tls auth only?

[rmvg]

I have tls auth only checked in both server and global settings. I have started and stopped the zimbra server using
zmcontrol stop
zmcontrol start

when i try to login to zimbra smtp with
username king@canmail.org
and password xxxxxx

using mozilla tls setting for outgoing smtp server first i get asked to accept the cert and i click accept this session only then mozilla keeps asking for the username and password over and over agian giving me this error in the logs

Oct 8 05:39:57 mx1 postfix/smtpd[12343]: disconnect from localhost.localdomain[127.0.0.1]
Oct 8 05:40:34 mx1 postfix/smtpd[29792]: warning: SASL authentication failure: Password verification failed
Oct 8 05:40:34 mx1 postfix/smtpd[29792]: warning: computerking.ca[68.146.204.152]: SASL PLAIN authentication failed
Oct 8 05:40:34 mx1 postfix/smtpd[29792]: warning: computerking.ca[68.146.204.152]: SASL LOGIN authentication failed

When tring to auth using ssl i get rejected by zimbra and there is nothing in the logs

using the mozilla no tls settings for outgoing smtp servers i can send mail it does not seem to be using tls to connect to zimbra/postfix the log is below. Why is the tls auth setting not working?

Oct 8 05:30:51 mx1 postfix/smtpd[29792]: disconnect from localhost.localdomain[127.0.0.1]
Oct 8 05:31:31 mx1 postfix/smtpd[29792]: connect from computerking.ca[68.146.204.152]
Oct 8 05:31:33 mx1 postfix/smtpd[29792]: 724E0F0C67: client=computerking.ca[68.146.204.152]
Oct 8 05:31:33 mx1 postfix/cleanup[3250]: 724E0F0C67: message-id=<43480F9A.8060106@canmail.org>
Oct 8 05:31:33 mx1 postfix/qmgr[29698]: 724E0F0C67: from=<king@canmail.org>, size=616, nrcpt=1 (queue active)
Oct 8 05:31:33 mx1 postfix/smtpd[29792]: disconnect from computerking.ca[68.146.204.152]
Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) Connecting to LDAP host
Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) connect_to_ldap: connected to canmail.org
Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) connect_to_ldap: bind uid=zimbra,cn=admins,cn=zimbra succeeded
Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) ESMTP::10024 /opt/zimbra/amavisd/tmp/amavis-20051008T053133-27081: <king@canmail.org> -> <skinnman@yahoo.com> Received: SIZE=616 from mx1.canmail.org ([127.0.0.1]) by localhost (mx1.canmail.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27081-01 for <skinnman@yahoo.com>; Sat, 8 Oct 2005 05:31:33 -0700 (MST)
Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) body hash: a7c25e3139e573937a894f529f759803
Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) Checking: F4dUOaooicuW [68.146.204.152] <king@canmail.org> -> <skinnman@yahoo.com>
Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) p001 1 Content-Type: text/plain, size: 17 B, name:
Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) Checking for banned types and filenames
Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) collect banned table[0]: skinnman@yahoo.com, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0xa2b7f74)
Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) p.path skinnman@yahoo.com: "P=p001,L=1,M=text/plain,T=asc"
Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) Using ClamAV-clamd: (built-in interface)
Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) Using (ClamAV-clamd) on dir: CONTSCAN /opt/zimbra/amavisd/tmp/amavis-20051008T053133-27081/parts\n
Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) ClamAV-clamd: Connecting to socket 127.0.0.1:3310
Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) ClamAV-clamd: Sending CONTSCAN /opt/zimbra/amavisd/tmp/amavis-20051008T053133-27081/parts\n to INET socket 127.0.0.1:3310
Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) ask_av (ClamAV-clamd): /opt/zimbra/amavisd/tmp/amavis-20051008T053133-27081/parts CLEAN
Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) ClamAV-clamd result: clean
Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) spam_scan: hits=-1.764 tests=[AWL=-0.012,BAYES_00=-2.599,DATE_IN_FUTURE_03_06=0.847]
Oct 8 05:31:33 mx1 postfix/smtpd[3269]: initializing the server-side TLS engine
Oct 8 05:31:34 mx1 postfix/smtpd[3269]: connect from localhost.localdomain[127.0.0.1]
Oct 8 05:31:34 mx1 amavis[27081]: (27081-01) AUTH not needed, user='', MTA offers ''
Oct 8 05:31:34 mx1 postfix/smtpd[3269]: 19D54F0C68: client=localhost.localdomain[127.0.0.1]
Oct 8 05:31:34 mx1 amavis[27081]: (27081-01) response to RCPT TO for <skinnman@yahoo.com>: "250 Ok"
Oct 8 05:31:34 mx1 postfix/cleanup[3250]: 19D54F0C68: message-id=<43480F9A.8060106@canmail.org>
Oct 8 05:31:35 mx1 postfix/smtpd[3269]: disconnect from localhost.localdomain[127.0.0.1]
Oct 8 05:31:35 mx1 postfix/qmgr[29698]: 19D54F0C68: from=<king@canmail.org>, size=1053, nrcpt=1 (queue active)
Oct 8 05:31:35 mx1 amavis[27081]: (27081-01) FWD via SMTP: <king@canmail.org> -> <skinnman@yahoo.com>, 250 2.6.0 Ok, id=27081-01, from MTA([127.0.0.1]:10025): 250 Ok: queued as 19D54F0C68
Oct 8 05:31:35 mx1 amavis[27081]: (27081-01) Passed CLEAN, [68.146.204.152] [68.146.204.152] <king@canmail.org> -> <skinnman@yahoo.com>, Message-ID: <43480F9A.8060106@canmail.org>, mail_id: F4dUOaooicuW, Hits: -1.764, 1670 ms
Oct 8 05:31:35 mx1 amavis[27081]: (27081-01) TIMING [total 1677 ms] - ldap-prepare: 7 (0%)0, SMTP EHLO: 23 (1%)2, SMTP pre-MAIL: 3 (0%)2, mkdir tempdir: 2 (0%)2, create email.txt: 1 (0%)2, ldap-connect: 19 (1%)3, lookup_ldap: 51 (3%)6, SMTP pre-DATA-flush: 3 (0%)6, SMTP DATA: 1 (0%)6, body_hash: 2 (0%)7, gen_mail_id: 1 (0%)7, mkdir parts: 1 (0%)7, mime_decode: 22 (1%)8, get-file-type1: 17 (1%)9, decompose_part: 2 (0%)9, parts_decode: 0 (0%)9, AV-scan-1: 13 (1%)10, spam-wb-list: 4 (0%)10, SA msg read: 1 (0%)10, SA parse: 3 (0%)10, SA check: 262 (16%)26, update_cache: 3 (0%)26, deal_with_mail_size: 1 (0%)26, fwd-connect: 43 (3%)29, fwd-mail-from: 66 (4%)33, fwd-rcpt-to: 38 (2%)35, write-header: 4 (0%)35, fwd-data: 0 (0%)35, fwd-data-end: 1052 (63%)98, fwd-rundown: 5 (0%)98, main_log_entry: 26 (2%)100, update_snmp: 2 (0%)100, unlink-1-files: 1 (0%)100, rundown: 1 (0%)100
Oct 8 05:31:35 mx1 postfix/smtp[3251]: 724E0F0C67: to=<skinnman@yahoo.com>, relay=127.0.0.1[127.0.0.1], delay=4, status=sent (250 2.6.0 Ok, id=27081-01, from MTA([127.0.0.1]:10025): 250 Ok: queued as 19D54F0C68)
Oct 8 05:31:35 mx1 amavis[27081]: (27081-01) extra modules loaded: Net/LDAP/Bind.pm
Oct 8 05:31:35 mx1 amavis[27081]: (27081-01) load: 99 %, total idle 0.018 s, busy 1.666 s
Oct 8 05:31:35 mx1 postfix/qmgr[29698]: 724E0F0C67: removed
Oct 8 05:31:36 mx1 postfix/smtp[3323]: 19D54F0C68: to=<skinnman@yahoo.com>, relay=mx1.mail.yahoo.com[4.79.181.14], delay=2, status=sent (250 ok dirdel)
Oct 8 05:31:36 mx1 postfix/qmgr[29698]: 19D54F0C68: removed
Oct 8 05:31:39 mx1 postfix/smtpd[29792]: connect from localhost.localdomain[127.0.0.1]
Oct 8 05:31:39 mx1 postfix/smtpd[29792]: disconnect from localhost.localdomain[127.0.0.1]

[KevinH]

Is saslauthd running? After you get an auth failure with Thunderbird/Mozilla we've noticed you need to restart it. It goes it to a failed auth loop that doesn't seem to be recoverable.

[rmvg]

seems to be running

[zimbra@mx1 rmvg]$ ps -auxx | grep saslauthd
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.3/FAQ
zimbra 28859 0.0 0.2 5332 1744 ? Ss 05:25 0:00 /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra
zimbra 28860 0.0 0.2 5332 1744 ? S 05:25 0:00 /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra
zimbra 28861 0.0 0.2 5332 1744 ? S 05:25 0:00 /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra
zimbra 28862 0.0 0.2 5332 1748 ? S 05:25 0:00 /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra
zimbra 28863 0.0 0.2 5332 1748 ? S 05:25 0:00 /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra
zimbra 10007 0.0 0.0 3728 644 pts/5 R+ 07:34 0:00 grep saslauthd

[anand]

This could be related to:

SMTP SASL authentication failure

If you are running more than one domain, and logging into the non-default domain.

[rmvg]

I made the recommedations below adding a -r zmsaslauthdctl going to test it later today from work. What do u mean about auth loop does this mean every time some tries to login with the say for instace the wrong password that noone else will be able to login until i restart saslauthd?

Quote:

Originally Posted by KevinH

Is saslauthd running? After you get an auth failure with Thunderbird/Mozilla we've noticed you need to restart it. It goes it to a failed auth loop that doesn't seem to be recoverable.

[KevinH]

I meant restart Thunderbird.

[rmvg]

Sorry Kevin i gotta learn to read

I am still having problems even after adding the -r option arrhg i will try turning off tls for now but i need that feature.

I am really short on time right now.

ps i am outlook now not mozilla

[KevinH]

Short on time... Taking this live soon?

Can you post the /var/mail/zimbra.log result when you try your test. I assume you've restarted saslauthd after you added the -r right?

[rmvg]

Quote:

Originally Posted by KevinH

Short on time... Taking this live soon?

Can you post the /var/mail/zimbra.log result when you try your test. I assume you've restarted saslauthd after you added the -r right?

live Haha very funny mabey i should.

Yes i did restart saslauthd also i reset the zimbra server too zmcontrol stop start just for good measure.

here is the log

Oct 12 08:09:25 mx1 postfix/smtpd[1723]: connect from S0106000cf1cf4e9e.cg.shawcable.net[70.72.12.90]
Oct 12 08:09:26 mx1 postfix/smtpd[1723]: warning: S0106000cf1cf4e9e.cg.shawcable.net[70.72.12.90]: SASL LOGIN authentication failed
Oct 12 08:09:26 mx1 postfix/smtpd[1723]: lost connection after AUTH from S0106000cf1cf4e9e.cg.shawcable.net[70.72.12.90]
Oct 12 08:09:26 mx1 postfix/smtpd[1723]: disconnect from S0106000cf1cf4e9e.cg.shawcable.net[70.72.12.90]

ps thanks boatloads for the help

[KevinH]

Are you using the entire user@domain for your username in your mail client?