problems using LOGIN with sendmail, mysql, auxprop

From: Caspar Clemens Mierau (ccm at damokles dot de)
Date: Sun Nov 14 2004 - 08:37:07 EST

  • Next message: Caspar Clemens Mierau: "problems using LOGIN with sendmail, mysql, auxprop"

    Hello all,

    I'm in trouble setting up SASL2 with Sendmail and MySQL to auth against
    LOGIN.

    Sendmails works fine together with sasl2, auxprop and mysql when clients
    like mozilla or opera mail use cram-md5. login is not accepted, though it is
    enabled and trusted in sendmail as seen here:

    Nov 14 14:21:05 chaos sm-mta[742]: AUTH: available mech=PLAIN LOGIN GSSAPI
    DIGEST-MD5 CRAM-MD5 ANONYMOUS, allowed mech=EXTERNAL LOGIN PLAIN DIGEST-MD5
    CRAM-MD5 GSSAPI KERBEROS_V4

    but when trying LOGIN i get the following error:

    Nov 14 14:27:48 chaos sm-mta[2752]: iAEDRlSP002752: AUTH failure (LOGIN):
    authentication failure (-13) SASL(-13): authentication failure: checkpass
    failed

    the corresponding sql queries are correct (only return the password in plain
    text).

    I hope you have any hints,

    thanks in advance - configuration follows:

    ###system setup:

    OpenBSD 3.6
    cyrus-sasl-2.1.19-sql
    Sendmail 8.13.0
    mysql-server-4.0.20

    ###sendmail.mc:
    (Tried with "define(`confAUTH_OPTIONS', `A')dnl" and without it.)
    --------snip---------
    divert(0)dnl
    VERSIONID(`@(#)openbsd-auth.mc $Revision: 1.6 $')
    OSTYPE(openbsd)
    FEATURE(nouucp, `reject')
    FEATURE(`no_default_msa')
    FEATURE(`accept_unresolvable_domains')
    FEATURE(`accept_unqualified_senders')
    FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')
    DOMAIN(gangway.de)dnl
    FEATURE(`virtusertable', `hash /etc/mail/virtusertable')dnl
    define(`confLOG_LEVEL',`100')
    define(`CERT_DIR', `/etc/mail/certs')dnl
    define(`confCACERT_PATH', `CERT_DIR')dnl
    define(`confCACERT', `CERT_DIR/cacert.pem')dnl
    define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl
    define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl
    define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl
    define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl
    MAILER(local)
    MAILER(smtp)
    define(`confAUTH_OPTIONS', `A')dnl
    TRUST_AUTH_MECH(`EXTERNAL LOGIN PLAIN DIGEST-MD5 CRAM-MD5 GSSAPI
    KERBEROS_V4')dnl
    define(`confAUTH_MECHANISMS',`EXTERNAL LOGIN PLAIN DIGEST-MD5 CRAM-MD5
    GSSAPI KERBEROS_V4')dnl
    define(`confDEF_AUTH_INFO', `/etc/mail/auth/auth-info')dnl
    DAEMON_OPTIONS(`Family=inet, address=0.0.0.0, Name=MTA')dnl
    CLIENT_OPTIONS(`Family=inet, Address=0.0.0.0')dnl
    INPUT_MAIL_FILTER(`avmilter',`S=inet:3333 at localhost,F=T,T=S:10m;R:10m;E:5m')
    dnl
    dnl Some broken nameservers will return SERVFAIL (a temporary failure)
    dnl on T_AAAA (IPv6) lookups.
    define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl
    dnl
    dnl Enforce valid Message-Id to help stop spammers
    dnl
    LOCAL_RULESETS
    HMessage-Id: $>CheckMessageId

    SCheckMessageId
    R< $+ @ $+ > $@ OK
    R$* $#error $: 553 Header Error
    --------snap---------

    ###Sendmail.conf:
    (Tried with setting mechs manually and without)
    --------snip---------
    pwcheck_method: auxprop
    auxprop_plugin: sql
    sql_engine: mysql
    sql_hostnames: localhost
    sql_user: <USER>
    sql_passwd: <PASSWORD>
    sql_database: mail
    sql_select: SELECT userPassword FROM users WHERE user = '%u' AND realm =
    '%r' AND valid = '1'
    --------snap---------

    ###cyrus sasl libs
    --------snip---------
    libanonymous.a
    libanonymous.la
    libanonymous.so.2.19
    libcrammd5.a
    libcrammd5.la
    libcrammd5.so.2.19
    libdigestmd5.a
    libdigestmd5.la
    libdigestmd5.so.2.19
    libgssapiv2.a
    libgssapiv2.la
    libgssapiv2.so.2.19
    liblogin.a
    liblogin.la
    liblogin.so.2.19
    libotp.a
    libotp.la
    libotp.so.2.19
    libplain.a
    libplain.la
    libplain.so.2.19
    libsasldb.a
    libsasldb.la
    libsasldb.so.2.19
    libsql.a
    libsql.la
    libsql.so.2.19
    --------snap---------


  • Next message: Caspar Clemens Mierau: "problems using LOGIN with sendmail, mysql, auxprop"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD