# Courier-imap using mysql auth not accepting fixed values

## Xerxes83

I am trying to set up virtual domain hosting, using both the Gentoo guide (http://www.gentoo.org/doc/en/virt-mail-howto.xml) and another guide which prepairs for the use of PostfixAdmin (http://high5.net/postfixadmin/).

My first problem is that courier-imap doesn't understand 'fixed' values, while according to the guide it should. This results in the following SQL statement:

```
SELECT username, password, "", '1001', '1001', '/home/vmail', maildir, "", name, "" FROM mailbox WHERE username = "test"
```

This is caused by the following line from the file /etc/courier-imap/authmysqlrc:

```
##NAME: MYSQL_UID_FIELD:0

#

# Other fields in the mysql table:

#

# MYSQL_UID_FIELD - contains the numerical userid of the account

#

MYSQL_UID_FIELD         '1001'
```

So instead of querying the value from a table, courier-imap should just take the value specified. I can't find anything about how the value should be specified (short of putting the name of a table field there).

----------

## steveb

I personaly would be very happy if you could use the ebuild found here to install PostfixAdmin. If you have trouble with the ebuild, then post a reply there where you downloaded the ebuild and then everyone of us can profit from your experiance.

Cheers

SteveB

----------

## Xerxes83

I just read through the ebuild, and I don't see any manipulation of /etc/courier-imap/authmysqlrc.  Also the other files I had to change (like /etc/postfix/main.cf and /etc/sasl2/smtpd.conf) aren't processed. So unless I'm wrong (I haven't made/edited an ebuild before, so I could be) this ebuild only installs PostfixAdmin and leaves me with the same problem.

----------

## steveb

 *Xerxes83 wrote:*   

> I just read through the ebuild, and I don't see any manipulation of /etc/courier-imap/authmysqlrc.  Also the other files I had to change (like /etc/postfix/main.cf and /etc/sasl2/smtpd.conf) aren't processed. So unless I'm wrong (I haven't made/edited an ebuild before, so I could be) this ebuild only installs PostfixAdmin and leaves me with the same problem.

 Correct! You have to do the configuration by yourself. The ebuild can't 100% guess what you realy want to configure. But at least it does install PostfixAdmin with the help of an ebuild.

My /etc/courier-imap/authmysqlrc looks like this:

```
pluto / # grep -v "^$\|^#.*$" /etc/courier-imap/authmysqlrc | sed "s:^\(MYSQL_PASSWORD[ \t]*\).*:\1XXXXXXXXXX:gI"

MYSQL_SERVER            localhost

MYSQL_USERNAME          postfix

MYSQL_PASSWORD          XXXXXXXXXX

MYSQL_SOCKET            /var/run/mysqld/mysqld.sock

MYSQL_PORT              0

MYSQL_OPT               0

MYSQL_DATABASE          postfix

MYSQL_USER_TABLE        mailbox

MYSQL_CRYPT_PWFIELD     password

MYSQL_UID_FIELD         '207'

MYSQL_GID_FIELD         '207'

MYSQL_LOGIN_FIELD       username

MYSQL_HOME_FIELD        '/local/vmail'

MYSQL_NAME_FIELD        name

MYSQL_MAILDIR_FIELD     maildir

MYSQL_QUOTA_FIELD       quota

pluto / #
```

the postfix files for mysql look like this:

```
pluto / # for foo in /etc/postfix/mysql_*.cf;do sed "s:^\(password[ \t]*=[ \t]*\).*:\1XXXXXXX:gI" ${foo};echo -ne "\n\n";done

# /etc/postfix/mysql_relay_domains_maps.cf

user                    = postfix

password                = XXXXXXX

hosts                   = unix:/var/run/mysqld/mysqld.sock

dbname                  = postfix

table                   = domain

select_field            = domain

where_field             = domain

additional_conditions   = and backupmx = '1'

# /etc/postfix/mysql_virtual_alias_maps.cf

user                    = postfix

password                = XXXXXXX

hosts                   = unix:/var/run/mysqld/mysqld.sock

dbname                  = postfix

table                   = alias

select_field            = goto

where_field             = address

# /etc/postfix/mysql_virtual_domains_maps.cf

user                    = postfix

password                = XXXXXXX

hosts                   = unix:/var/run/mysqld/mysqld.sock

dbname                  = postfix

table                   = domain

select_field            = description

where_field             = domain

additional_conditions   = and backupmx = '0' and active = '1'

# /etc/postfix/mysql_virtual_mailbox_limit_maps.cf

user                    = postfix

password                = XXXXXXX

hosts                   = unix:/var/run/mysqld/mysqld.sock

dbname                  = postfix

table                   = mailbox

select_field            = quota

where_field             = username

additional_conditions   = and active = '1'

# /etc/postfix/mysql_virtual_mailbox_maps.cf

user                    = postfix

password                = XXXXXXX

hosts                   = unix:/var/run/mysqld/mysqld.sock

dbname                  = postfix

table                   = mailbox

select_field            = maildir

where_field             = username

additional_conditions   = and active = '1'

pluto / #
```

