Re: SASL plain authentication failed; unable to lookup user record

Fri, 04 Dec 2009 13:24:09 -0800 

Patrick Ben Koetter wrote:

* JP <post...@postfix.exjay.com>:

i'll guess the solution to my problem will be something simple and
obvious, because i know i ain't the first person to do this, but i've
been staring at it for days and can't see what's wrong.

os x snow leopard server; postfix 2.5.5; dovecot 1.1.17apple0.5

trying to get SMTP auth working via SASL.  using a plain password
scheme and plain auth scheme over SSL.  client is apple mail.
deliveries are working, and dovecot's pop3s and imaps are working
just fine.  but when i attempt to use smtp auth, postfix says

SASL plain authentication failed
unable to lookup user record


Your Postfix uses Dovecot SASL. Have you tried to authenticate using a telnet
session, sending AUTH identity on command line?

p...@rick



scoured months worth of list archives and didn't see anything
specific to this.  other eyes are appreciated!  thanks.

# postconf -n
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
enable_server_options = yes
header_checks = pcre:/etc/postfix/custom_header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mail_owner = _postfix
mailbox_size_limit = 0
mailbox_transport = dovecot
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 10485760
mydomain = example.com
mydomain_fallback = localhost
mynetworks = 127.0.0.0/8,192.168.61.0/24
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated
reject
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
smtpd_pw_server_security_options = plain, login cram-md5
smtpd_recipient_restrictions = permit_sasl_authenticated
permit_mynetworks reject_unauth_destination check_policy_service
unix:private/policy reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile =
/etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.chain.pem
smtpd_tls_cert_file =
/etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.cert.pem
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
smtpd_tls_key_file =
/etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.key.pem
smtpd_use_pw_server = yes
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps =
virtual_gid_maps = static:5000
virtual_mailbox_base = /etc/postfix/datastore
virtual_mailbox_domains = osx.example.com
virtual_mailbox_maps = hash:/etc/postfix/datausers
virtual_minimum_uid = 100
virtual_uid_maps = static:5000




# dovecotd -n
# 1.1.17apple0.5: /private/etc/dovecot/dovecot.conf
Warning: fd limit 256 is lower than what Dovecot can use under full load
(more than 456). Either grow the limit or change
login_max_processes_count and max_mail_processes settings
# OS: Darwin 10.2.0 i386  hfs
base_dir: /var/run/dovecot
syslog_facility: local6
protocols: pop3s imaps
ssl_cert_file:
/etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.cert.pem
ssl_key_file:
/etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.key.pem
ssl_cipher_list: ALL:!LOW:!SSLv2:!aNULL:!ADH:!eNULL
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
login_user: _dovecot
login_process_per_connection: no
max_mail_processes: 200
mail_max_userip_connections(default): 20
mail_max_userip_connections(imap): 20
mail_max_userip_connections(pop3): 10
verbose_proctitle: yes
first_valid_uid: 6
first_valid_gid: 6
mail_access_groups: mail
mail_location: maildir:/etc/postfix/datastore/%d/%n
mail_debug: yes
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_process_sharing: full
mail_max_connections: 5
mail_plugins(default): quota imap_quota
mail_plugins(imap): quota imap_quota
mail_plugins(pop3): quota
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
auth default:
  verbose: yes
  debug: yes
  debug_passwords: yes
  passdb:
    driver: passwd-file
    args: username_format=%n /etc/postfix/datastore/%d-passwd
  userdb:
    driver: passwd-file
    args: username_format=%n /etc/postfix/datastore/%d-passwd
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: postfix
plugin:
  quota_warning: storage=100%% /usr/libexec/dovecot/quota-exceeded.sh
  quota: maildir:User quota
  sieve: /var/spool/imap/dovecot/sieve-scripts/%u/dovecot.sieve






>
> Your Postfix uses Dovecot SASL. Have you tried to authenticate using a > telnet 
> session, sending AUTH identity on command line?
>
> p...@rick




yes, i have.

Escape character is '^]'.
220 osx-106.example.com ESMTP Postfix
EHLO foobie.example.com
250-osx-106.example.com
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN CRAM-MD5
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN 1a1dc91c907325c69271ddf0c944bc72blahblahblah
535 Error: authentication failed

Reply via email to