Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: saslauthd: Permission denied (external SMTP AUTH broken)

  1. #1
    Miz
    Miz is offline Intermediate Member
    Join Date
    Jan 2007
    Posts
    19
    Rep Power
    8

    Smile RESOLVED: saslauthd: Permission denied (external SMTP AUTH broken)

    Version 4.0.5_GA_518.RHEL4 Dec 18, 2006

    - All Zimbra services running (minus Perdition, not used)
    - All webservices working properly
    - HTTPS mode
    - Custom port
    - SASL URL is correct (zimbra_url)
    - zimbraMtaAuthURL is correct

    - libexec/zmfixperms has been run successfully
    - all services have been recently restarted

    /var/log/zimbra.log:
    Code:
    Jan 10 11:59:39 nobox postfix/smtpd[12391]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
    Jan 10 11:59:39 nobox postfix/smtpd[12391]: warning: wherever.tld[ip.ip.ip.ip]: SASL LOGIN authentication failed

    Additional info:
    Code:
    $ ls -ld /opt/zimbra/cyrus-sasl/state
    drwxr-x---  2 zimbra zimbra 4096 Jan 10 11:59 /opt/zimbra/cyrus-sasl/state
    
    $ ls -l /opt/zimbra/cyrus-sasl/state
    total 4
    srwxrwxrwx  1 zimbra zimbra 0 Jan 10 11:59 mux
    -rw-------  1 zimbra zimbra 0 Jan 10 11:59 mux.accept
    -rw-------  1 zimbra zimbra 6 Jan 10 11:59 saslauthd.pid
    Using:
    Thunderbird 1.5.0.9, TLS

    Help?
    Last edited by Miz; 01-26-2007 at 06:44 PM. Reason: Add client info

  2. #2
    bobby is offline Zimbra Employee
    Join Date
    Nov 2005
    Posts
    518
    Rep Power
    10

    Default

    add this line to /etc/syslog.conf and then restart (kill -1) syslogd:
    auth.* -/var/log/zimbra.log

    that will send the saslauthd logging there instead of nowhere. go ahead and post the output of these commands as well:

    su - zimbra
    zmprov getServer nobox.whatever.com | grep -e Mode -e Auth -e Port
    cat ~/cyrus-sasl/etc/saslauthd.conf*

  3. #3
    Miz
    Miz is offline Intermediate Member
    Join Date
    Jan 2007
    Posts
    19
    Rep Power
    8

    Default

    I have successfully upgraded to Version 4.5.0_GA_612.RHEL4 Jan 15, 2007 today, but this problem remains.

    Info requested:
    Code:
    [zimbra@mail ~]$ zmprov getServer mail.whatever.tld | grep -e Mode -e Auth -e Port
    zimbraAdminPort: 7071
    zimbraImapBindPort: 143
    zimbraImapProxyBindPort: 143
    zimbraImapSSLBindPort: 993
    zimbraImapSSLProxyBindPort: 993
    zimbraLmtpBindPort: 7025
    zimbraMailMode: https
    zimbraMailPort: 73
    zimbraMailSSLPort: 74
    zimbraMtaAuthEnabled: TRUE
    zimbraMtaAuthHost: mail.whatever.tld
    zimbraMtaAuthURL: https://mail.whatever.tld:74/service/soap/
    zimbraMtaTlsAuthOnly: TRUE
    zimbraNotifyBindPort: 7035
    zimbraNotifySSLBindPort: 7036
    zimbraPop3BindPort: 110
    zimbraPop3ProxyBindPort: 110
    zimbraPop3SSLBindPort: 995
    zimbraPop3SSLProxyBindPort: 995
    zimbraRemoteManagementPort: 22
    zimbraSmtpPort: 25
    [zimbra@mail ~]$ cat ~/cyrus-sasl/etc/saslauthd.conf
    zimbra_url: https://mail.whatever.tld:74/service/soap/
    zimbra_cert_file: /opt/zimbra/conf/smtpd.crt
    zimbra_cert_check: off
    Attempted login:
    Code:
    Jan 18 16:04:59 mail postfix/smtpd[3880]: connect from somewhere.at.comcast.net[9.8.7.6]
    Jan 18 16:04:59 mail postfix/smtpd[3880]: setting up TLS connection from somewhere.at.comcast.net[9.8.7.6]
    Jan 18 16:04:59 mail postfix/smtpd[3880]: TLS connection established from somewhere.at.comcast.net[9.8.7.6]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
    Jan 18 16:05:28 mail postfix/smtpd[3880]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
    Jan 18 16:05:28 mail postfix/smtpd[3880]: warning: SASL authentication failure: Password verification failed
    Jan 18 16:05:28 mail postfix/smtpd[3880]: warning: somewhere.at.comcast.net[9.8.7.6]: SASL PLAIN authentication failed
    Jan 18 16:05:28 mail postfix/smtpd[3880]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
    Jan 18 16:05:28 mail postfix/smtpd[3880]: warning: somewhere.at.comcast.net[9.8.7.6]: SASL LOGIN authentication failed
    Jan 18 16:05:31 mail postfix/smtpd[3880]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
    Jan 18 16:05:31 mail postfix/smtpd[3880]: warning: SASL authentication failure: Password verification failed
    Jan 18 16:05:31 mail postfix/smtpd[3880]: warning: somewhere.at.comcast.net[9.8.7.6]: SASL PLAIN authentication failed
    Jan 18 16:05:31 mail postfix/smtpd[3880]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
    Jan 18 16:05:31 mail postfix/smtpd[3880]: warning: somewhere.at.comcast.net[9.8.7.6]: SASL LOGIN authentication failed
    Jan 18 16:06:01 mail pam_loginuid[4059]: set_loginuid failed opening loginuid
    /etc/syslog.conf
    Code:
    # Log all kernel messages to the console.
    # Logging much else clutters up the screen.
    #kern.*                                                 /dev/console
    
    # Log anything (except mail) of level info or higher.
    # Don't log private authentication messages!
    *.info;mail.none;authpriv.none;cron.none                /var/log/messages
    
    # The authpriv file has restricted access.
    authpriv.*                                              /var/log/secure
    
    # Log all the mail messages in one place.
    mail.*                                                  -/var/log/maillog
    
    
    # Log cron stuff
    cron.*                                                  /var/log/cron
    
    # Everybody gets emergency messages
    *.emerg                                                 *
    
    # Save news errors of level crit and higher in a special file.
    uucp,news.crit                                          /var/log/spooler
    
    # Save boot messages also to boot.log
    local7.*                                                /var/log/boot.log
    # added by openldap2.3-2.3.27 rpm Fri Nov 17 17:39:36 EST 2006
    local0.*                -/var/log/zimbra.log
    auth.*                  -/var/log/zimbra.log
    mail.*                -/var/log/zimbra.log
    I verified that syslogd restarted as a result of the kill command, after editing the syslog.conf, and made the change before attempting to log in via SMTP/TLS again.

  4. #4
    Miz
    Miz is offline Intermediate Member
    Join Date
    Jan 2007
    Posts
    19
    Rep Power
    8

    Default

    /opt/zimbra/conf/smtpd.crt is:
    Code:
    -rwx------  1 zimbra zimbra 1078 Jan 18 10:24 /opt/zimbra/conf/smtpd.crt
    And appears to be a well-formed certificate.

    /opt/zimbra/cyrus-sasl/lib/sasl2 is:
    Code:
    #
    # This is ${cyrus-sasl-prefix}/lib/sasl2/smtpd.conf
    #
    log_level: 3
    pwcheck_method: saslauthd
    mech_list: PLAIN LOGIN
    saslauthd_path: /opt/zimbra/cyrus-sasl/state/mux
    I uncommented the saslauthd_path and restarted Zimbra's saslauthd using zmsaslauthdctl restart

    This resulted in saslauthd finally logging, but these are the only lines it spit out:
    Code:
    Jan 18 16:20:11 mail saslauthd[9609]: detach_tty      : master pid is: 9609
    Jan 18 16:20:11 mail saslauthd[9609]: ipc_init        : listening on socket: /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/state/mux

  5. #5
    anand is offline Zimbra Employee
    Join Date
    Sep 2005
    Posts
    274
    Rep Power
    9

    Default

    On my system, I see:

    Code:
    $ ls -al /opt/zimbra/cyrus-sasl/state/
    total 12
    drwxr-xr-x  2 zimbra zimbra 4096 Jan 16 15:49 .
    drwxr-xr-x  8 root   zimbra 4096 Jan 16 15:43 ..
    srwxrwxrwx  1 zimbra zimbra    0 Jan 16 15:49 mux
    -rw-------  1 zimbra zimbra    0 Jan 16 15:49 mux.accept
    -rw-------  1 zimbra zimbra    6 Jan 16 15:49 saslauthd.pid
    What do you have?
    Bugzilla - Wiki - Downloads - Before posting... Search!

  6. #6
    Miz
    Miz is offline Intermediate Member
    Join Date
    Jan 2007
    Posts
    19
    Rep Power
    8

    Default

    Code:
    # ls -al /opt/zimbra/cyrus-sasl/state
    total 12
    drwxr-x---  2 zimbra zimbra 4096 Jan 18 16:30 .
    drwxr-xr-x  8 root   zimbra 4096 Jan 18 10:23 ..
    srwxrwxrwx  1 zimbra zimbra    0 Jan 18 16:30 mux
    -rw-------  1 zimbra zimbra    0 Jan 18 16:30 mux.accept
    -rw-------  1 zimbra zimbra    6 Jan 18 16:30 saslauthd.pid

  7. #7
    Miz
    Miz is offline Intermediate Member
    Join Date
    Jan 2007
    Posts
    19
    Rep Power
    8

    Default

    Code:
    [root@mail SPECS]# cat /opt/zimbra/cyrus-sasl/state/saslauthd.pid 
    13905
    [root@mail SPECS]# ps 13905
      PID TTY      STAT   TIME COMMAND
    13905 ?        Ss     0:00 /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -r -a zimbra
    [root@mail SPECS]# grep 13905 /var/log/zimbra.log 
    Jan 18 16:30:49 mail saslauthd[13905]: detach_tty      : master pid is: 13905
    Jan 18 16:30:49 mail saslauthd[13905]: ipc_init        : listening on socket: /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/state/mux

  8. #8
    anand is offline Zimbra Employee
    Join Date
    Sep 2005
    Posts
    274
    Rep Power
    9

    Default

    How about:

    Code:
    # ldd /opt/zimbra/postfix/libexec/smtpd  | grep sasl
            libsasl2.so.2 => /opt/zimbra/cyrus-sasl/lib/libsasl2.so.2 (0x0000002a95a00000)
    Path to the socket is hard coded in SASL client libs (I think), and this will tell us if you are using the lib that came with Zimbra or not.

