Re: Postfix SASL auth problem in OpenBSD 5.6
On Nov 15, 2014, at 9:00 AM, giacomo wrote: > Hi at all, > > Recently I have upgrade my system from OpenBSD 5.4 to 5.5 and 5.6. > In old system I installed the port of Postfix with SASL and MySQL support. > In the 5.4 the program work fine. After the two aupgrade with the same > configuration I have problem with authentication. > If try to test with > > # telnet localhost 25 > Trying 127.0.0.1... > Connected to localhost. > Escape carecter is '^]'. > 220 mail1.home.it ESMTP Postfix > ehlo tin.it > 250-mail1.home.it > 250-PIPELINING > 250-SIZE 1024 > 250-VRFY > 250-ETRN > 250-STARTTLS > 250-AUTH PLAIN LOGIN > 250-AUTH=PLAIN LOGIN > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN > AUTH PLAIN encryptedpassword > 535 5.7.8 Error: authentication failed: generic failure > quit > 221 2.0.0 Bye > Connection closed by foreign host. > > My /var/log/maillog show: > > Nov 15 11:55:51 mail1 postfix/smtpd[31957]: initializing the server-side TLS > engine > Nov 15 11:55:51 mail1 postfix/smtpd[31957]: connect from localhost[127.0.0.1] > Nov 15 11:56:03 mail1 postfix/smtpd[31957]: warning: SASL authentication > failure: could not verify password > Nov 15 11:56:03 mail1 postfix/smtpd[31957]: warning: SASL authentication > failure: Password verification failed > Nov 15 11:56:03 mail1 postfix/smtpd[31957]: warning: localhost[127.0.0.1]: > SASL PLAIN authentication failed: generic failure > Nov 15 11:56:03 mail1 authdaemond: Authenticated: sysusername=, > sysuserid=2000, sysgroupid=2000, homedir=/var/vmail, address=mai...@home.it, > fullname=Mail Admin, mail$ > Nov 15 11:56:03 mail1 authdaemond: Authenticated: clearpasswd=clear, > passwd=encrypted > Nov 15 11:56:06 mail1 postfix/smtpd[31957]: disconnect from > localhost[127.0.0.1] > > Postfix don't authenticate the user but the authdaemond yes. postfix/smtpd[9370]: 6276A9E9CA: client=unknown[X.X.X.X], sasl_method=PLAIN, sasl_username=ed...@pettijohn.no-ip.biz This is the logs from my system running OpenBSD 5.6, but with the postfix-mysql package with dovecot for imap/sasl. I'm guessing you're using Cyrus Sasl. These links may help: http://www.cyrusimap.org/docs/cyrus-sasl/2.1.25/ http://www.postfix.org/SASL_README.html
Re: Postfix SASL auth problem in OpenBSD 5.6
On 15.11.14, 10:51, Edgar Pettijohn III wrote: > On Nov 15, 2014, at 9:00 AM, giacomo wrote: > > > Hi at all, > > > > Recently I have upgrade my system from OpenBSD 5.4 to 5.5 and 5.6. > > In old system I installed the port of Postfix with SASL and MySQL support. > > In the 5.4 the program work fine. After the two aupgrade with the same > > configuration I have problem with authentication. > > 535 5.7.8 Error: authentication failed: generic failure > > quit > > 221 2.0.0 Bye > > Connection closed by foreign host. > > > > My /var/log/maillog show: > > > > Nov 15 11:55:51 mail1 postfix/smtpd[31957]: initializing the server-side > > TLS engine > > Nov 15 11:55:51 mail1 postfix/smtpd[31957]: connect from > > localhost[127.0.0.1] > > Nov 15 11:56:03 mail1 postfix/smtpd[31957]: warning: SASL authentication > > failure: could not verify password > > Nov 15 11:56:03 mail1 postfix/smtpd[31957]: warning: SASL authentication > > failure: Password verification failed > > Nov 15 11:56:03 mail1 postfix/smtpd[31957]: warning: localhost[127.0.0.1]: > > SASL PLAIN authentication failed: generic failure > > Nov 15 11:56:03 mail1 authdaemond: Authenticated: sysusername=, > > sysuserid=2000, sysgroupid=2000, homedir=/var/vmail, > > address=mai...@home.it, fullname=Mail Admin, mail$ > > Nov 15 11:56:03 mail1 authdaemond: Authenticated: clearpasswd=clear, > > passwd=encrypted > > Nov 15 11:56:06 mail1 postfix/smtpd[31957]: disconnect from > > localhost[127.0.0.1] > > > > Postfix don't authenticate the user but the authdaemond yes. > > > postfix/smtpd[9370]: 6276A9E9CA: client=unknown[X.X.X.X], sasl_method=PLAIN, > sasl_username=ed...@pettijohn.no-ip.biz > > This is the logs from my system running OpenBSD 5.6, but with the > postfix-mysql package with dovecot for imap/sasl. I'm guessing you're using > Cyrus Sasl. These links may help: Hi. Yes I use SASL with Cyrus. > > http://www.cyrusimap.org/docs/cyrus-sasl/2.1.25/ Thanks. I search in this page for some idea. > http://www.postfix.org/SASL_README.html This page I know it. The configuration of my system is the same indicated in this documentation. Is there a way to control how postfix uses the SASL/Cyrus configuration? How to debug the application in OpenBSD? Thanks. -- Isaia Luciano -- Le informazioni contenute nella presente e-mail e nei documenti/files eventualmente allegati sono confidenziali. Essi sono riservati esclusivamente al destinatario della stessa. La loro eventuale comunicazione, diffusione o, comunque, rivelazione a terzi, nonche' la copiatura e/o conservazione e' vietata. Se avete ricevuto questa e-mail per errore, Vi preghiamo cortesemente di informare immediatamente il mittente della stessa e di distruggerla o, comunque, cancellarla dal Vostro sistema. This e-mail contains confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error), please notify the sender immediately and destroy this e-mail. Any unauthorised communication, diffusion, disclosure and copy of the material in this e-mail is strictly forbidden. --
Re: Postfix SASL auth problem in OpenBSD 5.6
On Sat, Nov 15, 2014 at 7:00 AM, giacomo wrote: > Recently I have upgrade my system from OpenBSD 5.4 to 5.5 and 5.6. > In old system I installed the port of Postfix with SASL and MySQL support. > In the 5.4 the program work fine. After the two aupgrade with the same > configuration I have problem with authentication. What crypt(3) format was used for the passwords? In OpenBSD 5.6, support for MD5-style passwords where the hashed password starts with $1$ has been removed. Philip Guenther
Re: Postfix SASL auth problem in OpenBSD 5.6
On 16.11.14, 20:25, Philip Guenther wrote: > On Sat, Nov 15, 2014 at 7:00 AM, giacomo wrote: > > Recently I have upgrade my system from OpenBSD 5.4 to 5.5 and 5.6. > > In old system I installed the port of Postfix with SASL and MySQL support. > > In the 5.4 the program work fine. After the two aupgrade with the same > > configuration I have problem with authentication. > > What crypt(3) format was used for the passwords? > > In OpenBSD 5.6, support for MD5-style passwords where the hashed > password starts with $1$ has been removed. > > > Philip Guenther Thanks for your replay, I use Cyrus SASL library. The configuration of Postfix is the same in 5.4, 5.5 and 5.6 system but in 5.4 run well and the later not run. -- Isaia Luciano -- Le informazioni contenute nella presente e-mail e nei documenti/files eventualmente allegati sono confidenziali. Essi sono riservati esclusivamente al destinatario della stessa. La loro eventuale comunicazione, diffusione o, comunque, rivelazione a terzi, nonche' la copiatura e/o conservazione e' vietata. Se avete ricevuto questa e-mail per errore, Vi preghiamo cortesemente di informare immediatamente il mittente della stessa e di distruggerla o, comunque, cancellarla dal Vostro sistema. This e-mail contains confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error), please notify the sender immediately and destroy this e-mail. Any unauthorised communication, diffusion, disclosure and copy of the material in this e-mail is strictly forbidden. --
Re: Postfix SASL auth problem in OpenBSD 5.6
On Mon, Nov 17, 2014 at 12:22 PM, giacomo wrote: > On 16.11.14, 20:25, Philip Guenther wrote: >> On Sat, Nov 15, 2014 at 7:00 AM, giacomo wrote: >> > Recently I have upgrade my system from OpenBSD 5.4 to 5.5 and 5.6. >> > In old system I installed the port of Postfix with SASL and MySQL support. >> > In the 5.4 the program work fine. After the two aupgrade with the same >> > configuration I have problem with authentication. >> >> What crypt(3) format was used for the passwords? >> >> In OpenBSD 5.6, support for MD5-style passwords where the hashed >> password starts with $1$ has been removed. > > Thanks for your replay, > I use Cyrus SASL library. The configuration of Postfix is the same in > 5.4, 5.5 and 5.6 system but in 5.4 run well and the later not run. Let me try again. Your postfix+cyrus-sasl setup is storing passwords, in *some* checkable form, *somewhere*. Since this is cyrus-sasl, there are many possible places it could store them. You mention mysql, so maybe it's storing them there? Let's assume that. So, that leaves the *format* that they are stored in. *If* cyrus-sasl is storing them in crypt's MD5 format, then this would explain the problem: support for the MD5 format was removed from OpenBSD in 5.6. That's the most obvious explanation (to me) for why your setup stopped working, but we really don't have much to go on. But hey, they're your passwords, in a black box that you...don't know how to look into? Maybe you should familiarize yourself with how they're stored? I suggest that you read the cyrus-sasl docs and webpages and see what's in your config file and from that figure out what's going on. Philip Guenther
