# FreeBSD 8 / Postfix / SASL / authdaemond issue



## Steije (Dec 2, 2009)

I'm experiencing the exact same issue as in:

http://lists.freebsd.org/pipermail/freebsd-questions/2009-December/208792.html

Appearantly Wietse Venema (Postfix) has built a patch (which I can't find) for fixing this problem, is there anybody here with a solution?


----------



## crsd (Dec 2, 2009)

Can you elaborate on what the issue really is?


----------



## Steije (Dec 4, 2009)

I've configured a Postfix/Courier/Authdaemond/SASL setup. SASL is configured to use Courier's authdaemond. The authdaemond works since I am able to log in to a POP or IMAP account (provided by Courier).

SASL however won't accept credentials (of which I'm sure they work) and gives me the following error:


```
Dec  2 18:00:09 mailtest postfix/smtpd[58028]: warning: x.x.x.x[x.x.x.x]: SASL PLAIN authentication failed: generic failure
Dec  2 18:00:09 mailtest postfix/smtpd[58028]: warning: SASL authentication failure: could not verify password
```

I've tried everything from increasing debug levels, use the postfix-devel port, reinstalling cyrus-sasl2, fixed chmod and ownership for authdaemond socket, etc... 

What makes this extra weird is that I have an exact copy of this setup in 7.2-RELEASE, which works like a charm... Any ideas?


----------



## lostlogic (Dec 8, 2009)

Me too. Nothing really to add to the original report, but this appears to be fairly widespread.


----------



## lostlogic (Dec 8, 2009)

Oops, I'm a 'tard.  At least for me, the answer was installing cyrus-sasl-saslauthd and setting saslauthd_enable="YES" in my /etc/rc.donf and running /usr/local/etc/rc.d/saslauthd start.


----------



## lostlogic (Dec 8, 2009)

Well that only worked for me because I had both saslauthd and authdaemond configured in my smtpd.conf.  So the authdaemond issue still remains.


----------



## lostlogic (Dec 8, 2009)

```
Dec  8 15:09:55 erudite authdaemond: Authenticated: sysusername=lostlogic, sysuserid=<null>, sysgroupid=1001, homedir=/home/lostlogic, 
address=lostlogic, fullname=***********, maildir=<null>, quota=<null>, options=<null>
Dec  8 15:09:55 erudite postfix/smtpd[19745]: warning: SASL authentication failure: could not verify password
Dec  8 15:09:55 erudite postfix/smtpd[19745]: warning: 173-128-18-71.pools.spcsdns.net[173.128.18.71]: SASL LOGIN authentication failed: generic 
failure
```

More information!


----------



## xwwu (Dec 9, 2009)

My mail server has same problem also. I hope some one who can speak English well to submit this issue to FreeBSD team.


----------



## lostlogic (Dec 9, 2009)

I've submitted a PR, will update here if I hear anything.


----------



## lostlogic (Dec 9, 2009)

http://www.freebsd.org/cgi/query-pr.cgi?pr=141308

That link doesn't seem to be valid yet, but it should be eventually.

Ironically, I think that FreeBSD.org's email server might be having issues of some sort itself.  


```
Dec  8 17:35:38 erudite postfix/smtp[23154]: 28C9127BC2: to=<freebsd-security-request@freebsd.org>, 
relay=mx1.freebsd.org[69.147.83.52]:25, delay=0.39, delays=0.02/0/0.19/0.18, dsn=4.7.1, status=deferred (host mx1.freebsd.org[69.147.83.52] 
said: 450 4.7.1 <freebsd-security-request@freebsd.org>: Recipient address rejected: Service is unavailable (in reply to RCPT TO command))
```


----------



## DutchDaemon (Dec 9, 2009)

That is called 'greylisting'.


----------



## lostlogic (Dec 11, 2009)

hah, I guess I'm not used to being greylisted.


----------



## xwwu (Dec 14, 2009)

Several day passed away. Still no any method to fix it.


----------



## xwwu (Dec 21, 2009)

still no people tell us how to fix it?


----------



## sputnik (Jan 17, 2010)

Same here. Still no news?