    Infact the sure fire way to check this is to find a live "smtpd" process and pmap it.

    Code:
     # pmap 12314 | grep sasl2.so
    0000002a95a00000     88K r-x--  /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/lib/libsasl2.so.2.0.21
    0000002a95a16000   1024K -----  /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/lib/libsasl2.so.2.0.21
    0000002a95b16000      4K rw---  /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/lib/libsasl2.so.2.0.21
    Bugzilla - Wiki - Downloads - Before posting... Search!

  9. #9
    Miz
    Miz is offline Intermediate Member
    Join Date
    Jan 2007
    Posts
    19
    Rep Power
    8

    Default

    Code:
    # ldd /opt/zimbra/postfix/libexec/smtpd | grep sasl
            libsasl2.so.2 => /opt/zimbra/cyrus-sasl/lib/libsasl2.so.2 (0xb7d65000)
    Now there's an interesting find...

    No smptd.

    I had one a minute ago.

    Code:
    postfix   1033  0.0  0.3  7048 2576 ?        S    17:08   0:00 smtpd -n 127.0.0.1:10025 -t inet -u -o content_filter  -o local_recipient_maps  -o virtual_mailbox_maps  -o virtual_alias_maps  -o relay_recipient_maps  -o smtpd_restriction_classes  -o smtpd_delay_reject no -o smtpd_client_restrictions permit_mynetworks,reject -o smtpd_helo_restrictions  -o smtpd_sender_restrictions  -o smtpd_recipient_restrictions permit_mynetworks,reject -o mynetworks_style host -o mynetworks 127.0.0.0/8 -o strict_rfc821_envelopes yes -o smtpd_error_sleep_time 0 -o smtpd_soft_error_limit 1001 -o smtpd_hard_error_limit 1000 -o smtpd_client_connection_count_limit 0 -o smtpd_client_connection_rate_limit 0 -o receive_override_options no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
    
    [root@mail ~]# pmap 1033
    [root@mail ~]#
    Code:
    [root@mail ~]# ps aux | grep smtp
    root      2951  0.0  0.0  3732  668 pts/9    R+   17:11   0:00 grep smtp
    [root@mail ~]# ps aux | grep postfix
    root     13860  0.0  0.2  6556 1700 ?        Ss   16:30   0:00 /opt/zimbra/postfix-2.2.9/libexec/master
    postfix  13880  0.0  0.2  6604 1684 ?        S    16:30   0:00 pickup -l -t fifo -u
    postfix  13881  0.0  0.2  6636 1768 ?        S    16:30   0:00 qmgr -l -t fifo -u
    postfix  14631  0.0  0.2  6600 1752 ?        S    16:33   0:00 tlsmgr -l -t unix -u
    postfix   1027  0.0  0.2  6592 1684 ?        S    17:08   0:00 proxymap -t unix -u
    postfix   1028  0.0  0.2  6612 1896 ?        S    17:08   0:00 trivial-rewrite -n rewrite -t unix -u
    postfix   1303  0.0  0.2  6600 1684 ?        S    17:10   0:00 showq -t unix -u
    root      2953  0.0  0.0  3736  672 pts/9    R+   17:11   0:00 grep postfix
    Code:
    $ zmcontrol status
    Host mail.whatever.tld
            antispam                Running
            antivirus               Running
            ldap                    Running
            logger                  Running
            mailbox                 Running
            mta                     Running
            snmp                    Running
            spell                   Running

  10. #10
    Miz
    Miz is offline Intermediate Member
    Join Date
    Jan 2007
    Posts
    19
    Rep Power
    8

    Default

    I hit up 'master' (Postfix).

    Close enough?

    Code:
    b7d56000     76K r-x--  /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/lib/libsasl2.so.2.0.21
    b7d69000      4K rw---  /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/lib/libsasl2.so.2.0.21

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  2. Backup issues
    By telescop in forum Administrators
    Replies: 3
    Last Post: 03-01-2007, 06:09 PM
  3. Ldap issues
    By mississippiman in forum Installation
    Replies: 11
    Last Post: 01-09-2007, 08:00 PM
  4. Enable SMTP Auth to external users
    By VictorMedina in forum Administrators
    Replies: 1
    Last Post: 05-24-2006, 10:06 AM
  5. Move server to different OS
    By EriSan500 in forum Administrators
    Replies: 7
    Last Post: 03-05-2006, 01:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •