0

I have configured and fixed almost all the problems with my postfix +courier + mysql setup for virtual mailboxes. I can now receive mail and send it from webmail (squirrel). BUT, what I can't do is authenticate from outside client. Since my isp blocks port 25 I setup postfix to work on 1025 for smtp and setup verbose loging.

Here is the verbose log of a failed authentication process LOG

Authentication for imap and pop3 seem to be working but this one is not.

Here is the postconf -n output.

Also through mysql I can verify that it is trying to validate through the system, running a query that returns the encrypted password stored in the database.

I can't seem to find the error for this. thank you in advance

cromestant
  • 121
  • 5

1 Answers1

1

Probably something is wrong on the MySQL side, maybe the query does not return an expected value. I think the best way to proceed is to enable logging all queries in /etc/my.cnf. You should add something like log=/var/log/mysql/allqueries.log there and restart mysqld then. You should try to perform a remote login then, MySQL will log related query to this file and you will be able to check it manually from the mysql console.

Alex
  • 7,789
  • 4
  • 36
  • 51
  • Well in the original post I said **Also through mysql I can verify that it is trying to validate through the system, running a query that returns the encrypted password stored in the database.** So I already know that the query is executing and returning the encrypted password.So this is no it, Thanks though – cromestant Feb 03 '11 at 14:50
  • Hmm, I'm a bit confused here, are you saying that the password is stored in the DB in the encrypted form? But it looks like you are using a plain authentication method on SASL side, so there should be some kind of conversion from plain to encrypted somewhere between SASL and MySQL storage. Do you use a kind of hashing algorithm right in the SQL query? – Alex Feb 03 '11 at 15:21
  • well the query being run is basically a select password from user_table where user = "username". The password stored in the DB is a hash ( not crypted sorry). that is inserted upon creating the mailbox with postfixadmin. When you say I'm using plain authentication method , where do you see this I figured I had activated the sasl methods, maybe this is the problem. – cromestant Feb 03 '11 at 15:30
  • edited original post to show the other config file - apparently the edit is not going to be seen until it has been peer reviewed so posting the config file /etc/postfix/sasl/smtpd.conf to [here](http://pastie.org/1525191) – cromestant Feb 03 '11 at 15:33
  • Okay, you are using the auxprop plugin to provide SASL with a connection to the MySQL server. This plugin does not support encrypted or hashed passwords as stated [here](http://www.postfix.org/SASL_README.html): "If you must store encrypted passwords, you cannot use the sql auxprop plugin. Instead, see section "Using saslauthd with PAM", and configure PAM to look up the encrypted passwords with, for example, the pam_mysql module. You will not be able to use any of the methods that require access to plaintext passwords, such as the shared-secret methods CRAM-MD5 and DIGEST-MD5" – Alex Feb 03 '11 at 15:41
  • As you can see from the detailed postfix log, it tried DIGEST-MD5 SASL mechanism first, then fell back to the LOGIN SASL mechanism. If you use auxprop plugin with the LOGIN mech, your MySQL query should return a plaintext password. – Alex Feb 03 '11 at 15:45
  • Ok I must have things very confused here. I followed [this](https://help.ubuntu.com/community/PostfixCompleteVirtualMailSystemHowto) guide for starters and of course then started adapting it. Since the imap/pop3 logins are working I don't want to undo what is already in the DB. There must be something else I've done wrong for this not to be working (since this user was created with postfixadmin, I assume that the password stored is a hash). Again thanks for your help. – cromestant Feb 03 '11 at 15:57
  • reading on that link you provided I see what you mean, BUT how is it that that tutorial got it working at some point? could it be that there is something other ? – cromestant Feb 03 '11 at 16:23
  • Ok finally I read up and you were right, that was the problem. In the end I ended up using rimap as authentication mechanism in saslauth so that it made an imap conection behind scenes and authenticated with the crypted password. 5 thumbs up to you Alex – cromestant Feb 04 '11 at 09:26
  • Glad to hear you managed to solve it! – Alex Feb 04 '11 at 09:46