----------



## sk-netvor-johnny (Jan 25, 2010)

lib/checkpw.c:484 in security/cyrus-sasl2 is a culprit here.

after upgrading to 8.0, both read and error fds are set when calling select in read_wait function. maybe i'm a bad coder, but i believe that after having read bit set, you can safely read something out of socket...

so i've coined a small hack to fix this issue (at least for now)

http://netvor.sk/~johnny/hacks/cyrus-sasl-2.1.23/lib:checkpw.c.diff


----------



## xwwu (Jan 28, 2010)

sk-netvor-johnny said:
			
		

> lib/checkpw.c:484 in security/cyrus-sasl2 is a culprit here.
> 
> after upgrading to 8.0, both read and error fds are set when calling select in read_wait function. maybe i'm a bad coder, but i believe that after having read bit set, you can safely read something out of socket...
> 
> ...



Many thanks for your good job. I have patched your diff. But my mail server just worked once. And then no work and no error message. 

But when I try to send a blank mail, No mail can be received, and
 if tail -f /var/log/maillog

```
tail -f /var/log/maillog
Jan 28 09:41:49 xxx amavis[1124]: (01124-07) Passed CLEAN, MYNETS LOCAL [127.0.0.1] [127.0.0.1] <xxx@xxx.xxx.xxx.xxx> -> 
<xxx@xxx.xxx.xxx.xxx>, Message-ID: <8af8b61a0892620b31f16383a562b9aa.squirrel@192.168.1.6>, mail_id: yLjAejxkSMpF, Hits: 3.714, size: 726, 
queued_as: 9745A2DE86, 22434 ms
Jan 28 09:41:49 xxx postfix/virtual[6984]: 9745A2DE86: to=<xxx@xxx.xxx.xxx.xxx>, relay=virtual, delay=0.06, delays=0.01/0.02/0/0.03, 
dsn=5.2.2, status=bounced (maildir delivery failed: Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.)
Jan 28 09:41:49 xxx postfix/smtp[6974]: 19C3D2DE1B: to=<xxx@xxx.xxx.xxx.xxx>, relay=127.0.0.1[127.0.0.1]:10024, delay=23, delays=0.13/0.02
/0.01/22, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 9745A2DE86)
Jan 28 09:41:49 xxx postfix/qmgr[961]: 19C3D2DE1B: removed
Jan 28 09:41:49 xxx postfix/cleanup[6972]: A60F12DE96: message-id=<20100128014149.A60F12DE96@asus.concord.bj.cn>
Jan 28 09:41:49 xxx postfix/bounce[6985]: 9745A2DE86: sender non-delivery notification: A60F12DE96
Jan 28 09:41:49 xxx postfix/qmgr[961]: A60F12DE96: from=<>, size=3581, nrcpt=1 (queue active)
Jan 28 09:41:49 xxx postfix/qmgr[961]: 9745A2DE86: removed
Jan 28 09:41:49 xxx postfix/virtual[6984]: A60F12DE96: to=<xxx@xxx.xxx.xxx.xxx>, relay=virtual, delay=0.02, delays=0.01/0/0/0.01, dsn=5.2.2, 
status=bounced (maildir delivery failed: Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.)
Jan 28 09:41:49 xxx postfix/qmgr[961]: A60F12DE96: removed
```

What's "overdrawn his diskspace"?

Why?

Need you help.

Thanks again

*problem solved by re-establish mailbox.*


----------



## AM (Jan 28, 2010)

Patch works fine.

I don't have any problems with this patch. Everything works fine.


----------



## sputnik (Mar 29, 2010)

Rocks. This is awesome. Great job, thank you!


----------



## jeppebundsgaard (Apr 19, 2010)

*Thanks!*

What should we do without the nerds  Thanks!

For semi-nerds like myself who just learned how to patch: 
click on the file lib:checkpw.c.diff and copy the contents
make a new file in /usr/ports/security/cyrus-sasl2/files with the filename: "patch-lib::checkpw.c" (which means that the file patches the file in work/lib/checkpw.c)
(I use [CMD=""]edit patch-lib::checkpw.c[/CMD] - which creates the file as an empty file)

and copy the contents of lib:checkpw.c.diff into it (CTRL+SHIFT+V) and save.

then:


```
cd /usr/ports/security/cyrus-sasl2/ 
make deinstall 
make reinstall
```


----------



## snesreviews (Dec 9, 2010)

First time playing with postfix / sasl / authdaemond so I naturally spent hours looking for my fat fingering. Last thing I expected was a bug but it sorted the issues! Thanks!


----------

