Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: tls auth only?

  1. #1
    rmvg is offline Advanced Member
    Join Date
    Sep 2005
    Location
    Calgary
    Posts
    208
    Rep Power
    9

    Default tls auth only?

    I have tls auth only checked in both server and global settings. I have started and stopped the zimbra server using
    zmcontrol stop
    zmcontrol start

    when i try to login to zimbra smtp with
    username king@canmail.org
    and password xxxxxx

    using mozilla tls setting for outgoing smtp server first i get asked to accept the cert and i click accept this session only then mozilla keeps asking for the username and password over and over agian giving me this error in the logs

    Oct 8 05:39:57 mx1 postfix/smtpd[12343]: disconnect from localhost.localdomain[127.0.0.1]
    Oct 8 05:40:34 mx1 postfix/smtpd[29792]: warning: SASL authentication failure: Password verification failed
    Oct 8 05:40:34 mx1 postfix/smtpd[29792]: warning: computerking.ca[68.146.204.152]: SASL PLAIN authentication failed
    Oct 8 05:40:34 mx1 postfix/smtpd[29792]: warning: computerking.ca[68.146.204.152]: SASL LOGIN authentication failed

    When tring to auth using ssl i get rejected by zimbra and there is nothing in the logs

    using the mozilla no tls settings for outgoing smtp servers i can send mail it does not seem to be using tls to connect to zimbra/postfix the log is below. Why is the tls auth setting not working?

