Postfix, saslauthd, mangled user names

Sun, 27 Jul 2014 07:18:06 -0700 

Helo,

I'm testing a system running postfix, SMTP AUTH and saslauthd that should 
accept SMTP authentication on the submission port.  This is working fine 
as long as I pass plain usernames without an @dom.ain part. 

When I try to pass usernames with a domain part (like "t...@example.org"), 
authentication fails, because the username gets mangled to "test.org". 
Look: (hostname redacted to "testhost")

chakl@gate:~$ perl -MMIME::Base64 -e 'print 
encode_base64("\000t...@example.org\000testpass")'
AHRlc3Qub3JnAHRlc3RwYXNz
chakl@gate:~$ date
Sun Jul 27 15:34:37 CEST 2014
chakl@gate:~$ telnet testhost 587
Trying testhost...
Connected to testhost.
Escape character is '^]'.
220 testhost
ehlo chakl
250-testhost
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth plain AHRlc3Qub3JnAHRlc3RwYXNz
535 5.7.8 Error: authentication failed: authentication failure

saslauthd syslog on testhost:

Jul 27 15:34:49 testhost saslauthd[12644]: do_auth         : auth failure: 
[user=test.org] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]

User "t...@example.org" is now "user=test.org".  Of course authentication 
will fail.  This is repoducible, "te...@foobar.net" will be "test2.net".

I have tried with and without passing the -r flag to saslauthd, and using 
SASL mechs pam and rimap, same results.  Somehow the username gets mangled 
between postfix and saslauthd.

Anyone got an idea why this happens?  Or how to work around this?


thanks,
chakl


System Config:  postfix 2.9.4, Suse Linux Enterprise 11 SP3. 

from /etc/postfix/master.cf:

submission inet n      -       n       -       -       smtpd
        -o smtpd_etrn_restrictions=reject
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject


postconf | grep smtpd_sasl:

smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus


/etc/sasl2/smtpd.conf:

pwcheck_method: saslauthd
mech_list: plain login


pgrep -lf saslauthd:

12643 /usr/sbin/saslauthd -r -a pam -n 5
12644 /usr/sbin/saslauthd -r -a pam -n 5
12645 /usr/sbin/saslauthd -r -a pam -n 5
12646 /usr/sbin/saslauthd -r -a pam -n 5
12647 /usr/sbin/saslauthd -r -a pam -n 5

Reply via email to