Unable to authenticate
My installation of Postfix has been running without a problem for over two years. Suddenly it refused to accept mail from my MUA Claws-Mail. This is the output of the claws mail log: [13:19:59] SMTP 220 scorpio.seibercom.net ESMTP Postfix (2.10-20121031) [13:19:59] ESMTP EHLO scorpio [13:19:59] ESMTP 250-scorpio.seibercom.net [13:19:59] ESMTP 250-PIPELINING [13:19:59] ESMTP 250-SIZE 26214400 [13:19:59] ESMTP 250-ETRN [13:19:59] ESMTP 250-STARTTLS [13:19:59] ESMTP 250-ENHANCEDSTATUSCODES [13:19:59] ESMTP 250-8BITMIME [13:19:59] ESMTP 250 DSN ** No SMTP AUTH method available [13:19:59] ESMTP STARTTLS [13:19:59] ESMTP 220 2.0.0 Ready to start TLS [13:20:00] ESMTP EHLO scorpio [13:20:00] ESMTP 250-scorpio.seibercom.net [13:20:00] ESMTP 250-PIPELINING [13:20:00] ESMTP 250-SIZE 26214400 [13:20:00] ESMTP 250-ETRN [13:20:00] ESMTP 250-AUTH CRAM-MD5 DIGEST-MD5 PLAIN LOGIN [13:20:00] ESMTP 250-AUTH=CRAM-MD5 DIGEST-MD5 PLAIN LOGIN [13:20:00] ESMTP 250-ENHANCEDSTATUSCODES [13:20:00] ESMTP 250-8BITMIME [13:20:00] ESMTP 250 DSN [13:20:00] ESMTP AUTH CRAM-MD5 [13:20:00] ESMTP 334 PDYzNzUyMDA4NC4xNTQwNTYwMEBzY29ycGlvLnNlaWJlcmNvbS5uZXQ+ [13:20:00] ESMTP [Decoded: 637520084.15405...@scorpio.seibercom.net] [13:20:00] ESMTP [Encoded: gerard e4c26c028b7ad6537f6abfe9ba2b960b] [13:20:00] ESMTP Z2VyYXJkIGU0YzI2YzAyOGI3YWQ2NTM3ZjZhYmZlOWJhMmI5NjBi [13:20:00] ESMTP 535 5.7.8 Error: authentication failed: no mechanism available. For assistance, please provide the following information in your problem report: time (Jan 07 13:20:00), client (76.182.104.150) and server (scorpio.seibercom.net). ** error occurred on authentication *** Authentication failed: 535 5.7.8 Error: authentication failed: no mechanism available. For assistance, please provide the following information in your problem report: time (Jan 07 13:20:00), client (76.182.104.150) and server (scorpio.seibercom.net). This is from the maillog: Jan 7 13:19:30 scorpio postfix/smtpd[11214]: connect from cpe-076-182-104-150.nc.res.rr.com[76.182.104.150] Jan 7 13:19:30 scorpio postfix/smtpd[11214]: warning: cpe-076-182-104-150.nc.res.rr.com[76.182.104.150]: SASL CRAM-MD5 authentication failed: no mechanism available Jan 7 13:19:30 scorpio postfix/smtpd[11214]: lost connection after AUTH from cpe-076-182-104-150.nc.res.rr.com[76.182.104.150] Jan 7 13:19:30 scorpio postfix/smtpd[11214]: disconnect from cpe-076-182-104-150.nc.res.rr.com[76.182.104.150] Jan 7 13:19:59 scorpio postfix/smtpd[11214]: connect from cpe-076-182-104-150.nc.res.rr.com[76.182.104.150] Jan 7 13:20:00 scorpio postfix/smtpd[11214]: warning: cpe-076-182-104-150.nc.res.rr.com[76.182.104.150]: SASL CRAM-MD5 authentication failed: no mechanism available Jan 7 13:20:00 scorpio postfix/smtpd[11214]: lost connection after AUTH from cpe-076-182-104-150.nc.res.rr.com[76.182.104.150] Jan 7 13:20:00 scorpio postfix/smtpd[11214]: disconnect from cpe-076-182-104-150.nc.res.rr.com[76.182.104.150] I even tried with new passwords, the ones shown above, but the problem remains. ~ $ postconf -n alias_database = hash:/usr/local/etc/postfix/aliases alias_maps = $alias_database authorized_submit_users = !www, static:all broken_sasl_auth_clients = yes canonical_maps = hash:/usr/local/etc/postfix/canonical command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id sleep 5 delay_warning_time = 12h disable_vrfy_command = yes dovecot_destination_recipient_limit = 1 enable_long_queue_ids = yes html_directory = /usr/local/share/doc/postfix inet_protocols = ipv4 mail_owner = postfix mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man message_size_limit = 26214400 milter_default_action = accept mydestination = mydomain = seibercom.net myhostname = scorpio.seibercom.net mynetworks = 127.0.0.0/8 192.168.1.1/32 192.168.1.2/31 192.168.1.4/30 192.168.1.8/29 192.168.1.16/28 192.168.1.32/27 192.168.1.64/27 192.168.1.96/29 192.168.1.104/31 192.168.1.106/32 mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix recipient_delimiter = + sample_directory = /usr/local/etc/postfix sender_dependent_relayhost_maps = mysql:/usr/local/etc/postfix/mysql-sender_relay sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtp_sasl_auth_enable = yes smtp_sasl_password_maps = mysql:/usr/local/etc/postfix/mysql-sasl_passwd smtp_sasl_security_options = noanonymous smtp_sasl_type = cyrus smtp_sender_dependent_authentication = yes smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem smtp_tls_CApath = /usr/local/etc/postfix/certs/ smtp_tls_note_starttls_offer = yes smtp_tls_policy_maps = hash:/usr/local/etc/postfix/tls_policy smtp_tls_security_level = may
Re: Unable to authenticate
On 1/7/2013 12:32 PM, Gerard Seibert wrote: My installation of Postfix has been running without a problem for over two years. Suddenly it refused to accept mail from my MUA Claws-Mail. This is the output of the claws mail log: ... [13:20:00] ESMTP 250-AUTH CRAM-MD5 DIGEST-MD5 PLAIN LOGIN [13:20:00] ESMTP 250-AUTH=CRAM-MD5 DIGEST-MD5 PLAIN LOGIN OK, AUTH is offered with CRAM-MD5 and others. [13:20:00] ESMTP AUTH CRAM-MD5 [13:20:00] ESMTP 334 PDYzNzUyMDA4NC4xNTQwNTYwMEBzY29ycGlvLnNlaWJlcmNvbS5uZXQ+ The client tries to AUTH with CRAM-MD5... [13:20:00] ESMTP 535 5.7.8 Error: authentication failed: no mechanism available. For assistance, please provide the following information in your problem report: time (Jan 07 13:20:00), client (76.182.104.150) and server (scorpio.seibercom.net). ... but CRAM-MD5 is broken. This looks like some sort of problem in the SASL backend. ~ $ postconf -n ... dovecot_destination_recipient_limit = 1 Looks as if you're using Dovecot. smtp_sasl_type = cyrus You've defined cyrus for outgoing SASL. That's probably OK since dovecot doesn't provide outgoing SASL. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination Appears you're using a recent postfix snapshot. Obviously some things have changed in the last 2 years, so suddenly stopped working isn't entirely accurate. smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous smtpd_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem I don't see smtpd_sasl_type listed. The default type is cyrus. Is that what you intend? Looks as if you're using dovecot elsewhere. -- Noel Jones
Re: Unable to authenticate
On Mon, 07 Jan 2013 13:09:26 -0600 Noel Jones articulated: On 1/7/2013 12:32 PM, Gerard Seibert wrote: My installation of Postfix has been running without a problem for over two years. Suddenly it refused to accept mail from my MUA Claws-Mail. This is the output of the claws mail log: ... [13:20:00] ESMTP 250-AUTH CRAM-MD5 DIGEST-MD5 PLAIN LOGIN [13:20:00] ESMTP 250-AUTH=CRAM-MD5 DIGEST-MD5 PLAIN LOGIN OK, AUTH is offered with CRAM-MD5 and others. [13:20:00] ESMTP AUTH CRAM-MD5 [13:20:00] ESMTP 334 PDYzNzUyMDA4NC4xNTQwNTYwMEBzY29ycGlvLnNlaWJlcmNvbS5uZXQ+ The client tries to AUTH with CRAM-MD5... [13:20:00] ESMTP 535 5.7.8 Error: authentication failed: no mechanism available. For assistance, please provide the following information in your problem report: time (Jan 07 13:20:00), client (76.182.104.150) and server (scorpio.seibercom.net). ... but CRAM-MD5 is broken. This looks like some sort of problem in the SASL backend. ~ $ postconf -n ... dovecot_destination_recipient_limit = 1 Looks as if you're using Dovecot. smtp_sasl_type = cyrus You've defined cyrus for outgoing SASL. That's probably OK since dovecot doesn't provide outgoing SASL. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination Appears you're using a recent postfix snapshot. Obviously some things have changed in the last 2 years, so suddenly stopped working isn't entirely accurate. smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous smtpd_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem I don't see smtpd_sasl_type listed. The default type is cyrus. Is that what you intend? Looks as if you're using dovecot elsewhere. I discovered the problem. One of my soon to be EX associates updated some applications on the machine last night. One of them being cyrus-sasl2 port. They failed to compile either mysql or bdb support into the program. Once I became aware of the problem I simple recompiled the port and now all is well with the world again. -- Jerry ✌ postfix-u...@seibercom.net _ TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
Re: Unable to authenticate
On Mon, Jan 07, 2013 at 02:34:07PM -0500, Jerry wrote: On Mon, 07 Jan 2013 13:09:26 -0600 Noel Jones articulated: On 1/7/2013 12:32 PM, Gerard Seibert wrote: [postconf -n] I don't see smtpd_sasl_type listed. The default type is cyrus. Is that what you intend? Looks as if you're using dovecot elsewhere. I discovered the problem. One of my soon to be EX associates updated some applications on the machine last night. One of them being cyrus-sasl2 port. They failed to compile either mysql or bdb support into the program. Once I became aware of the problem I simple recompiled the port and now all is well with the world again. I would not say ALL is well. If you're using Dovecot IMAP, it makes no sense at all not to use Dovecot SASL. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject: