# sasl2 smtp question

## Fenixoid

Hello,

Multiple domain virtual email system: postfix + postfixadmin + mysql + curier-imap/pop3/authlib + cyrus-saslauth

Users from mysql db check their emails, logins and logout fine (pop3/imap). But when I try

pop3/imap server: mail.my-domain.com

smtp: mail.my-domain.com

To send mail using same smtp server I get:

```
postfix/smtpd[23373]: SQL engine 'mysql ' not supported

postfix/smtpd[23373]: auxpropfunc error no mechanism available

postfix/smtpd[23373]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql

postfix/smtpd[23373]: auxpropfunc error invalid parameter supplied

postfix/smtpd[23373]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb

ostfix/smtpd[23373]: connect from hst-140-157.ipt.net[86.233.140.157]

imapd: Connection, ip=[::ffff:127.0.0.1]

imapd: LOGIN, user=testas@my-domain.com, ip=[::ffff:127.0.0.1], protocol=IMAP

imapd: DISCONNECTED, user=testas@my-domain.com, ip=[::ffff:127.0.0.1], headers=0, body=0, time=0

Apr 25 00:23:26 serveris postfix/smtpd[23373]: NOQUEUE: reject: RCPT from hst-140-157.ipt.net[865.233.140.157]: 554 5.7.1 <kennedy@gmail.com>: Relay access denied; from=<testas@my-domain.com> to=<kennedy@gmail.com> proto=ESMTP helo=<[86.233.140.157]>
```

 *Quote:*   

> box ~ # cat /etc/sasl2/smtpd.conf
> 
> pwcheck_method: saslauthd
> 
> mech_list: PLAIN LOGIN
> ...

 

Any ideas how should sasl config look like?

----------

## sp7xfq

hello,

this  *Fenixoid wrote:*   

>  *Quote:*   box ~ # cat /etc/sasl2/smtpd.conf
> 
> pwcheck_method: saslauthd 

 enables only saslauthd which is unable to authenticate mysql users, if you have only mysql users try this

```

pwcheck_method: auxprop

auxprop_plugin: sql

mech_list: PLAIN LOGIN 

log_level: 3 

authdaemond_path:/var/lib/courier/authdaemon/socket 

 

password_format: crypt 

sql_engine: mysql 

sql_hostnames: 127.0.0.1 

sql_database: postfix 

sql_user: postfix 

sql_passwd: some_pass 

sql_select: SELECT password FROM mailbox WHERE username='%u@%r' AND active='1' LIMIT 1 

sql_usessl: no

```

and make sure your sasl is compiled with mysql use-flag

----------

## Fenixoid

Does not help...

```
Apr 29 15:19:00 box postfix/smtpd[6972]: warning: hst-140-157.ipt.cpom [86.233.140.157]: SASL PLAIN authentication failed: authentication failure

Apr 29 15:19:00 box postfix/smtpd[6972]: warning: hst-140-157.ipt.com [86.233.140.157]: SASL LOGIN authentication failed: authentication failure
```

----------

## sp7xfq

 *Fenixoid wrote:*   

> Does not help...
> 
> ```
> Apr 29 15:19:00 box postfix/smtpd[6972]: warning: hst-140-157.ipt.cpom [86.233.140.157]: SASL PLAIN authentication failed: authentication failure
> 
> ...

 

No, it helped. The logs tells that sasl is working now but there are problem with authentication. 

I think it may be problem witch different crypt format, try add 

```
srp_mda: md5
```

to ur smtpd.conf

----------

## Fenixoid

No luck, I even tried this:

```
box ~ # cat /etc/sasl2/smtpd.conf

# $Header: /var/cvsroot/gentoo-x86/mail-mta/postfix/files/smtp.sasl,v 1.2 2004/07/18 03:26:56 dragonheart Exp $

#sasl2_pwcheck_method: saslauthd authdaemond

#pwcheck_method: saslauthd

pwcheck_method: auxprop

auxprop_plugin: sql

mech_list: PLAIN LOGIN cram-md5 digest-md5

srp_mda: md5

log_level: 3

authdaemond_path:/var/lib/courier/authdaemon/socket

#password_format: crypt

sql_passwd_hash: crypt

sql_engine: mysql

sql_hostnames: 127.0.0.1

sql_database: postfix

sql_user: postfix

sql_passwd: postfix666

sql_statement: SELECT password FROM mailbox WHERE username='%u@%r' AND active='1' LIMIT 1

#sql_select: SELECT password FROM mailbox WHERE username='%u@%r' AND active='1' LIMIT 1

#sql_select: SELECT password FROM mailbox WHERE username='%u' and domain='%r'

#sql_update: UPDATE mailbox SET password='%v' WHERE username='%u@%r' AND active='1' LIMIT 1

sql_usessl: no

sql_verbose: yes
```

But still:

SASL authentication failure: Password verification failed

SASL PLAIN authentication failed: authentication failure

SASL LOGIN authentication failed: authentication failure

I think I will have to use pam_mysql :-/

----------

## kashani

Take the easy way out and slave cyrus-sasl off courier-authlib. 

/etc/sasl2/smtpd.conf

```

pwcheck_method: authdaemond

log_level: 3

mech_list: PLAIN LOGIN

authdaemond_path:/var/lib/courier/authdaemon/socket

```

Turn off mysql in cyrus-sasl and use authdaemond

www01 ~ # emerge -pv cyrus-sasl 

[ebuild   R   ] dev-libs/cyrus-sasl-2.1.22-r2  USE="authdaemond crypt pam ssl urandom -berkdb -gdbm -java -kerberos -ldap -mysql -ntlm_unsupported_patch -postgres -sample -srp" 0 kB

chmod 755 /var/lib/courier/authdaemon because the original permissons are too restrictive or add sasl into the mail group. 

That should be it.

kashani

----------

