Results 1 to 10 of 27

Thread: saslauthd: Permission denied (external SMTP AUTH broken)

Hybrid View

  1. #1
    Join Date
    Jan 2007
    Posts
    19
    Rep Power
    8

    Smile RESOLVED: saslauthd: Permission denied (external SMTP AUTH broken)

    Version 4.0.5_GA_518.RHEL4 Dec 18, 2006

    - All Zimbra services running (minus Perdition, not used)
    - All webservices working properly
    - HTTPS mode
    - Custom port
    - SASL URL is correct (zimbra_url)
    - zimbraMtaAuthURL is correct

    - libexec/zmfixperms has been run successfully
    - all services have been recently restarted

    /var/log/zimbra.log:
    Code:
    Jan 10 11:59:39 nobox postfix/smtpd[12391]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
    Jan 10 11:59:39 nobox postfix/smtpd[12391]: warning: wherever.tld[ip.ip.ip.ip]: SASL LOGIN authentication failed

    Additional info:
    Code:
    $ ls -ld /opt/zimbra/cyrus-sasl/state
    drwxr-x---  2 zimbra zimbra 4096 Jan 10 11:59 /opt/zimbra/cyrus-sasl/state
    
    $ ls -l /opt/zimbra/cyrus-sasl/state
    total 4
    srwxrwxrwx  1 zimbra zimbra 0 Jan 10 11:59 mux
    -rw-------  1 zimbra zimbra 0 Jan 10 11:59 mux.accept
    -rw-------  1 zimbra zimbra 6 Jan 10 11:59 saslauthd.pid
    Using:
    Thunderbird 1.5.0.9, TLS

    Help?
    Last edited by Miz; 01-26-2007 at 06:44 PM. Reason: Add client info

  2. #2
    Join Date
    Nov 2005
    Posts
    518
    Rep Power
    11

    Default

    add this line to /etc/syslog.conf and then restart (kill -1) syslogd:
    auth.* -/var/log/zimbra.log

    that will send the saslauthd logging there instead of nowhere. go ahead and post the output of these commands as well:

    su - zimbra
    zmprov getServer nobox.whatever.com | grep -e Mode -e Auth -e Port
    cat ~/cyrus-sasl/etc/saslauthd.conf*

  3. #3
    Join Date
    Jan 2007
    Posts
    19
    Rep Power
    8

    Default

    I have successfully upgraded to Version 4.5.0_GA_612.RHEL4 Jan 15, 2007 today, but this problem remains.

    Info requested:
    Code:
    [zimbra@mail ~]$ zmprov getServer mail.whatever.tld | grep -e Mode -e Auth -e Port
    zimbraAdminPort: 7071
    zimbraImapBindPort: 143
    zimbraImapProxyBindPort: 143
    zimbraImapSSLBindPort: 993
    zimbraImapSSLProxyBindPort: 993
    zimbraLmtpBindPort: 7025
    zimbraMailMode: https
    zimbraMailPort: 73
    zimbraMailSSLPort: 74
    zimbraMtaAuthEnabled: TRUE
    zimbraMtaAuthHost: mail.whatever.tld
    zimbraMtaAuthURL: https://mail.whatever.tld:74/service/soap/
    zimbraMtaTlsAuthOnly: TRUE
    zimbraNotifyBindPort: 7035
    zimbraNotifySSLBindPort: 7036
    zimbraPop3BindPort: 110
    zimbraPop3ProxyBindPort: 110
    zimbraPop3SSLBindPort: 995
    zimbraPop3SSLProxyBindPort: 995
    zimbraRemoteManagementPort: 22
    zimbraSmtpPort: 25
    [zimbra@mail ~]$ cat ~/cyrus-sasl/etc/saslauthd.conf
    zimbra_url: https://mail.whatever.tld:74/service/soap/
    zimbra_cert_file: /opt/zimbra/conf/smtpd.crt
    zimbra_cert_check: off
    Attempted login:
    Code:
    Jan 18 16:04:59 mail postfix/smtpd[3880]: connect from somewhere.at.comcast.net[9.8.7.6]
    Jan 18 16:04:59 mail postfix/smtpd[3880]: setting up TLS connection from somewhere.at.comcast.net[9.8.7.6]
    Jan 18 16:04:59 mail postfix/smtpd[3880]: TLS connection established from somewhere.at.comcast.net[9.8.7.6]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
    Jan 18 16:05:28 mail postfix/smtpd[3880]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
    Jan 18 16:05:28 mail postfix/smtpd[3880]: warning: SASL authentication failure: Password verification failed
    Jan 18 16:05:28 mail postfix/smtpd[3880]: warning: somewhere.at.comcast.net[9.8.7.6]: SASL PLAIN authentication failed
    Jan 18 16:05:28 mail postfix/smtpd[3880]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
    Jan 18 16:05:28 mail postfix/smtpd[3880]: warning: somewhere.at.comcast.net[9.8.7.6]: SASL LOGIN authentication failed
    Jan 18 16:05:31 mail postfix/smtpd[3880]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
    Jan 18 16:05:31 mail postfix/smtpd[3880]: warning: SASL authentication failure: Password verification failed
    Jan 18 16:05:31 mail postfix/smtpd[3880]: warning: somewhere.at.comcast.net[9.8.7.6]: SASL PLAIN authentication failed
    Jan 18 16:05:31 mail postfix/smtpd[3880]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
    Jan 18 16:05:31 mail postfix/smtpd[3880]: warning: somewhere.at.comcast.net[9.8.7.6]: SASL LOGIN authentication failed
    Jan 18 16:06:01 mail pam_loginuid[4059]: set_loginuid failed opening loginuid
    /etc/syslog.conf
    Code:
    # Log all kernel messages to the console.
    # Logging much else clutters up the screen.
    #kern.*                                                 /dev/console
    
    # Log anything (except mail) of level info or higher.
    # Don't log private authentication messages!
    *.info;mail.none;authpriv.none;cron.none                /var/log/messages
    
    # The authpriv file has restricted access.
    authpriv.*                                              /var/log/secure
    
    # Log all the mail messages in one place.
    mail.*                                                  -/var/log/maillog
    
    
    # Log cron stuff
    cron.*                                                  /var/log/cron
    
    # Everybody gets emergency messages
    *.emerg                                                 *
    
    # Save news errors of level crit and higher in a special file.
    uucp,news.crit                                          /var/log/spooler
    
    # Save boot messages also to boot.log
    local7.*                                                /var/log/boot.log
    # added by openldap2.3-2.3.27 rpm Fri Nov 17 17:39:36 EST 2006
    local0.*                -/var/log/zimbra.log
    auth.*                  -/var/log/zimbra.log
    mail.*                -/var/log/zimbra.log
    I verified that syslogd restarted as a result of the kill command, after editing the syslog.conf, and made the change before attempting to log in via SMTP/TLS again.

  4. #4
    Join Date
    Jan 2007
    Posts
    19
    Rep Power
    8

    Default

    /opt/zimbra/conf/smtpd.crt is:
    Code:
    -rwx------  1 zimbra zimbra 1078 Jan 18 10:24 /opt/zimbra/conf/smtpd.crt
    And appears to be a well-formed certificate.

    /opt/zimbra/cyrus-sasl/lib/sasl2 is:
    Code:
    #
    # This is ${cyrus-sasl-prefix}/lib/sasl2/smtpd.conf
    #
    log_level: 3
    pwcheck_method: saslauthd
    mech_list: PLAIN LOGIN
    saslauthd_path: /opt/zimbra/cyrus-sasl/state/mux
    I uncommented the saslauthd_path and restarted Zimbra's saslauthd using zmsaslauthdctl restart

    This resulted in saslauthd finally logging, but these are the only lines it spit out:
    Code:
    Jan 18 16:20:11 mail saslauthd[9609]: detach_tty      : master pid is: 9609
    Jan 18 16:20:11 mail saslauthd[9609]: ipc_init        : listening on socket: /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/state/mux

  5. #5
    Join Date
    Sep 2005
    Posts
    274
    Rep Power
    10

    Default

    On my system, I see:

    Code:
    $ ls -al /opt/zimbra/cyrus-sasl/state/
    total 12
    drwxr-xr-x  2 zimbra zimbra 4096 Jan 16 15:49 .
    drwxr-xr-x  8 root   zimbra 4096 Jan 16 15:43 ..
    srwxrwxrwx  1 zimbra zimbra    0 Jan 16 15:49 mux
    -rw-------  1 zimbra zimbra    0 Jan 16 15:49 mux.accept
    -rw-------  1 zimbra zimbra    6 Jan 16 15:49 saslauthd.pid
    What do you have?
    Bugzilla - Wiki - Downloads - Before posting... Search!

  6. #6
    Join Date
    Jan 2007
    Posts
    19
    Rep Power
    8

    Default

    Code:
    # ls -al /opt/zimbra/cyrus-sasl/state
    total 12
    drwxr-x---  2 zimbra zimbra 4096 Jan 18 16:30 .
    drwxr-xr-x  8 root   zimbra 4096 Jan 18 10:23 ..
    srwxrwxrwx  1 zimbra zimbra    0 Jan 18 16:30 mux
    -rw-------  1 zimbra zimbra    0 Jan 18 16:30 mux.accept
    -rw-------  1 zimbra zimbra    6 Jan 18 16:30 saslauthd.pid

Similar Threads

  1. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 08:46 PM
  2. Backup issues
    By telescop in forum Administrators
    Replies: 3
    Last Post: 03-01-2007, 06:09 PM
  3. Ldap issues
    By mississippiman in forum Installation
    Replies: 11
    Last Post: 01-09-2007, 08:00 PM
  4. Enable SMTP Auth to external users
    By VictorMedina in forum Administrators
    Replies: 1
    Last Post: 05-24-2006, 11:06 AM
  5. Move server to different OS
    By EriSan500 in forum Administrators
    Replies: 7
    Last Post: 03-05-2006, 01:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •