Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: SASL LOGIN authentication failure

  1. #1
    sgcowgill is offline Intermediate Member
    Join Date
    Dec 2005
    Posts
    17
    Rep Power
    9

    Default SASL LOGIN authentication failure

    Ok this is getting frustrating.

    For the third time a customer has suddenly lost the ability to send or recieve mail. This despite no administrators touching the server for any reason at all.

    The problems that shows up in the log is:

    May 17 11:10:37 membermail postfix/smtpd[23284]: warning: 64-60-7-226.cust.telepacific.net[64.60.7.226]: SASL LOGIN authentication failed

    Oddly it seems to only affect this domain.

    The last couple of times I was able to fix this using the forums but this time I cannot seem to find the solution. Everything that I try fails.

    The questions are:

    1. Where do I go from here in terms of fixing it? Is their a workaround for this problem? What causes this?
    2. Why does this keep just randomly happening? The server will run fine for a month and then suddenly one day they will be unable to send or recieve mail at all.

    Thanks for any help at all.

    Steve Cowgill
    Network Administrator
    AFFLINK

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    I guess you may need one of the Zimbra guys rather than me but...... I'll start.

    Are there any more messages in the log around that one you've posted, if so what are they? Is this running in htp or htps mode? I assume that for point 2 - it's all users for that domain that can't send/receive rathe than a specific user?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    sgcowgill is offline Intermediate Member
    Join Date
    Dec 2005
    Posts
    17
    Rep Power
    9

    Default

    This what I see in the logs:

    May 17 11:17:25 membermail postfix/smtpd[27876]: connect from 64-60-7-226.cust.telepacific.net[64.60.7.226]
    May 17 11:17:25 membermail postfix/smtpd[27876]: warning: 64-60-7-226.cust.telepacific.net[64.60.7.226]: SASL LOGIN authentication failed
    May 17 11:17:25 membermail postfix/smtpd[27876]: disconnect from 64-60-7-226.cust.telepacific.net[64.60.7.226]

    It is all users for this domain, not just some. It should be noted that I only have 3 users in other domains who actually send through me rather than through their ISP. So this domain is most likely to see a global problem.

    As a workaround I have disabled authentication and put my customer's IPs in main.cf so that postfix will allow them to relay. Not ideal but it is a workaround.

    I have tried it in both HTTP and HTTPS mode. Same problem either way.

    Incidentally this affects only POP3 and SMTP logins from Outlook Express/Outlook. The web client works without a problem, they just do not care for it.

    I understand that I am running an open source mail server and frankly Zimbra is the best open source all-encompassing free solution I can find. But these weird random failures are pushing me away from the product. Their are plenty of quality commercial mail servers that cost far less then the Network Edition of Zimbra and that come with support and are less buggy. It is not worth the headache to wrestle with unknown and undocumented random problems once a month, to me or to my end users.

    Steve

  4. #4
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Hi Steve,
    We have someone working on your issue, and hopefully will have an answer for you soon.

    john

  5. #5
    sgcowgill is offline Intermediate Member
    Join Date
    Dec 2005
    Posts
    17
    Rep Power
    9

    Default

    Great John. Especially since you don't appear to be employed by Zimbra.

    The most aggrivating thing is that I fixed this once before using something I found in the forums. But now I cannot find that post. I am sure that the post is still around but I cannot seem to find it. I am going to keep digging though.

  6. #6
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Would it likely have been caused by switching modes? Does this post shed any light on the subject?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    HI,
    I sent it to Sam(zimbra), and he's tracking down someone.

    Note: I don't work here, but I did stay in a Holiday Inn Express Last night.

  8. #8
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    A few questions? Are they using the full user@domain to login? This is a must if you have multiple domains. Is saslauthd running?

    sh -x /opt/zimbra/bin/zmsaslauthdctl status

    you might just need to verify that the auth host is set:

    running this on the mta server should list the mailbox server:
    zmprov gs MTAHOSTNAME | grep zimbraMtaAuthHost

    if not, you can set it like this (on the mta host):
    zmprov ms MTAHOSTNAME zimbraMtaAuthHost MAILBOXHOSTNAME
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  9. #9
    sgcowgill is offline Intermediate Member
    Join Date
    Dec 2005
    Posts
    17
    Rep Power
    9

    Default

    First Kevin thanks for the help.

    The test user that I talked to was using the full domain name in the login.

    sh -x /opt/zimbra/bin/zmsaslauthdctl status returns a lot of information. It does return a process id for SASL which indicates to me that it is running. Also keep in mind that other users are able to login and send without problem.

    zmprov shows that the correct auth host is set I believe. It outputs the name of my server when I run it.

    To add to the mystery:

    Yesterday afternoon in a blind attempt to fix the problem I upgraded from 3.0.1 to 3.1.1. The first tests were failures however at 17:07 Central time it started working for them. At 17:53 Central (they are on the west coast but I am not) after I had gone home it stopped working again. ????.

    Questions:
    1. Is their another log besides zimbra.log that will provide with more detailed information so that I can attempt to track the problem down? Or alternatively can I turn on some sort of verbose logging to try and get an answer?
    2. What would cause SASL to suddenly stop working for a particular domain? I assume that postfix verifys the user accounts against LDAP. Could this be an LDAP problem.

    I considered that perhaps the problem was local to them but they have two sites, one in California and one in Wisconsin and both are having the same problem.

    I created a test account on the same domain and am able to send and recieve fine with it but I am inside of the network.

    I will continue testing.

    Thanks

    Steve

  10. #10
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    Quote Originally Posted by sgcowgill
    I created a test account on the same domain and am able to send and recieve fine with it but I am inside of the network.
    Yeah not a good test since you'll have a valid IP and hence not need auth.


    Not sure how to get more login here. So you can confirm that at least some users in each domain can auth properly? Or is it only one domain that is not working?
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 26
    Last Post: 04-19-2011, 09:24 AM
  2. Pulling my hair out - SASL Login authentication failed
    By alloptions in forum Installation
    Replies: 4
    Last Post: 03-30-2007, 11:42 PM
  3. SASL authentication failure...
    By voltcraft in forum Installation
    Replies: 1
    Last Post: 03-09-2007, 08:15 AM
  4. SMTP SASL authentication failure
    By adobrin in forum Developers
    Replies: 3
    Last Post: 11-22-2005, 03:31 PM
  5. SMTP SASL authentication failure
    By igeorg in forum Developers
    Replies: 5
    Last Post: 10-10-2005, 01:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •