Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SASL error: no secret in database

1 view
Skip to first unread message

Jonathan Nichols

unread,
Jul 13, 2003, 3:46:25 AM7/13/03
to
Good morning all,
I have Postfix 2.0.9 set up & running but I noticed an SASL error in
the mail log today. SMTP-AUTH appears to be working ok, but I'm getting
the error of "no secret in database" in the mail logs. I've checked
Google and found a few suggestions, namely ensuring that an
/etc/pam.d/smtp file exists (it does) and is set up properly (it is)

I do have an smtp.conf file in /var/lib/sasl2 - is that where it should
be, or does sasl look somewhere else for the file?

If anybody could point me in the right direction, I'd be most
appreciative. Thanks! :)

-Jonathan

Log snippet:

Jul 13 00:38:21 [postfix/smtpd] connect from idontcare.pbp.net[66.92.222.34]
Jul 13 00:38:21 [postfix/smtpd] warning: SASL authentication failure: no
secret in database
Jul 13 00:38:21 [postfix/smtpd] warning:
idontcare.pbp.net[66.92.222.34]: SASL CRAM-MD5 authentication failed
Jul 13 00:38:22 [postfix/smtpd] E4309FBF:
client=idontcare.pbp.net[66.92.222.34], sasl_method=PLAIN,
sasl_username=jnic...@pbp.net
Jul 13 00:38:23 [postfix/smtpd] 57973FBF:
client=idontcare.pbp.net[66.92.222.34], sasl_method=PLAIN,
sasl_username=jnic...@pbp.net
Jul 13 00:38:23 [postfix/cleanup] 57973FBF:
message-id=<3F110C6D...@pbp.net>
Jul 13 00:38:23 [postfix/qmgr] 57973FBF: from=<jnic...@pbp.net>,
size=620, nrcpt=1 (queue active)
Jul 13 00:38:23 [postfix/smtpd] disconnect from
idontcare.pbp.net[66.92.222.34]
Jul 13 00:38:23 [postfix/pipe] 57973FBF: to=<ma...@pbp.net>,
relay=maildrop, delay=0, status=sent (pbp.net)

(also note that the message ID changes.. is that normal?

Here's the postconf -n output:

alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases, hash:/var/mailman/data/aliases,
mysql:/etc/postfix/mysql-aliases.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 10
home_mailbox = .maildir/
inet_interfaces = all
local_destination_concurrency_limit = 1
local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname
local_transport = maildrop
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain $mydomain
mydomain = pbp.net
myhostname = mail.pbp.net
mynetworks = 192.168.10.0/24, 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.0.9
recipient_delimiter = +
relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
sample_directory = /etc/postfix/sample
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = mysql:/etc/postfix/mysql-transport.cf
unknown_local_recipient_reject_code = 450
virtual_alias_maps = hash:/var/mailman/data/virtual-mailman,
mysql:/etc/postfix/mysql-virtual.cf
virtual_gid_maps = static:1001
virtual_mailbox_base = /
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf
virtual_minimum_uid = 100
virtual_transport = virtual
virtual_uid_maps = static:1001

Andreas Winkelmann

unread,
Jul 13, 2003, 5:31:16 AM7/13/03
to
Jonathan Nichols wrote:

> Good morning all,
> I have Postfix 2.0.9 set up & running but I noticed an SASL error i=
n=20
> the mail log today. SMTP-AUTH appears to be working ok, but I'm getting=
=20
> the error of "no secret in database" in the mail logs. I've checked=20
> Google and found a few suggestions, namely ensuring that an=20


> /etc/pam.d/smtp file exists (it does) and is set up properly (it is)

>=20
> I do have an smtp.conf file in /var/lib/sasl2 - is that where it should=
=20


> be, or does sasl look somewhere else for the file?

smtp_d_.conf ?

> If anybody could point me in the right direction, I'd be most=20
> appreciative. Thanks! :)

Your Mailer first tries to authenticate with cram-md5, it is prefered=20
befor sending plain-text passwords over the line. But for that you need=20
the real passwords in a database (Maybe sasldb). "no secrets in=20
database" means you havn't this. You could disable this by a mech_list=20
in your smtpd.conf "mech_list: plain login" or just by deleting the=20
libcrammd5-libraries.

> Log snippet:
>=20
> Jul 13 00:38:21 [postfix/smtpd] connect from=20
> idontcare.pbp.net[66.92.222.34]
> Jul 13 00:38:21 [postfix/smtpd] warning: SASL authentication failure: n=
o=20
> secret in database
> Jul 13 00:38:21 [postfix/smtpd] warning:=20


> idontcare.pbp.net[66.92.222.34]: SASL CRAM-MD5 authentication failed

> Jul 13 00:38:22 [postfix/smtpd] E4309FBF:=20
> client=3Didontcare.pbp.net[66.92.222.34], sasl_method=3DPLAIN,=20
> sasl_username=3Djni...@pbp.net
> Jul 13 00:38:23 [postfix/smtpd] 57973FBF:=20
> client=3Didontcare.pbp.net[66.92.222.34], sasl_method=3DPLAIN,=20
> sasl_username=3Djni...@pbp.net
> Jul 13 00:38:23 [postfix/cleanup] 57973FBF:=20
> message-id=3D<3F110C6D...@pbp.net>
> Jul 13 00:38:23 [postfix/qmgr] 57973FBF: from=3D<jnic...@pbp.net>,=20
> size=3D620, nrcpt=3D1 (queue active)
> Jul 13 00:38:23 [postfix/smtpd] disconnect from=20
> idontcare.pbp.net[66.92.222.34]

--=20
Gru=DF,
Andreas

0 new messages