# postfix+sasl no outside SMTP connection possible (solved)

## benjamin200

Hello, 

I setup a Postfix Mailserver with cyrus-sasl, cyrus-imapd, mysql and cyradm for web-administration. The IMAP Server works very well, also I could send myself an mail using the consolen command:

```

# mail 10001@server.linux-world.site

```

The Mail goes through postfix smtp and will be receipt in my useraccount (10001). But SMTP sending doesn't work. I try it by using a telnet session to the Postfix-Server and per mozilla-thunderbird. It doesn't work  :Sad: 

Here some detailes:

Domain server.linux-world.site 

Accountuser: 10001 

Passwort: test 

########################### 

In 64-bit-based-code this should be MTAwMDEAMTAwMDEAdGVzdA== 

root@server benjamin # printf 'MTAwMDEAMTAwMDEAdGVzdA==' | mimencode -u ; echo 

1000110001test 

root@server benjamin # 

########################### 

Here some detailed login debugging: 

```

root@server sasl2 # testsaslauthd -u 10001 -p test -s smtp 

0: OK "Success." 

root@server sasl2 # 

```

Log: 

```

Feb 16 13:17:29 server saslauthd[8527]: rel_accept_lock : released accept lock 

Feb 16 13:17:29 server saslauthd[8528]: get_accept_lock : acquired accept lock 

Feb 16 13:17:29 server saslauthd[8527]: insert into log (msg, user, host, pid, time) values('AUTH SUCCESSFUL', '10001', '', '8527', NOW()) 

Feb 16 13:17:29 server saslauthd[8527]: do_auth : auth success: [user=10001] [service=smtp] [realm=] [mech=pam] 

Feb 16 13:17:29 server saslauthd[8527]: do_request : response: OK 

```

```

root@server sasl2 # testsaslauthd -u 10001 -p test -s imap 

0: OK "Success." 

root@server sasl2 # 

```

Log: 

```

Feb 16 13:18:08 server saslauthd[8528]: rel_accept_lock : released accept lock 

Feb 16 13:18:08 server saslauthd[8529]: get_accept_lock : acquired accept lock 

Feb 16 13:18:08 server saslauthd[8528]: insert into log (msg, user, host, pid, time) values('AUTH SUCCESSFUL', '10001', '', '8528', NOW()) 

Feb 16 13:18:08 server saslauthd[8528]: do_auth : auth success: [user=10001] [service=imap] [realm=] [mech=pam] 

Feb 16 13:18:08 server saslauthd[8528]: do_request : response: OK 

```

If I now use a mail-client, or get direct on the server, using telnet and try to authenticate myself with the 64-bit-based code MTAwMDEAMTAwMDEAdGVzdA== I get no always an failed login. 

My /usr/lib/sasl2/smtpd.conf have the following include:

```

pwcheck_method: saslauthd 

```

My /etc/pam.d/smtp & pop & imap sieve have the following include: 

```

auth sufficient pam_mysql.so user=mailadmin passwd=geheim host=localhost db=mail table=accountuser usercolumn=username passwd$ 

account required pam_mysql.so user=mailadmin passwd=geheim host=localhost db=mail table=accountuser usercolumn=username passw$ 

```

Ok, now I try to connect using telnet: 

```

root@server sasl2 # telnet localhost 25 

Trying 127.0.0.1... 

Connected to localhost. 

Escape character is '^]'. 

220 server.linux-world.site ESMTP Postfix 

ehlo bla 

250-server.linux-world.site 

250-PIPELINING 

250-SIZE 10240000 

250-VRFY 

250-ETRN 

250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM 

250-AUTH=CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM 

250 8BITMIME 

AUTH PLAIN MTAwMDEAMTAwMDEAdGVzdA== 

535 Error: authentication failed 

```

Log (telnet session and authentication error): 

```

Feb 16 13:26:34 server postfix/smtpd[8833]: < localhost[127.0.0.1]: ehlo bla 

Feb 16 13:26:34 server postfix/smtpd[8833]: > localhost[127.0.0.1]: 250-server.linux-world.site 

Feb 16 13:26:34 server postfix/smtpd[8833]: > localhost[127.0.0.1]: 250-PIPELINING 

Feb 16 13:26:34 server postfix/smtpd[8833]: > localhost[127.0.0.1]: 250-SIZE 10240000 

Feb 16 13:26:34 server postfix/smtpd[8833]: > localhost[127.0.0.1]: 250-VRFY 

Feb 16 13:26:34 server postfix/smtpd[8833]: > localhost[127.0.0.1]: 250-ETRN 

Feb 16 13:26:34 server postfix/smtpd[8833]: > localhost[127.0.0.1]: 250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM 

Feb 16 13:26:34 server postfix/smtpd[8833]: > localhost[127.0.0.1]: 250-AUTH=CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM 

Feb 16 13:26:34 server postfix/smtpd[8833]: match_list_match: localhost: no match 

Feb 16 13:26:34 server postfix/smtpd[8833]: match_list_match: 127.0.0.1: no match 

Feb 16 13:26:34 server postfix/smtpd[8833]: > localhost[127.0.0.1]: 250 8BITMIME 

Feb 16 13:26:34 server postfix/smtpd[8833]: watchdog_pat: 0x80a9b78 

Feb 16 13:26:53 server postfix/smtpd[8833]: < localhost[127.0.0.1]: AUTH PLAIN MTAwMDEAMTAwMDEAdGVzdA== 

Feb 16 13:26:53 server postfix/smtpd[8833]: smtpd_sasl_authenticate: sasl_method PLAIN, init_response MTAwMDEAMTAwMDEAdGVzdA== 

Feb 16 13:26:53 server postfix/smtpd[8833]: smtpd_sasl_authenticate: decoded initial response 10001 

Feb 16 13:26:53 server postfix/smtpd[8833]: warning: SASL authentication failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=3 

Feb 16 13:26:53 server postfix/smtpd[8833]: warning: SASL authentication failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=3 

Feb 16 13:26:53 server postfix/smtpd[8833]: warning: SASL authentication failure: Password verification failed 

Feb 16 13:26:53 server postfix/smtpd[8833]: warning: localhost[127.0.0.1]: SASL PLAIN authentication failed 

Feb 16 13:26:53 server postfix/smtpd[8833]: > localhost[127.0.0.1]: 535 Error: authentication failed 

Feb 16 13:26:53 server postfix/smtpd[8833]: watchdog_pat: 0x80a9b78 

```

Any suggestion how to solve this issue? Should I post some more information for debug  what does you need? Does you need more information? All suggestions and tipps are welcome  :Smile: 

Thanks, 

Benjamin

----------

## langthang

any luck with LOGIN instead of PLAIN?

----------

## benjamin200

No nothing, but I doesn't know the right syntax to do this:

```

AUTH LOGIN MTAwMDEAMTAwMDEAdGVzdA==

334 UGFzc3dvcmQ6

535 Error: authentication failed

```

How I should enter my user 10001 with password test?

Thanks,

Benjamin

----------

## langthang

server$ printf 'user' | mimencode

dXNlcg==

server$ printf 'pass' | mimencode

cGFzcw==

server$ telnet 10.1.2.3 25

Trying 10.1.2.3...

Connected to 10.1.2.3.

Escape character is '^]'.

220 my.mail.server ESMTP Postfix

EHLO blah

250-my.mail.server

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5

250-AUTH=LOGIN PLAIN CRAM-MD5 DIGEST-MD5

250-XVERP

250 8BITMIME

auth login

334 VXNlcm5hbWU6

dXNlcg==

334 UGFzc3dvcmQ6

cGFzcw==

235 Authentication successful

----------

## benjamin200

Thanks for the detailed information aboute to use AUTH LOGIN, but I now found out, whats the problem is.

Here we go:

For SMTP authentication don't use /usr/lib/sasl2/smtpd.conf

NOTE:

YOU HAVE TO USE /etc/sasl2/smtpd.conf and insert the following line:

```

pwcheck_method:saslauthd

```

Restart the needed deamons

```

/etc/init.d/postfix restart

/etc/init.d/saslauthd restart

/etc/init.d/cyrus restart

```

Now it will works. Fine  :Smile: 

Thx,

Benjamin

----------

## benjamin200

Many thanks to "langthang"

Thx,

Benjamin

----------

