[horde] saslauth permission denied
Arjen de Korte
arjen+horde at de-korte.org
Fri Mar 31 10:46:25 UTC 2017
Citeren Andreas Mauser <andreas at mauser.info>:
> Hi Arjen,
>
> ----- Nachricht von Arjen de Korte <arjen+horde at de-korte.org> ---------
> Datum: Fri, 31 Mar 2017 12:12:24 +0200
> Von: Arjen de Korte <arjen+horde at de-korte.org>
> Betreff: Re: [horde] saslauth permission denied
> An: horde at lists.horde.org
>
>
>> Citeren Andreas Mauser <andreas at mauser.info>:
>>
>>> Hi,
>>>
>>> since my wife did not send mails since I moved to my new mail
>>> server I cannot say for sure if I missed some permissions
>>> somewhere on the new mailserver, or the problem is since I
>>> upgraded yesterday to the new Horde version.
>>>
>>> I am able to send Mails from Horde via my Mailserver (which is on
>>> another server).
>>> My wife gets the Horde error message: Beim Versenden der Nachricht
>>> ist ein Fehler aufgetreten: Server denied authentication
>>>
>>> The Mailservers log shows:
>>> Mar 31 11:41:53 mauser postfix/smtpd[13094]: connect from webserver
>>> Mar 31 11:41:53 mauser postfix/smtpd[13094]: Anonymous TLS
>>> connection established from webserver: TLSv1.2 with cipher
>>> Mar 31 11:41:53 mauser postfix/smtpd[13094]: warning: SASL
>>> authentication failure: Password verification failed
>>> Mar 31 11:56:20 mauser postfix/smtpd[14215]: warning: webserver:
>>> SASL PLAIN authentication failed: authentication failure
>>> Mar 31 11:56:22 mauser postfix/smtpd[14215]: warning: webserver:
>>> SASL LOGIN authentication failed: authentication failure
>>> Mar 31 11:41:53 mauser postfix/smtpd[13094]: disconnect from webserver
>>>
>>> My wife has a user account on the mailserver. I use IMP to
>>> authenticate. Dovecot is the IMAP server. Postfix the MTA.
>>>
>>> Can you push me in the right direction please?
>>
>> What is the value of the following two parameters in your Postfix
>> configuration (either main.cf or master.cf)?
>>
>> smtpd_sasl_type
>> smtpd_sasl_path
>
> I did not have it in the config file. I never used that on the old server.
> I now put the lines in, having now:
> smtpd_sasl_type = dovecot
> smtpd_sasl_path = private/auth
>
> But it did not lead to a success, with error:
>
> Mar 31 12:29:31 mauser postfix/smtpd[17530]: warning: SASL: Connect
> to private/auth failed: No such file or directory
> Mar 31 12:29:31 mauser postfix/smtpd[17530]: fatal: no SASL
> authentication mechanisms
This is probably an easy fix. My guess is, you didn't setup a
listening socket in Dovecot to connect to:
service auth {
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
Check the permissions on (and path of) the socket, it should match
what Postfix is running as. You may need to restart Dovecot.
>> It could be that you have (accidentally) setup different
>> authentication backends for IMAP and Postfix (which is prone to
>> errors). Usually you'll want to keep them the same.
>
> Wouldnt that have an effect all users?
Not necessarily. When I first used SASL, I had separate authentication
backends for Postfix and Dovecot. Keeping the usernames and passwords
in sync meant a lot of extra effort, until I found that Dovecot could
handle both.
> Hm. In which files I would usually look to compare? Shouldnt there
> be an option to set sasl to the wished authentication backend(s)?
By default, Postfix will set
smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd
If you're using Dovecot, the above is probably not what you want. I
override these parameters in my master.cf file (among lost of other
things) for the submission port with
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
We're drifting a long way from Horde though.
More information about the horde
mailing list