Quirin Maier:
> Hello,
>
> I've setup dovecot and postfix using dovecot sasl on samba4 ldap backend.
> I'd like to authenticate with user's email address as login. While dovecot
> authentication works,
> postfix authentication fails on 'AUTH PLAIN ...' with '535 5.7.8 Error:
> authentication failed:' Dovecot's debug log file shows:
>
> Aug 24 15:12:59 auth: Debug: client in: AUTH 1 PLAIN service=smtp nologin
> lip=xxx.xxx.xxx.xxx rip=xxx.xxx.xxx.xxx secured resp=<hidden>
> Aug 24 15:13:01 auth: Debug: client passdb out: FAIL 1 user=domain.tld
The base64-encoded content of the <hidden> text is exactly what
your SMTP client sends in the "AUTH PLAIN" command. Postfix passes
it through unchanged, without even trying to decode the string.
Thus, if your SMTP client sends a username of "domain.tld" then
your SMTP client is mis-configured.
To view the content of the <hidden> text:
perl -MMIME::Base64 -e \
'print decode_base64("AHVzZXJuYW1lAHBhc3N3b3Jk");' | od -cb
(replace AHVzZXJuYW1lAHBhc3N3b3Jk with your logged response string).
The result will look like:
0000000 \0 u s e r n a m e \0 p a s s w o
000 165 163 145 162 156 141 155 145 000 160 141 163 163 167 157
0000020 r d
162 144
In case you tried changing the Postfix smtpd_sasl_local_domain
parameter, that has no effect for Dovecot authentication; it is
used only with the Cyrus SASL adapter. At least. that's what happens
with Postfix as distributed by me. I can't speak for improvements
made by down-stream distributors.
Wietse