Since the MySQL tables will be installed by the PostfixAdmin ebuild, I don't list them here again.

I used a patch to allow crypted passwords to be used in cyrus-sasl (this is the reason my smtpd.conf my look diffrend then yours):

```
pluto / # sed "s:^\(sql_passwd\:[ \t]*\).*:\1XXXXXXXX:gI" /etc/sasl2/smtpd.conf

# $Header: /var/cvsroot/gentoo-x86/mail-mta/postfix/files/smtp.sasl,v 1.2 2004/07/18 03:26:56 dragonheart Exp $

# pwcheck_method:pam

pwcheck_method: auxprop

auxprop_plugin: sql

log_level: 3

## mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5

mech_list: PLAIN LOGIN

pwcheck_method: saslauthd

## http://frost.ath.cx/software/cyrus-sasl-patches/

## password_format: [plaintext|crypt|crypt_trad]

password_format: crypt

## --> http://www.asyd.net/docs/cyrus-options.html

sql_engine: mysql

sql_hostnames: localhost

sql_user: postfix

sql_passwd: XXXXXXXX

sql_database: postfix

sql_select: SELECT password FROM mailbox WHERE username = '%u@%r' AND active = '1' LIMIT 1

sql_update: UPDATE mailbox SET password = '%v' WHERE username = '%u@%r' AND active = '1' LIMIT 1

sql_usessl: no

pluto / #
```

/etc/postfix/main.cf (not everything. only the important part):

```
myhostname                                              = mail2.domain.tld

mydomain                                                = domain.tld

inet_interfaces                                         = all

mydestination                                           = $myhostname, localhost.$mydomain $mydomain

mynetworks_style                                        = class

mynetworks                                              = xxx.xxx.xxx.xxx/29, 192.168.0.0/24, 127.0.0.0/8

home_mailbox                                            = .maildir/

local_destination_concurrency_limit                     = 2

default_destination_concurrency_limit                   = 10

local_transport                                         = local

local_recipient_maps                                    = $alias_maps $virtual_mailbox_maps unix:passwd.byname

virtual_alias_maps                                      = mysql:/etc/postfix/mysql_virtual_alias_maps.cf

virtual_gid_maps                                        = static:207

virtual_mailbox_base                                    = /local/virtual

virtual_mailbox_domains                                 = mysql:/etc/postfix/mysql_virtual_domains_maps.cf

virtual_mailbox_limit                                   = 51200000

virtual_mailbox_maps                                    = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

virtual_minimum_uid                                     = 1000

virtual_transport                                       = virtual

virtual_uid_maps                                        = static:207

virtual_create_maildirsize                              = yes

virtual_mailbox_extended                                = yes

virtual_mailbox_limit_maps                              = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

virtual_mailbox_limit_override                          = yes

virtual_maildir_limit_message                           = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.

virtual_overquota_bounce                                = yes

relay_domains                                           = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf

smtpd_recipient_restrictions                            = permit_mynetworks,

                                                          permit_sasl_authenticated,

                                                          reject_non_fqdn_hostname,

                                                          reject_non_fqdn_sender,

                                                          reject_non_fqdn_recipient,

                                                          reject_unauth_destination,

                                                          reject_unauth_pipelining,

                                                          reject_invalid_hostname,

                                                          reject_rbl_client opm.blitzed.org,

                                                          reject_rbl_client list.dsbl.org,

                                                          reject_rbl_client bl.spamcop.net,

                                                          reject_rbl_client sbl-xbl.spamhaus.org

smtpd_sasl_auth_enable                                  = yes

smtpd_sasl2_auth_enable                                 = yes

smtpd_sasl_local_domain                                 =

smtpd_sasl_security_options                             = noanonymous

broken_sasl_auth_clients                                = yes

smtpd_use_tls                                           = yes

#smtpd_tls_auth_only                                    = yes

smtpd_tls_key_file                                      = /etc/postfix/newreq.pem

smtpd_tls_cert_file                                     = /etc/postfix/newcert.pem

smtpd_tls_CAfile                                        = /etc/postfix/cacert.pem

smtpd_tls_loglevel                                      = 3

smtpd_tls_received_header                               = yes

smtpd_tls_session_cache_timeout                         = 3600s

tls_random_source                                       = dev:/dev/urandom

owner_request_special                                   = no

recipient_delimiter                                     = +

##debug_peer_level                                      = 5

##debug_peer_list                                               = $host.domain.name
```

and this is my /etc/conf.d/saslauthd:

```
pluto / # cat /etc/conf.d/saslauthd

# $Header: /var/cvsroot/gentoo-x86/dev-libs/cyrus-sasl/files/saslauthd-2.1.20.conf,v 1.1 2004/10/31 06:13:48 langthang Exp $

# Config file for /etc/init.d/saslauthd

# Initial (empty) options.

SASLAUTHD_OPTS=""

# Specify the authentications mechanism.

# *NOTE* For list see: saslauthd -v

# From 2.1.19, add "-r" to options for old behavior

# ie. reassemble user and realm to user@realm form.

# SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam -r"

SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam"

# Specify the hostname for remote IMAP server.

# *NOTE* Only needed if rimap auth mech is used.

#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -O localhost"

# Specify the number of worker processes to create.

SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -n 5"

# Enable credential cache, cache size, and timeout.

# *NOTE* Size is measured in kilobytes

#        Timeout is measured in seconds

SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -c -s 128 -t 30"

pluto / #
```

is there anything you need more in order to be able to configure that beast?

cheers

SteveB

----------

## Xerxes83

It turns out I made a really stupid mistake... should have used `user@domain` to login instead of `user` only. It's not everyday that I see a statement where quotes are used in the select clause, so I didn't notice untill now. Your configuration files did contain some usefull things though, like the 'sql_update' for cyrs-sasl.

The second problem (which I didn't mention yet) is caused by $mydomain being also listed as a virtual domain. And that is happening because I want to be able to configure ALL domains using PostfixAdmin. I tried setting $mydomain to localhost, but now my main.cf is corrupt (at least I think so) and postfix logs the following line: *Quote:*   

> Dec  5 17:14:27 megumi postfix/virtual[11495]: fatal: open dictionary: need "type:name" form instead of: "#"

  According to some other posts there is an indent somewhere that shouldn't be there... but I can't find it.

And lastly I was wondering if Postfix creates the user dirs for you? So if I use PostfixAdmin to create a new user, does postfix create the directory /home/vmail/user@domain for me?

Edit: Fixed the config file, but the problem with $domain and virtual_domain still remains.

----------

## steveb

 *Xerxes83 wrote:*   

> It turns out I made a really stupid mistake... should have used `user@domain` to login instead of `user` only. It's not everyday that I see a statement where quotes are used in the select clause, so I didn't notice untill now. Your configuration files did contain some usefull things though, like the 'sql_update' for cyrs-sasl.
> 
> The second problem (which I didn't mention yet) is caused by $mydomain being also listed as a virtual domain. And that is happening because I want to be able to configure ALL domains using PostfixAdmin. I tried setting $mydomain to localhost, but now my main.cf is corrupt (at least I think so) and postfix logs the following line: *Quote:*   Dec  5 17:14:27 megumi postfix/virtual[11495]: fatal: open dictionary: need "type:name" form instead of: "#"  According to some other posts there is an indent somewhere that shouldn't be there... but I can't find it.
> 
> And lastly I was wondering if Postfix creates the user dirs for you? So if I use PostfixAdmin to create a new user, does postfix create the directory /home/vmail/user@domain for me?
> ...

 could you please post the content of your master.cf and main.cf file?

cheers

SteveB

----------

## Xerxes83

The latest version of main.cf (if a variable is not listed here, it is not defined and only my domain is changed into domain.tld):

 *Quote:*   

> queue_directory = /var/spool/postfix
> 
> command_directory = /usr/sbin
> 
> daemon_directory = /usr/lib/postfix
> ...

 

Master.cf (unchanged from emerge): *Quote:*   

> # ==========================================================================
> 
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> 
> #               (yes)   (yes)   (yes)   (never) (100)
> ...

 

----------

## Xerxes83

Ok... this was fun! The errors was caused by the following lines:

```
virtual_uid_maps = static:1001 # The vmail user

virtual_gid_maps = static:1001 # The vmail group 
```

I found out using the command '# postconf -n', which showed the # comment in the output.

Anyway, thx for your help. I hope the next step works  :Smile: 

----------

## hanj

Hello SteveB

Your posts have helped me a lot, but I seem to still be hitting a snag with sasl and crypted passwords. I'm trying the later ebuild of dev-libs/cyrus-sasl-2.1.20-r2, which includes the checkpw patch. I've adjusted my smtpd.conf to look for the crypted value but my login still fails. I can pop using the crypted field just fine, but sasl/smtp is giving me grief. Any help on this issue is greatly appreciated. I'll post some relevant snips of confs and logs below.

/etc/sasl2/smtpd.conf

```
# $Header: /var/cvsroot/gentoo-x86/mail-mta/postfix/files/smtp.sasl,v 1.2 2004/07/18 03:26:56 dragonheart Exp $

pwcheck_method:auxprop

auxprop_plugin: sql

mech_list: PLAIN LOGIN

pwcheck_method: saslauthd 

# http://frost.ath.cx/software/cyrus-sasl-patches/

## password_format: [plaintext|crypt|crypt_trad]

password_format: crypt 

# http://www.asyd.net/docs/cyrus-options.html

sql_engine: mysql

sql_hostnames: 127.0.0.1

sql_database: mailsql

sql_user: mailsql

sql_passwd: xxxxxxx

sql_select: SELECT crypt FROM users WHERE email='%u@%r'

sql_usessl: no 

log_level: 6 # decide yourself, but good for debugging

#define SASL_LOG_NONE  0        /* don't log anything */

#define SASL_LOG_ERR   1        /* log unusual errors (default) */

#define SASL_LOG_FAIL  2        /* log all authentication failures */

#define SASL_LOG_WARN  3        /* log non-fatal warnings */

#define SASL_LOG_NOTE  4        /* more verbose than LOG_WARN */

#define SASL_LOG_DEBUG 5        /* more verbose than LOG_NOTE */

#define SASL_LOG_TRACE 6        /* traces of internal protocols */

#define SASL_LOG_PASS  7        /* traces of internal protocols, including

```

/etc/conf.d/saslauthd

```
# $Header: /var/cvsroot/gentoo-x86/dev-libs/cyrus-sasl/files/saslauthd-2.1.20.conf,v 1.1 2004/10/31 06:13:48 langthang Exp $

# Config file for /etc/init.d/saslauthd

# Initial (empty) options.

SASLAUTHD_OPTS=""

# Specify the authentications mechanism.

# *NOTE* For list see: saslauthd -v

# From 2.1.19, add "-r" to options for old behavior

# ie. reassemble user and realm to user@realm form.

# SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam -r"

SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam"

# * If you are still using postfix->sasl->saslauthd->pam->mysql for

# * authentication, please edit /etc/conf.d/saslauthd to read:

# * SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam -r"

# * Don't forget to restart the service: `/etc/init.d/saslauthd restart`.

# Specify the hostname for remote IMAP server.

# *NOTE* Only needed if rimap auth mech is used.

#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -O localhost"

# Specify the number of worker processes to create.

#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -n 5"

# Enable credential cache, cache size, and timeout.

# *NOTE* Size is measured in kilobytes 

#        Timeout is measured in seconds

#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -c -s 128 -t 30"

SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -n 5" 

SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -c -s 128 -t 30"

```

/etc/postfix/main.cf (just sasl/smtp stuff)

```
##############################################

# SASL AUTH                                  #

##############################################

smtpd_sasl_auth_enable = yes

smtpd_sasl2_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain =

broken_sasl_auth_clients = yes

##############################################

# SSL                                        #

##############################################

smtpd_use_tls = yes

smtp_use_tls = yes

smtp_tls_note_starttls_offer = yes

smtpd_tls_key_file = /etc/postfix/newreq_mail.pem

smtpd_tls_cert_file = /etc/postfix/newcert_mail.pem

smtpd_tls_CAfile = /etc/postfix/cacert_mail.pem

smtpd_tls_loglevel = 1

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

```

/var/log/mail.log

```
Mar  1 22:56:04 hanji postfix/smtpd[4462]: connect from unknown[10.0.0.40]

Mar  1 22:56:04 hanji postfix/smtpd[4462]: setting up TLS connection from unknown[10.0.0.40]

Mar  1 22:56:04 hanji postfix/smtpd[4462]: TLS connection established from unknown[10.0.0.40]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)

Mar  1 22:56:04 hanji postfix/smtpd[4462]: warning: unknown[10.0.0.40]: SASL LOGIN authentication failed

Mar  1 22:56:06 hanji postfix/smtpd[4462]: warning: Read failed in network_biopair_interop with errno=0: num_read=0, want_read=5

Mar  1 22:56:06 hanji postfix/smtpd[4462]: lost connection after AUTH from unknown[10.0.0.40]
```

/var/log/mysql/mysql.log

```
72 Connect     mailsql@localhost on mailsql

72 Quit       

73 Connect     mailsql@localhost on mailsql

73 Query       START TRANSACTION

73 Query       SELECT crypt FROM users WHERE email='hanji@quiet.net'

73 Query       SELECT crypt FROM users WHERE email='hanji@quiet.net'

73 Query       COMMIT

73 Quit       
```

Thanks in advance!

hanjiLast edited by hanj on Wed Mar 02, 2005 6:59 am; edited 1 time in total

----------

## steveb

should that not be /etc/sasl2/smtpd.conf instead of /etc/sasl2/smtp.conf

can you please delete the second pwcheck_method line (the one with saslauthd)?

should that not be /etc/conf.d/saslauthd instead of /etc/init.d/saslauthd?

cheers

SteveB

----------

## hanj

whoa.. I'm tired.

Those files were in the right place.. just labeled them wrong (above post has been edit'd).. I apologize.

I edit'd the /etc/sasl2/smtpd.conf and commented that line.. but error still persists after saslauthd restart.

```
pwcheck_method:auxprop

auxprop_plugin: sql

mech_list: PLAIN LOGIN

#pwcheck_method: saslauthd 

# http://frost.ath.cx/software/cyrus-sasl-patches/

## password_format: [plaintext|crypt|crypt_trad]

password_format: crypt

# http://www.asyd.net/docs/cyrus-options.html

sql_engine: mysql

sql_hostnames: 127.0.0.1

sql_database: mailsql

sql_user: mailsql

sql_passwd: xxxxxxxxx

sql_select: SELECT crypt FROM users WHERE email='%u@%r'

sql_usessl: no

log_level: 6 # decide yourself, but good for debugging

#define SASL_LOG_NONE  0        /* don't log anything */

#define SASL_LOG_ERR   1        /* log unusual errors (default) */

#define SASL_LOG_FAIL  2        /* log all authentication failures */

#define SASL_LOG_WARN  3        /* log non-fatal warnings */

#define SASL_LOG_NOTE  4        /* more verbose than LOG_WARN */

#define SASL_LOG_DEBUG 5        /* more verbose than LOG_NOTE */

#define SASL_LOG_TRACE 6        /* traces of internal protocols */

#define SASL_LOG_PASS  7        /* traces of internal protocols, including

```

Thanks much for the reply

hanji

----------

## steveb

please add a space before auxprop. change from

```
pwcheck_method:auxprop
```

to

```
pwcheck_method: auxprop
```

----------

## steveb

just looking over your error: *hanj wrote:*   

> [......]/var/log/mail.log
> 
> ```
> Mar  1 22:56:04 hanji postfix/smtpd[4462]: connect from unknown[10.0.0.40]
> 
> ...

 

your email client is probably buggy. the tls layer requested to read 5 bytes (want_read=5) but only got only 0 bytes (num_read=0). the status errno=0 means that the peer (your mail client) closed the connection instead of sending more bytes.

what kind of mail client do you use?

normaly this should look like this:

```
Mar  2 08:24:47 mail postfix/smtpd[426]: sql auxprop plugin using mysql engine

Mar  2 08:24:47 mail postfix/smtpd[426]: setting up TLS connection from gentoo-eth1.vunet.local[192.168.0.12]

Mar  2 08:24:47 mail postfix/smtpd[426]: TLS connection established from gentoo-eth1.vunet.local[192.168.0.12]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)

Mar  2 08:24:47 mail postfix/smtpd[426]: connect from gentoo-eth1.vunet.local[192.168.0.12]

Mar  2 08:24:47 mail postfix/smtpd[426]: 5594C15B7D56: client=gentoo-eth1.vunet.local[192.168.0.12]

Mar  2 08:24:47 mail postfix/cleanup[364]: 5594C15B7D56: message-id=<20050302082437.75b9ec6e@gentoo.vunet.local>

Mar  2 08:24:47 mail postfix/qmgr[5112]: 5594C15B7D56: from=<steveb@domain.tld>, size=636, nrcpt=1 (queue active)

Mar  2 08:24:47 mail postfix/smtpd[426]: disconnect from gentoo-eth1.vunet.local[192.168.0.12]

Mar  2 08:24:48 mail postfix/smtp[367]: 5594C15B7D56: to=<echo@switch.ch>, relay=chx400.switch.ch[130.59.10.2], delay=1, status=sent (250 OK id=1D6ODm-0004zo-00)

Mar  2 08:24:48 mail postfix/qmgr[5112]: 5594C15B7D56: removed
```

cheers

SteveB

----------

## sf_alpha

try CONCAT('STRING')

MYSQL_UID_FIELD         CONCAT('1001')

----------

## hanj

Hello

I removed the space in smptd.conf (auxprop_plugin: sql).. no dice.

My mail client is sylpheed-claws (mail-client/sylpheed-claws-1.0.0

-clamav +crypt +dillo -gnome +imlib -ipv6 -ldap -maildir +nls -pda +pdflib +spell +ssl +xface). I have SMTP Authentication set in the client, and it is using TLS for both POP and SMTP.

 *Quote:*   

> try CONCAT('STRING')
> 
> MYSQL_UID_FIELD CONCAT('1001')

 

sf_alpha.. not sure why I would need to adjust the MYSQL_UID_FIELD. Wouldn't that be during 'pop'? I'm having zero trouble popping, just sending.

Thanks for the replies

hanji

----------

## hanj

Disabling TLS on the account.. mail.log now shows the following:

```
Mar  2 08:39:22 hanji postfix/smtpd[14371]: connect from unknown[10.0.0.40]

Mar  2 08:39:22 hanji postfix/smtpd[14371]: warning: unknown[10.0.0.40]: SASL LOGIN authentication failed

Mar  2 08:39:40 hanji postfix/smtpd[14371]: lost connection after AUTH from unknown[10.0.0.40]

Mar  2 08:39:40 hanji postfix/smtpd[14371]: disconnect from unknown[10.0.0.40]
```

thanks

hanji

----------

## langthang

try login from a telnet client, look in the log. You may want to add "sql_verbose: yes" to /etc/sasl2/smtpd.conf

----------

## hanj

Hello 

I added the 'sql_verbose: yes' to /etc/sasl2/smtpd.conf, and restarted the service. I telnet'd from another server and issued auth login, and again received authentication failed. I made sure I mimencoded my username/password during the communication.

```
warning: unknown[10.0.0.40]: SASL login authentication failed
```

I'm not seeing any new logs with sql_verbose, also I'm not seeing any changes when I crank up the log_level??

Thanks!

hanji

----------

## steveb

 *hanj wrote:*   

> Hello
> 
> I removed the space in smptd.conf (auxprop_plugin: sql).. no dice.
> 
> My mail client is sylpheed-claws (mail-client/sylpheed-claws-1.0.0
> ...

 shit! sylpheed-claws works over here. I am using:

```
Calculating dependencies ...done!

[ebuild   R   ] mail-client/sylpheed-claws-1.0.1  +clamav +crypt -dillo +gnome +imlib +ipv6 +kde +ldap +maildir +nls +pda +pdflib +spell +ssl +xface 0 kB

Total size of downloads: 0 kB

gentoo / #
```

So it is not the client.

cheers

SteveB

----------

## steveb

Okay... lets continue this issue.

Could you check /etc/pam.d/smtp, /etc/pam.d/pop and /etc/pam.d/imap:

```
# $Header: /var/cvsroot/gentoo-x86/mail-mta/postfix/files/smtp.pam,v 1.2 2004/07/18 03:26:56 dragonheart Exp $

auth    optional        pam_mysql.so host=localhost db=mailsql user=mailsql passwd=**password** table=users usercolumn=email passwdcolumn=crypt crypt=1

account required        pam_mysql.so host=localhost db=mailsql user=mailsql passwd=**password** table=users usercolumn=email passwdcolumn=crypt crypt=1
```

The crypt field does take the following values:

```
crypt=0: plain

crypt=1: crypt/shadow

crypt=2: MySQL Password

crypt=3: MD5
```

You could simplify that to something like this:

/etc/pam.d/system-auth-gentoo-vmail:

```
#%PAM-1.0

auth    optional        pam_mysql.so host=localhost db=mailsql user=mailsql passwd=**password** table=users usercolumn=email passwdcolumn=crypt crypt=1

account required        pam_mysql.so host=localhost db=mailsql user=mailsql passwd=**password** table=users usercolumn=email passwdcolumn=crypt crypt=1
```

/etc/pam.d/pop:

```
# Provided by mailbase (dont remove this line!)

# Standard pam.d file for mail service packages.

# $Header: /var/cvsroot/gentoo-x86/net-mail/mailbase/files/common-pamd,v 1.1 2005/02/10 21:44:24 ferdy Exp $

auth       optional     pam_stack.so service=system-auth-gentoo-vmail

account    required     pam_stack.so service=system-auth-gentoo-vmail
```

/etc/pam.d/imap:

```
# Provided by mailbase (dont remove this line!)

# Standard pam.d file for mail service packages.

# $Header: /var/cvsroot/gentoo-x86/net-mail/mailbase/files/common-pamd,v 1.1 2005/02/10 21:44:24 ferdy Exp $

auth       optional     pam_stack.so service=system-auth-gentoo-vmail

account    required     pam_stack.so service=system-auth-gentoo-vmail
```

/etc/pam.d/smtp:

```
# $Header: /var/cvsroot/gentoo-x86/mail-mta/postfix/files/smtp.pam,v 1.2 2004/07/18 03:26:56 dragonheart Exp $

auth       optional     pam_stack.so service=system-auth-gentoo-vmail

account    required     pam_stack.so service=system-auth-gentoo-vmail
```

cheers

SteveB

----------

## steveb

hanj: Is the system you have configured, accessable from the internet? If so, could you create me an account on that system and mail me my username and password to the steeeeeveee@gmx.net email?

I could then try to connect from my client to look if I can get the secure connection. If this works, then we could limit the problem to the client and not to the server. After that you can purge my account.

cheers

SteveB

----------

## hanj

Hello SteveB

I verified that those files are correct.. and they are. I'm really wondering if it's another issue. No matter what I cannot change the log verbosity or see the output of sql_verbose in either /var/log/messages or /var/log/mail.log. I'm wondering if config is not loading up properly?? Or if something else is not acting nice.

Are you using the latest ebuild for cyrus-sasl? Or are you still patching sasl by hand?

Thanks

hanji

----------

## j-m

```

MYSQL_UID_FIELD         uid

MYSQL_GID_FIELD         gid

```

It should be the name of the DB field, not value.  :Idea: 

----------

## hanj

Hello...

This is what I have:

```
MYSQL_UID_FIELD         uid

##NAME: MYSQL_GID_FIELD:0

#

# Numerical groupid of the account

MYSQL_GID_FIELD         gid
```

Aren't values in /etc/courier/authlib/authmysqlrc for POP? I have no problems POPing and using the crypted password.. just SMTP on send.

Thanks

hanji

----------

## j-m

Uhm, I actually don´t know who is having the problem know. I read the original question. What is your problem? Courier is not a SMTP server, why don´t you start another thread  :Confused: 

----------

## hanj

OK.. started new thread:

https://forums.gentoo.org/viewtopic-p-2147240.html#2147240

thanks

hanji

----------

