SMTP authentication with saslauthd

[Angel L. Mateo]

Hi,

I am having problems with postfix and SASL authentication
(cyrus-sasl-1.5.27) by saslauthd.

I run saslauthd with -a pam option to use pam authentication. In
pam.conf (I have solaris 8) I have:

smtp auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
smtp account required /usr/lib/security/$ISA/pam_unix.so.1
smtp session required /usr/lib/security/$ISA/pam_permit.so.1

the same lines I have for other working services, such as pop3,
login,...

The problem I have is that every time I want to authenticate the SMTP
connection, I have an authentication failed error message such as:

Jan 8 11:10:06 zape postfix/smtpd[20848]: [ID 197553 mail.info] <
joshua.fcu.um.es[155.54.7.180]: AUTH PLAIN YW1hdGVvAGFtYXRlbwBwZXBpdG8x
Jan 8 11:10:06 zape postfix/smtpd[20848]: [ID 197553 mail.info]
smtpd_sasl_authenticate: sasl_method PLAIN, init_response
YW1hdGVvAGFtYXRlbwBwZXBpdG8x Jan 8 11:10:06 zape postfix/smtpd[20848]:
[ID 197553 mail.info] smtpd_sasl_authenticate: decoded initial response
amateo Jan 8 11:10:06 zape postfix/smtpd[20848]: [ID 947731
mail.warning] warning: joshua.fcu.um.es[155.54.7.180]: SASL PLAIN
authentication failed Jan 8 11:10:06 zape postfix/smtpd[20848]: [ID
197553 mail.info] > joshua.fcu.um.es[155.54.7.180]: 435 Error:
authentication failed

I pass the correct base64 encoded string to the AUTH PLAIN command. And
I am sure that I am using a valid user/password.

Any idea?

Here is my postconf -n configuration:
alias_database = dbm:/etc/mail/aliases, dbm:/etc/mail/aliases.bol
alias_maps = dbm:/etc/mail/aliases, dbm:/etc/mail/aliases.bol
allow_percent_hack = yes
append_at_myorigin = yes
append_dot_mydomain = yes
biff = no
bounce_size_limit = 10240
broken_sasl_auth_clients = yes
canonical_maps = dbm:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp:[127.0.0.1]:18000
daemon_directory = /usr/lib/postfix
debug_peer_level = 1
default_process_limit = 150
disable_vrfy_command = yes
empty_address_recipient = MAILER-DAEMON
header_size_limit = 1000
home_mailbox = Maildir/
line_length_limit = 1000
local_recipient_maps = $alias_maps unix:passwd.byname
mail_owner = postfix
mailbox_command = /usr/local/bin/maildrop
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains = blackholes.mail-abuse.org
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_exceptions =
message_size_limit = 5242880
mydestination = $myhostname, localhost.$mydomain, $mydomain, fcu.um.es,
cii-murcia.es mydomain = um.es
myhostname = mundico.um.es
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
owner_request_special = no
qmgr_message_active_limit = 40000
qmgr_message_recipient_limit = 40000
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains = um.es
sample_directory = /etc/postfix
sendmail_path = /usr/lib/sendmail
setgid_group = maildrop
smtpd_banner = $myhostname NO UCE ESMTP
smtpd_client_restrictions = check_client_access
dbm:/etc/postfix/client_access, reject_unauth_pipelining,
reject_unknown_hostname reject_maps_rbl
smtpd_delay_reject = no
smtpd_enforce_tls = no
smtpd_etrn_restrictions = check_etrn_access dbm:/etc/postfix/etrn_access
smtpd_helo_required = yes
smtpd_recipient_restrictions = check_recipient_access
pcre:/etc/postfix/recipient_access,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
permit_sasl_authenticated, check_relay_domains
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = check_sender_access
pcre:/etc/postfix/sender_access,
reject_unknown_sender_domain, reject_non_fqdn_sender
smtpd_tls_CAfile = /usr/local/ssl/certs/ca.crt
smtpd_tls_cert_file = /usr/local/ssl/certs/cert.pem
smtpd_tls_key_file = /usr/local/ssl/certs/privada.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = dbm:/etc/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
soft_bounce = yes
swap_bangpath = yes
tls_random_exchange_name = /etc/postfix/prng_exch
transport_maps = dbm:/etc/postfix/transport

--
Angel L. Mateo Martínez
Sección de Redes y Comunicaciones
Area de Tecnologías de la Información _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 968367590
Fax: 968363389

[Angel L. Mateo]

I have just solved the problem. It was a silly problem :-( I have
/var/run/saslauthd with wrong permissions, so user postfix can't use the
saslauth socket.