I have an Ubuntu 8.04LTS system running Postfix 2.5.1. On that system SMTP AUTH runs *fine*. The contents of /etc/postfix/sasl/smtpd.conf are:
pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: PLAIN The SASL-related properties are: smtpd_sasl_type = cyrus smtpd_sasl_auth_enable = yes smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_local_domain = $myhostname When I do "sudo sasldblistusers2" I get: [email protected]: userPassword Like I said, that all works fine. However, I am trying to migrate this over to an Ubuntu 12.04LTS system running Postfix 2.9.3 and I just cannot get it to work. I'm doing everything the same, but postfix gives authentication failures every time. It's not the /etc/sasldb2 file. I've tried bringing over the file from the old system and that doesn't work. I've created a new file using saslpasswd2 -c -u mail.mydomain.com authusername and that doesn't work, though it *WILL* work on the old system if I copy it to the old system, which is how I know there's nothing wrong with the file. Likewise, I know postfix is seeing the smtpd.conf file. If I add more mechanisms to the mech_list line of the file, I see those extra mechanisms being advertised when I connect to the smtpd daemon. And when I remove them they go away again. So /etc/postfix/sasl/smtpd.conf is clearly getting used. I am testing both by using an actual mail client and by manually talking to the server after generating a token with this: perl -MMIME::Base64 -e 'print encode_base64("\000authusername\000thePassword");' then: openssl s_client -quiet -starttls smtp -connect the.newsystem.com:587 250 DSN EHLO example.com 250-the.newsystem.com 250-PIPELINING 250-SIZE 20971520 250-ETRN 250-AUTH PLAIN 250-AUTH=PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN AUTH PLAIN theBase64EncodedToken 535 5.7.8 Error: authentication failed: authentication failure But if I instead connect to the.oldsystem.com:587 and do the same thing, I get: 235 2.7.0 Authentication successful The output of saslfinger on the new machine is: sudoh saslfinger -s saslfinger - postfix Cyrus sasl configuration Sat Jul 21 00:24:24 EDT 2012 version: 1.0.4 mode: server-side SMTP AUTH -- basics -- Postfix: 2.9.3 System: Ubuntu 12.04 LTS \n \l -- smtpd is linked to -- libsasl2.so.2 => /usr/lib/i386-linux-gnu/libsasl2.so.2 (0xb76c5000) -- active SMTP AUTH and TLS parameters for smtpd -- broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous smtpd_sasl_type = cyrus smtpd_tls_CAfile = /etc/ssl/certs/MyCA.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/ssl/server.crt smtpd_tls_key_file = /etc/postfix/ssl/server.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 3600s -- listing of /usr/lib/sasl2 -- total 16 drwxr-xr-x 2 root root 4096 Jul 20 23:00 . drwxr-xr-x 67 root root 8192 Jul 20 21:25 .. -rw-r--r-- 1 root root 1 May 4 00:17 berkeley_db.txt -- listing of /etc/postfix/sasl -- total 20 drwxr-xr-x 2 root root 4096 Jul 20 21:29 . drwxr-xr-x 5 root root 4096 Jul 20 23:58 .. -rw-r--r-- 1 root root 64 Jul 20 21:29 smtpd.conf -- content of /etc/postfix/sasl/smtpd.conf -- pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: PLAIN -- content of /etc/postfix/sasl/smtpd.conf -- pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: PLAIN -- active services in /etc/postfix/master.cf -- # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) smtp inet n - - - - smtpd submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING [snipping the rest of the services] -- mechanisms on localhost -- -- end of saslfinger output -- -- Rich Carreiro [email protected]
