Cannot login to postfix with SMTP after update to 3.4.13

diestel@xxxxxxxxx · Thu, 7 Oct 2021 11:06:38 -0400

Hello,

after updating a bit older system to recent postfix 3.4.13 I cannot login via SMTP LOGIN method anymore (PLAIN does not work either). I use accounts setup in sasldb2 so far. Trying to track down the problem I added a test account, which is recognised:

# postconf mydomain
mydomain = stratoserver.net

# testsaslauthd -u test -p test -r stratoserver.net
0: OK "Success."

But logging in to postfix via a client is denied. It may relate to the domain/realm but after three days of trying to track down the problem I run out of ideas what else I could try. Any hint would be appretiated.
$ curl -u 'test@xxxxxxxxxxxxxxxx:test' smtp://localhost:25 -tls
curl: (67) Login denied

# tail  /var/log/mail.log
Oct  7 16:52:48 h9999999 postfix/postfix-script[73491]: refreshing the Postfix mail system
Oct  7 16:52:50 h9999999 postfix/master[73093]: reload -- version 3.4.13, configuration /etc/postfix
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: connect from localhost[::1]
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: smtp_stream_setup: maxtime=300 enable_deadline=0
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: match_hostname: smtpd_client_event_limit_exceptions: localhost ~? 127.0.0.0/8
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: match_hostaddr: smtpd_client_event_limit_exceptions: ::1 ~? 127.0.0.0/8
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: match_hostname: smtpd_client_event_limit_exceptions: localhost ~? [::ffff:127.0.0.0]/104
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: match_hostaddr: smtpd_client_event_limit_exceptions: ::1 ~? [::ffff:127.0.0.0]/104
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: match_hostname: smtpd_client_event_limit_exceptions: localhost ~? [::1]/128
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: match_hostaddr: smtpd_client_event_limit_exceptions: ::1 ~? [::1]/128
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: > localhost[::1]: 220 h9999999.stratoserver.net ESMTP Postfix (Ubuntu)
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: xsasl_cyrus_server_create: SASL service=smtp, realm=(null)
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: name_mask: noanonymous
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: watchdog_pat: 0x56194c3b58a0
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: vstream_fflush_some: fd 19 flush 54
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: vstream_buf_get_ready: fd 19 got 15
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: < localhost[::1]: EHLO h9999999
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: match_list_match: localhost: no match
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: match_list_match: ::1: no match
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: > localhost[::1]: 250-h9999999.stratoserver.net
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: > localhost[::1]: 250-PIPELINING
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: > localhost[::1]: 250-SIZE 10240000
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: > localhost[::1]: 250-VRFY
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: > localhost[::1]: 250-ETRN
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: > localhost[::1]: 250-STARTTLS
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: > localhost[::1]: 250-AUTH LOGIN
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: > localhost[::1]: 250-ENHANCEDSTATUSCODES
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: > localhost[::1]: 250-8BITMIME
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: > localhost[::1]: 250-DSN
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: > localhost[::1]: 250-SMTPUTF8
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: > localhost[::1]: 250 CHUNKING
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: watchdog_pat: 0x56194c3b58a0
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: vstream_fflush_some: fd 19 flush 192
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: vstream_buf_get_ready: fd 19 got 12
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: < localhost[::1]: AUTH LOGIN
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: xsasl_cyrus_server_first: sasl_method LOGIN
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: xsasl_cyrus_server_auth_response: uncoded server challenge: Username:
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: > localhost[::1]: 334 VXNlcm5hbWU6
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: vstream_fflush_some: fd 19 flush 18
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: vstream_buf_get_ready: fd 19 got 30
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: < localhost[::1]: dGVzdEBzdHJhdG9zZXJ2ZXIubmV0
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: xsasl_cyrus_server_next: decoded response: test@xxxxxxxxxxxxxxxx
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: xsasl_cyrus_server_auth_response: uncoded server challenge: Password:
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: > localhost[::1]: 334 UGFzc3dvcmQ6
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: vstream_fflush_some: fd 19 flush 18
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: vstream_buf_get_ready: fd 19 got 10
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: < localhost[::1]: dGVzdA==
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: xsasl_cyrus_server_next: decoded response: test
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: warning: localhost[::1]: SASL LOGIN authentication failed: authentication failure
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: > localhost[::1]: 535 5.7.8 Error: authentication failed: authentication failure
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: watchdog_pat: 0x56194c3b58a0
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: vstream_fflush_some: fd 19 flush 64
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: smtp_get: EOF
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: match_hostname: smtpd_client_event_limit_exceptions: localhost ~? 127.0.0.0/8
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: match_hostaddr: smtpd_client_event_limit_exceptions: ::1 ~? 127.0.0.0/8
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: match_hostname: smtpd_client_event_limit_exceptions: localhost ~? [::ffff:127.0.0.0]/104
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: match_hostaddr: smtpd_client_event_limit_exceptions: ::1 ~? [::ffff:127.0.0.0]/104
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: match_hostname: smtpd_client_event_limit_exceptions: localhost ~? [::1]/128
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: match_hostaddr: smtpd_client_event_limit_exceptions: ::1 ~? [::1]/128
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: lost connection after AUTH from localhost[::1]
Oct  7 16:52:52 h9999999 postfix/smtpd[73500]: disconnect from localhost[::1] ehlo=1 auth=0/1 commands=1/2

I think it looks good till "decoded response: test", but then I get "SASL LOGIN authentication failed: authentication failure". Increasing log_level did not provide more details on the reason. any idea?

Adding saslfinger -s output:

# saslfinger -s
saslfinger - postfix Cyrus sasl configuration Do 7. Okt 17:00:43 CEST 2021
version: 1.0.4
mode: server-side SMTP AUTH

-- basics --
Postfix: 3.4.13
System: Ubuntu 20.04.3 LTS \n \l

-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007f46f2382000)

-- active SMTP AUTH and TLS parameters for smtpd --
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may

-- listing of /usr/lib/sasl2 --
total 24
drwxr-xr-x  2 root  root  4096 Okt  6 19:15 .
drwxr-xr-x 56 root  root  4096 Okt  7 15:00 ..
-rw-r--r--  1 root  root     4 Sep 30 21:03 berkeley_db.active
-rw-r--r--  1 root  root     4 Dez 26  2019 berkeley_db.txt
-rw-r-----  1 root  root   740 Okt  6 19:14 saslpasswd.conf
-rw-r-----  1 smmta smmsp  885 Sep 30 21:04 Sendmail.conf

-- listing of /etc/sasl2 --
total 12
drwxr-xr-x   2 root root 4096 Okt  4 19:40 .
drwxr-xr-x 104 root root 4096 Okt  7 15:00 ..
-rw-r--r--   1 root root  177 Okt  7 16:39 smtpd.conf

-- listing of /etc/postfix/sasl --
total 12
drwxr-xr-x 2 root root 4096 Okt  7 16:39 .
drwxr-xr-x 5 root root 4096 Okt  7 16:43 ..
-rw-r--r-- 1 root root  177 Okt  7 16:39 smtpd.conf

-- content of /etc/sasl2/smtpd.conf --
pwcheck_method: auxprop
#pwcheck_method: saslauthd
auxprop_plugin: sasldb
#mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
#mech_list: PLAIN LOGIN
mech_list: LOGIN
log_level: 7

-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: auxprop
#pwcheck_method: saslauthd
auxprop_plugin: sasldb
#mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
#mech_list: PLAIN LOGIN
mech_list: LOGIN
log_level: 7

-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: auxprop
#pwcheck_method: saslauthd
auxprop_plugin: sasldb
#mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
#mech_list: PLAIN LOGIN
mech_list: LOGIN
log_level: 7

-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
smtp      inet  n       -       y       -       -       smtpd
submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
        -o syslog_name=postfix/$service_name
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe

  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix	-	n	n	-	2	pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

-- mechanisms on localhost --
250-AUTH LOGIN

-- end of saslfinger output --

Cyrus
  / SASL / see
discussions
  +
participants
  +
delivery options
Permalink