SMTP auth refused with sasl error

9 posts / 0 new
Last post
#1 Tue, 09/14/2010 - 06:24
aplima

SMTP auth refused with sasl error

I had several errors reported like this:

SASL LOGIN authentication failed: authentication failure

I searched and googled, and googled and searched... Never found a solution that would solve my problem.

I had a similar problem with imap and pop3 login.

Wanted the user to authenticate as user@domain.tld instead of user-domain.tld or user.domain.tld

Some research on virtualmin and webmin foruns pointed me to the right direction...

And today, I tried to use the user-domain.tld format and my emails started to be sent.

I've been using qmail since forever, and was trying postfix. Have been testing the spam and virus filtering for some months now, and I decided it was time for a definitive change.

There was the problem with sending emails. I wish someone could point me where to enable the use of: user@domain.tld in smtp auth.

Thanks.

Tue, 09/14/2010 - 09:50
andreychek

Howdy,

If you haven't already, you may want to take a peek in System Settings -> Server Templates -> Default -> Mail for Domain, and verify that "Format for usernames that include domain" is set the way you want it. (which sounds like it would be the user@domain format).

That will only change new email accounts that are created... any existing account will continue to use the previous style.

If you've created a new email account using the user@domain format, and it still doesn't allow you to log in, you'd want to make sure that saslauthd is running with the -r option.

You can verify that by looking at the running process, which you can do with this command:

"ps auxw | grep saslauth"

If it does not have the -r option, we can get that fixed, just let us know what distro you're using :-)

-Eric

Tue, 09/14/2010 - 10:13 (Reply to #2)
aplima

Here is the output to ps auxw | grep saslauth

root 27000 0.0 0.0 5564 488 ? Ss 14:24 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam root 27001 0.0 0.0 5608 980 ? S 14:24 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam root 27002 0.0 0.0 5564 264 ? S 14:24 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam root 27003 0.0 0.0 5564 264 ? S 14:24 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam root 27004 0.0 0.0 5564 264 ? S 14:24 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam root 31563 0.0 0.0 3916 680 pts/0 S+ 16:10 0:00 grep saslauth

I can login any user (before or after the change on default address format) on pop3. But can only send emails, using smtp, if I change the user format to user-domain instead of user@domain.

Webmail, works flawless.

Tue, 09/14/2010 - 10:18
andreychek

if I change the user format to user-domain instead of user@domain.

Yeah, due to the way saslauthd works, it has to be running with the -r option in order to handle users in the format of user@domain. Saslauthd is the daemon responsible for handling secure email sending.

It your case, it doesn't look like saslauthd is running with -r. We can get that fixed, though you didn't mention what distro you were using :-)

-Eric

Tue, 09/14/2010 - 10:28 (Reply to #4)
aplima

Operating system CentOS Linux 5.2 Webmin version 1.500
Virtualmin version 3.77.gpl GPL Theme version 7.7
Kernel and CPU Linux 2.6.18-92.1.22.el5 on i686

So, can you be so kind, and help me? I'm used to qmail. But it is getting really hard to admin a mail server using it. Now that I've been using Postfix, for myself, installed with webmin, I decided that is a better solution to serve my clients.

Thanks.

Tue, 09/14/2010 - 10:37
andreychek

On CentOS, to get saslauthd running with the -r flag, you can log into your server over SSH as root, and edit:

/etc/sysconfig/saslauthd

At the bottom where it says "FLAGS=", change that line to read:

FLAGS=-r

Then, restart saslauthd with:

/etc/init.d/saslauthd restart

At that point, it should allow you to login with user@domain username formats.

-Eric

Tue, 09/14/2010 - 10:51
aplima

And it was as simples as that!

Thank you so much!

Sun, 04/01/2012 - 07:48
HarryZink

if one configures FLAGS=-r will the regular method still work?

I needed to enable name@tld.com for just one virtual domain of those I host, so I added the FLAGS=-r config.

This was several weeks ago. Today, I observed that several accounts being hosted on that server have started having problems with email, and generating errors. Specifically:

saslauthd[6153]: do_auth : auth failure: [user=xxxxxx@dddddd.com] [service=smtp] [realm=dddddd.com] [mech=pam] [reason=PAM auth error]

Any ideas?

Mon, 04/02/2012 - 09:18
andreychek

if one configures FLAGS=-r will the regular method still work?

I believe so -- think there's been other folks who had used both username styles on the same server.

In the error you're seeing there, it looks like the username having problems is in the user@domain.com format, which is what using -r should correct.

Two things you may want to verify --

One, make certain that saslauthd is still running with the -r parameter (you can verify that by running "ps auxw | grep saslauthd").

Two, verify that you can login as that user in Usermin.

-Eric