP telnet Verlauf.

DEBUG SMTP: connected to host "domain1.com", port: 25

EHLO pingability.com
250-domain1.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
DEBUG SMTP: Found extension "PIPELINING", arg ""
DEBUG SMTP: Found extension "SIZE", arg "10240000"
DEBUG SMTP: Found extension "VRFY", arg ""
DEBUG SMTP: Found extension "ETRN", arg ""
DEBUG SMTP: Found extension "STARTTLS", arg ""
DEBUG SMTP: Found extension "AUTH", arg "LOGIN PLAIN"
DEBUG SMTP: Found extension "AUTH=LOGIN", arg "PLAIN"
DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""
DEBUG SMTP: Found extension "8BITMIME", arg ""
DEBUG SMTP: Found extension "DSN", arg ""
DEBUG SMTP: Attempt to authenticate
DEBUG SMTP: check mechanisms: LOGIN PLAIN DIGEST-MD5 NTLM 
AUTH LOGIN
334 XXXXXXXXXX
YYYYYYY
334 ZZZZZZZZZZZ
QQQQQQQQQ
535 5.7.8 Error: authentication failed: authentication failure

Authentication Failed

Wenn ich mich über testsaslauthd anmelde geht das ganze ohne Probleme. Sonst wüsste ich nicht, wo noch Meldungen sein könnten.

Sollte ich das chroot Problem lösen oder so belassen?

 

[Huschi]

Auch beim zweiten Mal drüber gucken habe ich aktuell keine Idee, was es sein kann.
Außer das übliche: Tippfehler im User oder Passwort.

Sollte ich das chroot Problem lösen oder so belassen?

Daran scheint es nicht zu hängen.

huschi.

 

[ICPUI]

Also beim Login per testsaslauthd funktioniert alles. Auch der Versand per Confixx Webmail gibts keine Probleme (weiss nicht ob Confixx SMTP oder sendmail benutzt). Nur halt extern gibts Probleme

//Edit: Vielleicht hat es auch was mit dieser Fehlermeldung zu tun, welche ich beim Update erhalten habe. Bild im Anhang.