Just a recap of how things look on the system:
1) SASLAUTHD sees the Zimbra authentication mechanism as being available:
$ /opt/zimbra/cyrus-sasl-2.1.22.3/sbin/saslauthd -v
saslauthd 2.1.22
authentication mechanisms: getpwent kerberos5 pam rimap shadow zimbra
2) SASLAUTHD is running with the Zimbra authentication mechanism active
zimbra 23499 1 0 09:07 ? 00:00:00 /opt/zimbra/cyrus-sasl-2.1.22.3/sbin/saslauthd -r -a zimbra
3) saslauthd configuration looks good:
$ more /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/etc/saslauthd.conf
zimbra_url:
https://mail.mydomain.com/service/soap/
zimbra_cert_file: /opt/zimbra/conf/smtpd.crt
zimbra_cert_check: off
4) postfix configuration looks good:
$ more /opt/zimbra/cyrus-sasl/lib/sasl2/smtpd.conf
#
log_level: 7
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
saslauthd_path: /opt/zimbra/cyrus-sasl/state/mux
(note that I increased the log level to 7 and uncommented the saslauthd_path but neither helped)
5) From the logs we know that postfix is accepting the SMTP AUTH request and handing this off to SASL for authentication. We can also see that SASL tries 3 authentication mechanisms (CRAM-MD5, PLAIN and LOGIN).
This is one thing that makes me believe that the postfix configuration file (smtpd.conf in #4 is not being used... increased logging doesn't help, the commented saslauthd_path and the attempt at an undocumented authentication method CRAM-MD5. I think that Zimbra is built to use a different method to configure postfix for saslauthd.... and that this smtpd.conf is a hold-over from an earlier version of Zimbra.
The help I need is to understand the "Zimbra" authentication method that is confgured for saslauthd. I can't troubleshoot too far without help on this...
What may help is also to understand where postfix is getting the smtp.conf for saslauthd so that I can turn up debugging to level 7 and see what else may be going on....
thanks
Mark
BTW here's the logs again
Oct 1 09:41:26 www postfix/smtpd[5139]: TLS connection established from unknown[x.x.x.x]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Oct 1 09:41:26 www postfix/smtpd[5139]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Oct 1 09:41:26 www postfix/smtpd[5139]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Oct 1 09:41:26 www postfix/smtpd[5139]: warning: SASL authentication failure: no secret in database
Oct 1 09:41:26 www postfix/smtpd[5139]: warning: unknown[x.x.x.x]: SASL CRAM-MD5 authentication failed
Oct 1 09:41:26 www postfix/smtpd[5139]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Oct 1 09:41:26 www last message repeated 4 times
Oct 1 09:41:26 www postfix/smtpd[5139]: warning: SASL authentication failure: Password verification failed
Oct 1 09:41:26 www postfix/smtpd[5139]: warning: unknown[x.x.x.x]: SASL PLAIN authentication failed
Oct 1 09:41:27 www postfix/smtpd[5139]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Oct 1 09:41:27 www last message repeated 5 times
Oct 1 09:41:27 www postfix/smtpd[5139]: warning: unknown[x.x.x.x]: SASL LOGIN authentication failed
Oct 1 09:41:32 www postfix/smtpd[5139]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Oct 1 09:41:32 www last message repeated 2 times