【已解決】SASL LOGIN authentication failed: authentication failure
我使用sasl驗證smtp用戶。但是失敗了。日誌如下。
Feb 26 18:47:33 centos5postfix postfix/smtpd: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Feb 26 18:47:33 centos5postfix postfix/smtpd: connect from unknown
Feb 26 18:47:36 centos5postfix postfix/smtpd: warning: unknown: SASL LOGIN authentication failed: authentication failure
Feb 26 18:47:36 centos5postfix postfix/smtpd: lost connection after AUTH from unknown
Feb 26 18:47:36 centos5postfix postfix/smtpd: disconnect from unknown
Feb 26 18:47:48 centos5postfix postfix/smtpd: connect from unknown
Feb 26 18:47:50 centos5postfix postfix/smtpd: warning: unknown: SASL LOGIN authentication failed: authentication failure
Feb 26 18:47:50 centos5postfix postfix/smtpd: lost connection after AUTH from unknown
Feb 26 18:47:50 centos5postfix postfix/smtpd: disconnect from unknown
通過以下的命令,我可以認為我的sasl是沒問題的。
# testsaslauthd -s smtp -u chen@centos5postfix.orlab-dev.jp -p 123456789
0: OK "Success."
# testsaslauthd -s smtp -u chen@centos5postfix.orlab-dev.jp -p 1234567890
0: NO "authentication failed"
#
我的main.cf相關設定:
#====================SASL========================
smtpd_sasl_auth_enable = yes
smtpd_sasl_application_name=smtp
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
謝謝。
[ 本帖最後由 ncowboy 於 2009-2-27 10:11 編輯 ]
《解決方案》
# cat /etc/sysconfig/saslauthd |grep FLAGS
FLAGS="-r"
#
http://www.wains.be/index.php/2006/11/15/centosrhel-postfix-smtp-auth/
===
Edit 15 dec 2006 :
IMPORTANT NOTICE FOR RHEL/CENTOS 4 USERS
I』m currently installing a mail server under CentOS 4.4 while this guide describes the CentOS 3 way
I thought it did not matter but there』s a small difference with saslauthd..
Under CentOS 4.x you need to add the following line in /etc/sysconfig/saslauthd :
FLAGS="-r"
Without the -r flag, saslauthd would query the MySQL database this way :
25 Query SELECT password FROM mailbox WHERE username = 'admin'
Obviously, the whole email address is stored in the database, with the -r flag, it will query correctly :
26 Query SELECT password FROM mailbox WHERE username = 'admin@example.org'
The man page for saslauthd mentions the -r flag under CentOS 4 only..
-r Combine the realm with the login (with an 』@』 sign in between). e.g. login: 「foo」 realm: 「bar」 will get passed as login: 「foo@bar」. Note that the realm will still be passed, which may lead to unexpected behavior.
===