0

I am receiving an unknown password verifier(s) auxprop error when trying to use SQLite for SASL authentication in Postfix on CentOS 7. It seems that the SQLite SQL engine is not found.

Contents of /etc/sasl2/smtp.conf:

log_level: 127
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
sql_engine: sqlite
sql_database: /etc/postfix/sasl_db
sql_select: SELECT password FROM users WHERE user = '%u'

Connection documented in /var/log/maillog:

Jul 25 08:55:43 smtp2 postfix/smtpd[5049]: connect a.b.c.d.myisp.net[a.b.c.d]
Jul 25 08:55:45 smtp2 postfix/smtpd[5049]: warning: SASL authentication problem: unknown password verifier(s) auxprop
Jul 25 08:55:45 smtp2 postfix/smtpd[5049]: warning: SASL authentication failure: Password verification failed
Jul 25 08:55:45 smtp2 postfix/smtpd[5049]: warning: a.b.c.d.myisp.net[a.b.c.d]: SASL PLAIN authentication failed: no mechanism available
Jul 25 08:55:46 smtp2 postfix/smtpd[5049]: warning: SASL authentication problem: unknown password verifier(s) auxprop
Jul 25 08:55:46 smtp2 postfix/smtpd[5049]: warning: a.b.c.d.myisp.net[a.b.c.d]: SASL LOGIN authentication failed: no mechanism available
Jul 25 08:55:51 smtp2 postfix/smtpd[5049]: disconnect from a.b.c.d.myisp.net[a.b.c.d]

There's a hint in /var/log/messages:

Jul 25 08:55:38 smtp2 systemd: Starting Postfix Mail Transport Agent...
Jul 25 08:55:38 smtp2 systemd: Started Postfix Mail Transport Agent.
Jul 25 08:55:43 smtp2 postfix/smtpd[5049]: SQL engine 'sqlite' not supported
Jul 25 08:55:43 smtp2 postfix/smtpd[5049]: auxpropfunc error no mechanism available

I tried replacing sqlite with sqlite3 (and restarting Postfix), same result.

My best guess so far is that I'm missing a rpm, but can't identify what it might be.

smtp2:/# rpm --query -a | grep -ie sqlite -ie sasl -ie postfix
cyrus-sasl-sql-2.1.26-23.el7.x86_64
cyrus-sasl-md5-2.1.26-23.el7.x86_64
sqlite-3.7.17-8.el7_7.1.x86_64
cyrus-sasl-lib-2.1.26-23.el7.x86_64
postfix-2.10.1-9.el7.x86_64
cyrus-sasl-2.1.26-23.el7.x86_64
libsqlite3x-20071018-20.el7.x86_64
cyrus-sasl-plain-2.1.26-23.el7.x86_64
smtp2:/# cat /etc/centos-release
CentOS Linux release 7.8.2003 (Core)

Am I missing a needed rpm, or more generally, how can I fix this error?

tater
  • 1,395
  • 2
  • 9
  • 12

1 Answers1

0

After a bit of digging, it looks like SQLite support is not enabled in the CentOS version of SASL, and cannot be added through a module/plugin.

I think direct SQLite support would involve rebuilding SASL. A better solution might be to use saslauthd and access SQLite via PAM, i.e. something like this in /etc/pam.d/smtp:

#%PAM-1.0
auth        required    pam_sqlite3.so 
account     required    pam_sqlite3.so

Hopefully this also helps someone else.

tater
  • 1,395
  • 2
  • 9
  • 12