1

The following tutorial has been used to setup a virtual mail server:

How to set up a mail server on a GNU / Linux system

Everything works fine, though every time a message is being sent the following errors appear:

mail postfix/smtpd[10569]: warning: SASL authentication failure: client response doesn't match what we generated (tried bogus)
mail postfix/smtpd[10569]: warning: unknown[so.me.ext.ip]: SASL DIGEST-MD5 authentication failed: authentication failure
mail postfix/smtpd[10569]: 1298562035: client=unknown[so.me.ext.ip], sasl_method=LOGIN, [email protected]

and then it continues and sends the message.

According to this, etc/postfix/sasl/smtpd.conf

pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
log_level: 7
allow_plaintext: true
auxprop_plugin: sql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mailuser
sql_passwd: mailpassword
sql_database: maildb
sql_select: select crypt from users where id='%u@%r' and enabled = 1

works fine except the digest-md5 part which then moves directly to login (and successfully sends the message).

Furthermore, /etc/default/saslauthd (omitted # text)

START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
#OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"
OPTIONS="-r -c -m /var/run/saslauthd"

Works without a problem under the chroot environment of postfix or else the error would be

warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

It is an old setup that has worked like a charm for about four years already, still i want to make sure that those messages doesn't mean something has broken in between.

Ioannis
  • 21
  • 6

1 Answers1

2

Your question helped me dig... I've recently upgraded my mail server from Ubuntu 14.04 LTS to 18.04 LTS and it's been a nightmare. But finally everything is working :)

Your error:

SASL authentication failure: client response doesn't match what we generated (tried bogus)

was caused by my config in /etc/postfix/sasl/smtpd.conf containing:

mech_list: plain login cram-md5 digest-md5

The Postfix SASL Howto states that only plain & login are supported, and "authentication will fail if clients are allowed to choose other mechanisms", so the line should read:

mech_list: plain login

The last line:

warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

is caused by postfix now being run in a chroot, and /var/run/saslauthd/ has moved to /var/spool/postfix/var/run/saslauthd/.

This is set at the end of /etc/default/saslauthd:

OPTIONS="-c -r -m /var/spool/postfix/var/run/saslauthd"

Note that I added the -r flag to include the realm when authenticating (eg: it will authenticate using [email protected] instead of aaron).

Finally I also had to create /etc/pam.d/smtp with the following:

auth    required   pam_mysql.so user=mail passwd=******** host=******** db=maildb table=users usercolumn=id passwdcolumn=crypt crypt=1
account sufficient pam_mysql.so user=mail passwd=******** host=******** db=maildb table=users usercolumn=id passwdcolumn=crypt crypt=1

I'm sure you've long figured this by now, but I'm sharing anyway to save some other poor soul from gray hairs. Postgreys... :/

nevelis
  • 121
  • 3