# sasl > 2.1.5-r2 dosen't seem to like postfix

## Shizatoga

Several times I have attempted to update my version of sasl from 2.1.5-r2,  each time to no avail. When I update to the newer version smtp_auth stops working and I get this wonderus error

```
postfix/smtpd[19476]: warning: SASL authentication failure: Password verification failed
```

I have tried used verious version of postfix, including the latest 1.1.11.20020917. 

My /usr/lib/sasl2/smtpd.conf file is as follows:

```
pwcheck_method:saslauthd
```

and my /etc/pam.d/smtp file contains:

```
auth    required        /lib/security/pam_pwdb.so nullok shadow

account required        /lib/security/pam_pwdb.so
```

Any help?

----------

## chardros

Did you set pwcheck_method to pam in /usr/lib/sasl/smtpd.conf after upgrading sasl?

----------

## Shizatoga

I did change /usr/lib/sasl2/smtpd.conf to pam with no succses. Do I need to use /usr/lib/sasl/ instead?

----------

## chardros

No, sorry - sasl2 is correct.  What do your sasl config options look like from your postfix main.cf?

Are you running postfix chrooted?

----------

## Shizatoga

Its not chroot'ed, that had many other magical problems  :Wink: 

```

#SASL STUFF

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = $myhostname

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions =

    permit_sasl_authenticated,

    permit_mynetworks,

    check_relay_domains

```

----------

## chardros

Very strange - this *is* functioning with 2.1.5 correct?  Your new saslauthd daemon isn't dying or anything is it?  Have you tried enabling verbose logging?  If not, throw a -v or two on the end of your "smtp      inet     n     ..." line in master.cf.  Might spit out a few more clues as to what's going on.  I'll take a look at it here if ya want.

----------

## Shizatoga

Sasl 2.1.5 works great, except LOGIN dosen't seem to work, hence the want to update. 

Sasl isn't dieing, 5 happy instances are up and running.

Here is a dump from a failed attempt to send a message with sasl 2.1.7-r1 with the "-v" added to both smtp and ssmtp lines of master.cf:

```

Sep 24 10:09:19 necronomicon postfix/smtpd[6207]: SSL_accept:SSLv3 flush data

Sep 24 10:09:19 necronomicon postfix/smtpd[6207]: TLS connection established from pou-1-10-19.tscnet.net[66.152.73.19]: TLSv1 with cipher RC4-MD5 (128/128 bits)Sep 24 10:09:19 necronomicon postfix/smtpd[6207]: > pou-1-10-19.tscnet.net[66.152.73.19]: 220 mail.myserver.org ESMTP Postfix

Sep 24 10:09:19 necronomicon postfix/smtpd[6207]: connect from pou-1-10-19.tscnet.net[66.152.73.19]

Sep 24 10:09:19 necronomicon postfix/smtpd[6207]: watchdog_pat: 0x8096530

Sep 24 10:09:20 necronomicon postfix/smtpd[6207]: < pou-1-10-19.tscnet.net[66.152.73.19]: EHLO [192.168.0.148]

Sep 24 10:09:20 necronomicon postfix/smtpd[6207]: > pou-1-10-19.tscnet.net[66.152.73.19]: 250-mail.myserver.org

Sep 24 10:09:20 necronomicon postfix/smtpd[6207]: > pou-1-10-19.tscnet.net[66.152.73.19]: 250-PIPELINING

Sep 24 10:09:20 necronomicon postfix/smtpd[6207]: > pou-1-10-19.tscnet.net[66.152.73.19]: 250-SIZE 10240000

Sep 24 10:09:20 necronomicon postfix/smtpd[6207]: > pou-1-10-19.tscnet.net[66.152.73.19]: 250-VRFY

Sep 24 10:09:20 necronomicon postfix/smtpd[6207]: > pou-1-10-19.tscnet.net[66.152.73.19]: 250-ETRN

Sep 24 10:09:20 necronomicon postfix/smtpd[6207]: > pou-1-10-19.tscnet.net[66.152.73.19]: 250-AUTH LOGIN PLAIN OTP DIGEST-MD5 CRAM-MD5

Sep 24 10:09:20 necronomicon postfix/smtpd[6207]: > pou-1-10-19.tscnet.net[66.152.73.19]: 250-AUTH=LOGIN PLAIN OTP DIGEST-MD5 CRAM-MD5

Sep 24 10:09:20 necronomicon postfix/smtpd[6207]: > pou-1-10-19.tscnet.net[66.152.73.19]: 250-XVERP

Sep 24 10:09:20 necronomicon postfix/smtpd[6207]: > pou-1-10-19.tscnet.net[66.152.73.19]: 250 8BITMIME

Sep 24 10:09:20 necronomicon postfix/smtpd[6207]: watchdog_pat: 0x8096530

Sep 24 10:09:24 necronomicon postfix/smtpd[6207]: < pou-1-10-19.tscnet.net[66.152.73.19]: AUTH PLAIN AHNlYmwATWZHMzIxIQ==

Sep 24 10:09:24 necronomicon postfix/smtpd[6207]: smtpd_sasl_authenticate: sasl_method PLAIN, init_response AHNlYmwATWZHMzIxIQ==

Sep 24 10:09:24 necronomicon postfix/smtpd[6207]: smtpd_sasl_authenticate: decoded initial response 

Sep 24 10:09:26 necronomicon postfix/smtpd[6207]: warning: SASL authentication failure: Password verification failed

Sep 24 10:09:26 necronomicon postfix/smtpd[6207]: warning: pou-1-10-19.tscnet.net[66.152.73.19]: SASL PLAIN authentication failed

Sep 24 10:09:26 necronomicon postfix/smtpd[6207]: > pou-1-10-19.tscnet.net[66.152.73.19]: 535 Error: authentication failed

Sep 24 10:09:27 necronomicon postfix/smtpd[6207]: watchdog_pat: 0x8096530

Sep 24 10:10:56 necronomicon postfix/smtpd[6207]: < pou-1-10-19.tscnet.net[66.152.73.19]: QUIT

Sep 24 10:10:56 necronomicon postfix/smtpd[6207]: > pou-1-10-19.tscnet.net[66.152.73.19]: 221 Bye

Sep 24 10:10:56 necronomicon postfix/smtpd[6207]: disconnect from pou-1-10-19.tscnet.net[66.152.73.19]

Sep 24 10:10:56 necronomicon postfix/smtpd[6207]: master_notify: status 1

Sep 24 10:10:56 necronomicon postfix/smtpd[6207]: connection closed

Sep 24 10:10:56 necronomicon postfix/smtpd[6207]: watchdog_stop: 0x8096530

Sep 24 10:10:56 necronomicon postfix/smtpd[6207]: watchdog_start: 0x8096530

```

----------

## chardros

Shoulda mentioned this too... try starting saslauthd like this:

saslauthd -pam -T -d

This will get some reporting on what's going on from the authd.

----------

## Shizatoga

Here is the dump with saslauthd -a pam -T -d:

```

Sep 25 14:38:43 necronomicon postfix/smtpd[5709]: SSL_accept:SSLv3 flush data

Sep 25 14:38:43 necronomicon postfix/smtpd[5709]: TLS connection established fro

m pou-1-10-83.tscnet.net[66.152.73.83]: TLSv1 with cipher RC4-MD5 (128/128 bits)

Sep 25 14:38:43 necronomicon postfix/smtpd[5709]: > pou-1-10-83.tscnet.net[66.15

2.73.83]: 220 mail.myserver.org ESMTP Postfix

Sep 25 14:38:43 necronomicon postfix/smtpd[5709]: connect from pou-1-10-83.tscne

t.net[66.152.73.83]

Sep 25 14:38:43 necronomicon postfix/smtpd[5709]: watchdog_pat: 0x8096530

Sep 25 14:38:43 necronomicon postfix/smtpd[5709]: < pou-1-10-83.tscnet.net[66.15

2.73.83]: EHLO [192.168.0.148]

Sep 25 14:38:43 necronomicon postfix/smtpd[5709]: > pou-1-10-83.tscnet.net[66.15

2.73.83]: 250-mail.myserver.org

Sep 25 14:38:43 necronomicon postfix/smtpd[5709]: > pou-1-10-83.tscnet.net[66.15

2.73.83]: 250-PIPELINING

Sep 25 14:38:43 necronomicon postfix/smtpd[5709]: > pou-1-10-83.tscnet.net[66.15

2.73.83]: 250-SIZE 10240000

Sep 25 14:38:43 necronomicon postfix/smtpd[5709]: > pou-1-10-83.tscnet.net[66.15

2.73.83]: 250-VRFY

Sep 25 14:38:43 necronomicon postfix/smtpd[5709]: > pou-1-10-83.tscnet.net[66.15

2.73.83]: 250-ETRN

Sep 25 14:38:43 necronomicon postfix/smtpd[5709]: > pou-1-10-83.tscnet.net[66.15

2.73.83]: 250-AUTH LOGIN PLAIN OTP DIGEST-MD5 CRAM-MD5

Sep 25 14:38:43 necronomicon postfix/smtpd[5709]: > pou-1-10-83.tscnet.net[66.15

2.73.83]: 250-AUTH=LOGIN PLAIN OTP DIGEST-MD5 CRAM-MD5

Sep 25 14:38:43 necronomicon postfix/smtpd[5709]: > pou-1-10-83.tscnet.net[66.15

2.73.83]: 250-XVERP

Sep 25 14:38:43 necronomicon postfix/smtpd[5709]: > pou-1-10-83.tscnet.net[66.15

2.73.83]: 250 8BITMIME

Sep 25 14:38:43 necronomicon postfix/smtpd[5709]: watchdog_pat: 0x8096530

Sep 25 14:38:48 necronomicon postfix/smtpd[5709]: < pou-1-10-83.tscnet.net[66.15

2.73.83]: AUTH PLAIN AHNlYmwATWZHMzIxIQ==

Sep 25 14:38:48 necronomicon postfix/smtpd[5709]: smtpd_sasl_authenticate: sasl_

method PLAIN, init_response AHNlYmwATWZHMzIxIQ==

Sep 25 14:38:48 necronomicon postfix/smtpd[5709]: smtpd_sasl_authenticate: decod

ed initial response 

Sep 25 14:38:48 necronomicon postfix/smtpd[5709]: warning: SASL authentication p

roblem: unknown password verifier 

Sep 25 14:38:48 necronomicon postfix/smtpd[5709]: warning: SASL authentication f

ailure: Password verification failed

Sep 25 14:38:48 necronomicon postfix/smtpd[5709]: warning: pou-1-10-83.tscnet.ne

t[66.152.73.83]: SASL PLAIN authentication failed

Sep 25 14:38:48 necronomicon postfix/smtpd[5709]: > pou-1-10-83.tscnet.net[66.15

2.73.83]: 535 Error: authentication failed

Sep 25 14:38:49 necronomicon postfix/smtpd[5709]: watchdog_pat: 0x8096530

Sep 25 14:38:50 necronomicon postfix/smtpd[5709]: < pou-1-10-83.tscnet.net[66.15

2.73.83]: QUIT

Sep 25 14:38:50 necronomicon postfix/smtpd[5709]: > pou-1-10-83.tscnet.net[66.15

2.73.83]: 221 Bye

Sep 25 14:38:50 necronomicon postfix/smtpd[5709]: disconnect from pou-1-10-83.ts

cnet.net[66.152.73.83]

Sep 25 14:38:50 necronomicon postfix/smtpd[5709]: master_notify: status 1

Sep 25 14:38:50 necronomicon postfix/smtpd[5709]: connection closed

Sep 25 14:38:50 necronomicon postfix/smtpd[5709]: watchdog_stop: 0x8096530

Sep 25 14:38:50 necronomicon postfix/smtpd[5709]: watchdog_start: 0x8096530

```

This looks interesting:

```

Sep 25 14:38:48 necronomicon postfix/smtpd[5709]: warning: SASL authentication p

roblem: unknown password verifier 
```

I also tired the following with the same results:

saslauthd -a shadow -T -d

saslauthd -a getpwent -t -d

----------