    Oct 8 05:30:51 mx1 postfix/smtpd[29792]: disconnect from localhost.localdomain[127.0.0.1]
    Oct 8 05:31:31 mx1 postfix/smtpd[29792]: connect from computerking.ca[68.146.204.152]
    Oct 8 05:31:33 mx1 postfix/smtpd[29792]: 724E0F0C67: client=computerking.ca[68.146.204.152]
    Oct 8 05:31:33 mx1 postfix/cleanup[3250]: 724E0F0C67: message-id=<43480F9A.8060106@canmail.org>
    Oct 8 05:31:33 mx1 postfix/qmgr[29698]: 724E0F0C67: from=<king@canmail.org>, size=616, nrcpt=1 (queue active)
    Oct 8 05:31:33 mx1 postfix/smtpd[29792]: disconnect from computerking.ca[68.146.204.152]
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) Connecting to LDAP host
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) connect_to_ldap: connected to canmail.org
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) connect_to_ldap: bind uid=zimbra,cn=admins,cn=zimbra succeeded
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) ESMTP::10024 /opt/zimbra/amavisd/tmp/amavis-20051008T053133-27081: <king@canmail.org> -> <skinnman@yahoo.com> Received: SIZE=616 from mx1.canmail.org ([127.0.0.1]) by localhost (mx1.canmail.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27081-01 for <skinnman@yahoo.com>; Sat, 8 Oct 2005 05:31:33 -0700 (MST)
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) body hash: a7c25e3139e573937a894f529f759803
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) Checking: F4dUOaooicuW [68.146.204.152] <king@canmail.org> -> <skinnman@yahoo.com>
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) p001 1 Content-Type: text/plain, size: 17 B, name:
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) Checking for banned types and filenames
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) collect banned table[0]: skinnman@yahoo.com, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0xa2b7f74)
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) p.path skinnman@yahoo.com: "P=p001,L=1,M=text/plain,T=asc"
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) Using ClamAV-clamd: (built-in interface)
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) Using (ClamAV-clamd) on dir: CONTSCAN /opt/zimbra/amavisd/tmp/amavis-20051008T053133-27081/parts\n
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) ClamAV-clamd: Connecting to socket 127.0.0.1:3310
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) ClamAV-clamd: Sending CONTSCAN /opt/zimbra/amavisd/tmp/amavis-20051008T053133-27081/parts\n to INET socket 127.0.0.1:3310
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) ask_av (ClamAV-clamd): /opt/zimbra/amavisd/tmp/amavis-20051008T053133-27081/parts CLEAN
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) ClamAV-clamd result: clean
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) spam_scan: hits=-1.764 tests=[AWL=-0.012,BAYES_00=-2.599,DATE_IN_FUTURE_03_06=0.847]
    Oct 8 05:31:33 mx1 postfix/smtpd[3269]: initializing the server-side TLS engine
    Oct 8 05:31:34 mx1 postfix/smtpd[3269]: connect from localhost.localdomain[127.0.0.1]
    Oct 8 05:31:34 mx1 amavis[27081]: (27081-01) AUTH not needed, user='', MTA offers ''
    Oct 8 05:31:34 mx1 postfix/smtpd[3269]: 19D54F0C68: client=localhost.localdomain[127.0.0.1]
    Oct 8 05:31:34 mx1 amavis[27081]: (27081-01) response to RCPT TO for <skinnman@yahoo.com>: "250 Ok"
    Oct 8 05:31:34 mx1 postfix/cleanup[3250]: 19D54F0C68: message-id=<43480F9A.8060106@canmail.org>
    Oct 8 05:31:35 mx1 postfix/smtpd[3269]: disconnect from localhost.localdomain[127.0.0.1]
    Oct 8 05:31:35 mx1 postfix/qmgr[29698]: 19D54F0C68: from=<king@canmail.org>, size=1053, nrcpt=1 (queue active)
    Oct 8 05:31:35 mx1 amavis[27081]: (27081-01) FWD via SMTP: <king@canmail.org> -> <skinnman@yahoo.com>, 250 2.6.0 Ok, id=27081-01, from MTA([127.0.0.1]:10025): 250 Ok: queued as 19D54F0C68
    Oct 8 05:31:35 mx1 amavis[27081]: (27081-01) Passed CLEAN, [68.146.204.152] [68.146.204.152] <king@canmail.org> -> <skinnman@yahoo.com>, Message-ID: <43480F9A.8060106@canmail.org>, mail_id: F4dUOaooicuW, Hits: -1.764, 1670 ms
    Oct 8 05:31:35 mx1 amavis[27081]: (27081-01) TIMING [total 1677 ms] - ldap-prepare: 7 (0%)0, SMTP EHLO: 23 (1%)2, SMTP pre-MAIL: 3 (0%)2, mkdir tempdir: 2 (0%)2, create email.txt: 1 (0%)2, ldap-connect: 19 (1%)3, lookup_ldap: 51 (3%)6, SMTP pre-DATA-flush: 3 (0%)6, SMTP DATA: 1 (0%)6, body_hash: 2 (0%)7, gen_mail_id: 1 (0%)7, mkdir parts: 1 (0%)7, mime_decode: 22 (1%)8, get-file-type1: 17 (1%)9, decompose_part: 2 (0%)9, parts_decode: 0 (0%)9, AV-scan-1: 13 (1%)10, spam-wb-list: 4 (0%)10, SA msg read: 1 (0%)10, SA parse: 3 (0%)10, SA check: 262 (16%)26, update_cache: 3 (0%)26, deal_with_mail_size: 1 (0%)26, fwd-connect: 43 (3%)29, fwd-mail-from: 66 (4%)33, fwd-rcpt-to: 38 (2%)35, write-header: 4 (0%)35, fwd-data: 0 (0%)35, fwd-data-end: 1052 (63%)98, fwd-rundown: 5 (0%)98, main_log_entry: 26 (2%)100, update_snmp: 2 (0%)100, unlink-1-files: 1 (0%)100, rundown: 1 (0%)100
    Oct 8 05:31:35 mx1 postfix/smtp[3251]: 724E0F0C67: to=<skinnman@yahoo.com>, relay=127.0.0.1[127.0.0.1], delay=4, status=sent (250 2.6.0 Ok, id=27081-01, from MTA([127.0.0.1]:10025): 250 Ok: queued as 19D54F0C68)
    Oct 8 05:31:35 mx1 amavis[27081]: (27081-01) extra modules loaded: Net/LDAP/Bind.pm
    Oct 8 05:31:35 mx1 amavis[27081]: (27081-01) load: 99 %, total idle 0.018 s, busy 1.666 s
    Oct 8 05:31:35 mx1 postfix/qmgr[29698]: 724E0F0C67: removed
    Oct 8 05:31:36 mx1 postfix/smtp[3323]: 19D54F0C68: to=<skinnman@yahoo.com>, relay=mx1.mail.yahoo.com[4.79.181.14], delay=2, status=sent (250 ok dirdel)
    Oct 8 05:31:36 mx1 postfix/qmgr[29698]: 19D54F0C68: removed
    Oct 8 05:31:39 mx1 postfix/smtpd[29792]: connect from localhost.localdomain[127.0.0.1]
    Oct 8 05:31:39 mx1 postfix/smtpd[29792]: disconnect from localhost.localdomain[127.0.0.1]
    Computer King

    http://www.computerking.ca

    Sales, Service, and Hosting
    Email, Data, and Web Packages
    Ask about web design specials

    Affiliates
    http://www.computerking.ca/pages/lin...affiliates.htm

  2. #2
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    Is saslauthd running? After you get an auth failure with Thunderbird/Mozilla we've noticed you need to restart it. It goes it to a failed auth loop that doesn't seem to be recoverable.

  3. #3
    rmvg is offline Advanced Member
    Join Date
    Sep 2005
    Location
    Calgary
    Posts
    208
    Rep Power
    9

    Default

    seems to be running

    [zimbra@mx1 rmvg]$ ps -auxx | grep saslauthd
    Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.3/FAQ
    zimbra 28859 0.0 0.2 5332 1744 ? Ss 05:25 0:00 /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra
    zimbra 28860 0.0 0.2 5332 1744 ? S 05:25 0:00 /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra
    zimbra 28861 0.0 0.2 5332 1744 ? S 05:25 0:00 /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra
    zimbra 28862 0.0 0.2 5332 1748 ? S 05:25 0:00 /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra
    zimbra 28863 0.0 0.2 5332 1748 ? S 05:25 0:00 /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra
    zimbra 10007 0.0 0.0 3728 644 pts/5 R+ 07:34 0:00 grep saslauthd
    Computer King

    http://www.computerking.ca

    Sales, Service, and Hosting
    Email, Data, and Web Packages
    Ask about web design specials

    Affiliates
    http://www.computerking.ca/pages/lin...affiliates.htm

  4. #4
    anand is offline Zimbra Employee
    Join Date
    Sep 2005
    Posts
    274
    Rep Power
    9

    Default do you have more than one domain?

    This could be related to:

    SMTP SASL authentication failure

    If you are running more than one domain, and logging into the non-default domain.

  5. #5
    rmvg is offline Advanced Member
    Join Date
    Sep 2005
    Location
    Calgary
    Posts
    208
    Rep Power
    9

    Default

    I made the recommedations below adding a -r zmsaslauthdctl going to test it later today from work. What do u mean about auth loop does this mean every time some tries to login with the say for instace the wrong password that noone else will be able to login until i restart saslauthd?

    Quote Originally Posted by KevinH
    Is saslauthd running? After you get an auth failure with Thunderbird/Mozilla we've noticed you need to restart it. It goes it to a failed auth loop that doesn't seem to be recoverable.
    Computer King

    http://www.computerking.ca

    Sales, Service, and Hosting
    Email, Data, and Web Packages
    Ask about web design specials

    Affiliates
    http://www.computerking.ca/pages/lin...affiliates.htm

  6. #6
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    I meant restart Thunderbird.

  7. #7
    rmvg is offline Advanced Member
    Join Date
    Sep 2005
    Location
    Calgary
    Posts
    208
    Rep Power
    9

    Default

    Sorry Kevin i gotta learn to read

    I am still having problems even after adding the -r option arrhg i will try turning off tls for now but i need that feature.

    I am really short on time right now.

    ps i am outlook now not mozilla
    Computer King

    http://www.computerking.ca

    Sales, Service, and Hosting
    Email, Data, and Web Packages
    Ask about web design specials

    Affiliates
    http://www.computerking.ca/pages/lin...affiliates.htm

  8. #8
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    Short on time... Taking this live soon?

    Can you post the /var/mail/zimbra.log result when you try your test. I assume you've restarted saslauthd after you added the -r right?

  9. #9
    rmvg is offline Advanced Member
    Join Date
    Sep 2005
    Location
    Calgary
    Posts
    208
    Rep Power
    9

    Default

    Quote Originally Posted by KevinH
    Short on time... Taking this live soon?

    Can you post the /var/mail/zimbra.log result when you try your test. I assume you've restarted saslauthd after you added the -r right?
    live Haha very funny mabey i should.

    Yes i did restart saslauthd also i reset the zimbra server too zmcontrol stop start just for good measure.

    here is the log

    Oct 12 08:09:25 mx1 postfix/smtpd[1723]: connect from S0106000cf1cf4e9e.cg.shawcable.net[70.72.12.90]
    Oct 12 08:09:26 mx1 postfix/smtpd[1723]: warning: S0106000cf1cf4e9e.cg.shawcable.net[70.72.12.90]: SASL LOGIN authentication failed
    Oct 12 08:09:26 mx1 postfix/smtpd[1723]: lost connection after AUTH from S0106000cf1cf4e9e.cg.shawcable.net[70.72.12.90]
    Oct 12 08:09:26 mx1 postfix/smtpd[1723]: disconnect from S0106000cf1cf4e9e.cg.shawcable.net[70.72.12.90]

    ps thanks boatloads for the help
    Computer King

    http://www.computerking.ca

    Sales, Service, and Hosting
    Email, Data, and Web Packages
    Ask about web design specials

    Affiliates
    http://www.computerking.ca/pages/lin...affiliates.htm

  10. #10
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    Are you using the entire user@domain for your username in your mail client?

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. How to configure SMTP AUTH (TLS) with Outlook Express
    By KevinH in forum Administrators
    Replies: 10
    Last Post: 01-18-2010, 08:46 AM
  2. TLS not working?
    By 3RiversTechAdmin in forum Installation
    Replies: 9
    Last Post: 04-06-2009, 06:12 AM
  3. Replies: 0
    Last Post: 01-03-2007, 06:22 PM
  4. Supporting SPA and TLS for SMTP relaying
    By pbwebguy in forum Installation
    Replies: 1
    Last Post: 05-18-2006, 07:59 AM
  5. smtp TLS auth error
    By PAI in forum Administrators
    Replies: 1
    Last Post: 12-23-2005, 10:57 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •