Discussion:
unknown password verifier
(too old to reply)
Stephanie Fuller
2020-06-25 17:11:55 UTC
Permalink
I am trying to use sasl authentication with my postfix.

This is my /etc/sasl2/smtpd.conf

cat /etc/sasl2/smtpd.conf
#server uses PAM & local login/passwd
# client uses login:PW in sasl_passwd
#this works and authenticates & relays email
#pwcheck_method: saslauthd
#mech_list: plain login

# server uses /etc/sasldb database
# client uses ***@FQDN:PW in sasl_passwd
#this also works, relays email
#pwcheck_method: auxprop
#auxprop_plugin: sasldb
#mech_list: plain login

#uses local sqlite DB
#this does not work, login or ***@FQDN & PW in sasl_passwd
pwcheck_method: auxprop
auxprop_plugin: sql
sql_hostnames: localhost
mech_list: plain login cram-md5 digest-md5
#mech_list: plain login
sql_engine:path/to/mydatabase.db
sql_select: SELECT password FROM users WHERE user = '%u@%r'

When I use the 3rd configuration, I get these errors:

warning: SASL authentication problem: unknown password verifier(s) auxprop
warning: SASL authentication failure: Password verification failed
warning: smtpauth.weber.edu[137.190.1.5]: SASL PLAIN authentication failed: no mechanism available

I have read about past users with this problem, but the solutions for them I have already applied.

Am I missing some libraries or packages linking postfix-sasl-sqlite3?

This is my saslfinger output:

saslfinger - postfix Cyrus sasl configuration Thu Jun 25 11:05:05 MDT 2020
version: 1.0.2
mode: server-side SMTP AUTH

-- basics --
Postfix: 3.5.2
System: Red Hat Enterprise Linux Server release 7.8 (Maipo)

-- smtpd is linked to --
libsasl2.so.3 => /lib64/libsasl2.so.3 (0x00007f3d6f5a9000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /path/filename.cert.cer
smtpd_tls_key_file = /path/filename.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_use_tls = yes


-- listing of /usr/lib64/sasl2 --
total 768
drwxr-xr-x. 2 root root 4096 May 6 09:43 .
dr-xr-xr-x. 52 root root 36864 Jun 16 09:56 ..
-rwxr-xr-x 1 root root 20064 Jan 31 2018 libanonymous.so
-rwxr-xr-x 1 root root 20064 Jan 31 2018 libanonymous.so.3
-rwxr-xr-x 1 root root 20064 Jan 31 2018 libanonymous.so.3.0.0
-rwxr-xr-x 1 root root 24232 Jan 31 2018 libcrammd5.so
-rwxr-xr-x 1 root root 24232 Jan 31 2018 libcrammd5.so.3
-rwxr-xr-x 1 root root 24232 Jan 31 2018 libcrammd5.so.3.0.0
-rwxr-xr-x 1 root root 57960 Jan 31 2018 libdigestmd5.so
-rwxr-xr-x 1 root root 57960 Jan 31 2018 libdigestmd5.so.3
-rwxr-xr-x 1 root root 57960 Jan 31 2018 libdigestmd5.so.3.0.0
-rwxr-xr-x 1 root root 37048 Jan 31 2018 libgssapiv2.so
-rwxr-xr-x 1 root root 37048 Jan 31 2018 libgssapiv2.so.3
-rwxr-xr-x 1 root root 37048 Jan 31 2018 libgssapiv2.so.3.0.0
-rwxr-xr-x 1 root root 24256 Apr 10 2018 libldapdb.so
-rwxr-xr-x 1 root root 24256 Apr 10 2018 libldapdb.so.3
-rwxr-xr-x 1 root root 24256 Apr 10 2018 libldapdb.so.3.0.0
-rwxr-xr-x 1 root root 20056 Jan 31 2018 liblogin.so
-rwxr-xr-x 1 root root 20056 Jan 31 2018 liblogin.so.3
-rwxr-xr-x 1 root root 20056 Jan 31 2018 liblogin.so.3.0.0
-rwxr-xr-x 1 root root 20088 Jan 31 2018 libplain.so
-rwxr-xr-x 1 root root 20088 Jan 31 2018 libplain.so.3
-rwxr-xr-x 1 root root 20088 Jan 31 2018 libplain.so.3.0.0
-rwxr-xr-x 1 root root 28272 Jan 31 2018 libsasldb.so
-rwxr-xr-x 1 root root 28272 Jan 31 2018 libsasldb.so.3
-rwxr-xr-x 1 root root 28272 Jan 31 2018 libsasldb.so.3.0.0

-- listing of /usr/lib/sasl2 --
total 16
drwxr-xr-x 2 root root 23 Jun 18 13:57 .
dr-xr-xr-x. 49 root root 8192 Jun 16 10:50 ..
-rw-r----- 1 root root 651 Jun 25 09:47 smtpd.conf

-- listing of /usr/local/lib/sasl2 --
total 4
drwxr-xr-x 2 root root 23 Jun 18 13:58 .
drwxr-xr-x. 3 root root 18 May 28 16:48 ..
-rw-r----- 1 root root 651 Jun 25 09:47 smtpd.conf

-- listing of /etc/sasl2 --
total 24
drwxr-xr-x. 2 root root 74 Jun 25 09:47 .
drwxr-xr-x. 95 root root 8192 Jun 24 12:12 ..
-rw-r----- 1 root root 651 Jun 25 09:47 smtpd.conf
-rw-r----- 1 root root 610 Jun 19 11:42 smtpd.conf.original
-rw-r----- 1 root root 50 Jun 15 14:18 smtpd.conf.rpmsave




-- content of /usr/lib/sasl2/smtpd.conf --
#server uses PAM & local login/passwd
# client uses pflogin:PW in sasl_passwd
#pwcheck_method: saslauthd
#mech_list: plain login

# server uses /etc/sasldb database
# client uses ***@FQDN:PW in sasl_passwd
#pwcheck_method: auxprop
#auxprop_plugin: sasldb
#mech_list: plain login

#uses local sqlite DB
# client uses pflogin or ***@FQDN & PW in sasl_passwd
#pwcheck_method: saslauthd
pwcheck_method: auxprop
auxprop_plugin: sql
sql_hostnames: localhost
mech_list: plain login cram-md5 digest-md5
#mech_list: plain login
sql_engine: sqlite3
sql_data: /path/to/mydatabaseh.db
sql_select: SELECT password FROM users WHERE user = '%u@%r'


-- content of /usr/local/lib/sasl2/smtpd.conf --
#server uses PAM & local login/passwd
# client uses pflogin:PW in sasl_passwd
#pwcheck_method: saslauthd
#mech_list: plain login

# server uses /etc/sasldb database
# client uses ***@FQDN:PW in sasl_passwd
#pwcheck_method: auxprop
#auxprop_plugin: sasldb
#mech_list: plain login

#uses local sqlite DB
# client uses pflogin or ***@FQDN & PW in sasl_passwd
#pwcheck_method: saslauthd
pwcheck_method: auxprop
auxprop_plugin: sql
sql_hostnames: localhost
mech_list: plain login cram-md5 digest-md5
#mech_list: plain login
sql_engine: sqlite3
sql_data: /path/to/mydatabaseh.db
sql_select: SELECT password FROM users WHERE user = '%u@%r'

-- content of /etc/sasl2/smtpd.conf --
#server uses PAM & local login/passwd
# client uses pflogin:PW in sasl_passwd
#pwcheck_method: saslauthd
#mech_list: plain login

# server uses /etc/sasldb database
# client uses ***@FQDN:PW in sasl_passwd
#pwcheck_method: auxprop
#auxprop_plugin: sasldb
#mech_list: plain login

#uses local sqlite DB
# client uses pflogin or ***@FQDN & PW in sasl_passwd
#pwcheck_method: saslauthd
pwcheck_method: auxprop
auxprop_plugin: sql
sql_hostnames: localhost
mech_list: plain login cram-md5 digest-md5
#mech_list: plain login
sql_engine: sqlite3
sql_data: /path/to/mydatabaseh.db
sql_select: SELECT password FROM users WHERE user = '%u@%r'



-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
smtp inet n - n - - smtpd -v
submission inet n - n - - smtpd -v
-o syslog_name=postfix/submission
smtps inet n - n - - smtpd -v
-o syslog_name=postfix/smtps
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o syslog_name=postfix/$service_name
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd

-- mechanisms on localhost --

-- end of saslfinger output --


If anyone knows anything about using sqlite3 for sasl authentication, I would love your advice.
Stephanie
Stephanie Fuller
2020-06-25 17:24:28 UTC
Permalink
Post by Stephanie Fuller
I am trying to use sasl authentication with my postfix.
This is my /etc/sasl2/smtpd.conf
cat /etc/sasl2/smtpd.conf
#server uses PAM & local login/passwd
# client uses login:PW in sasl_passwd
#this works and authenticates & relays email
#pwcheck_method: saslauthd
#mech_list: plain login
# server uses /etc/sasldb database
#this also works, relays email
#pwcheck_method: auxprop
#auxprop_plugin: sasldb
#mech_list: plain login
#uses local sqlite DB
pwcheck_method: auxprop
auxprop_plugin: sql
sql_hostnames: localhost
mech_list: plain login cram-md5 digest-md5
#mech_list: plain login
sql_engine:path/to/mydatabase.db
warning: SASL authentication problem: unknown password verifier(s) auxprop
warning: SASL authentication failure: Password verification failed
warning: smtpauth.weber.edu[137.190.1.5]: SASL PLAIN authentication failed: no mechanism available
I have read about past users with this problem, but the solutions for them I have already applied.
Am I missing some libraries or packages linking postfix-sasl-sqlite3?
saslfinger - postfix Cyrus sasl configuration Thu Jun 25 11:05:05 MDT 2020
version: 1.0.2
mode: server-side SMTP AUTH
-- basics --
Postfix: 3.5.2
System: Red Hat Enterprise Linux Server release 7.8 (Maipo)
-- smtpd is linked to --
libsasl2.so.3 => /lib64/libsasl2.so.3 (0x00007f3d6f5a9000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /path/filename.cert.cer
smtpd_tls_key_file = /path/filename.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_use_tls = yes
-- listing of /usr/lib64/sasl2 --
total 768
drwxr-xr-x. 2 root root 4096 May 6 09:43 .
dr-xr-xr-x. 52 root root 36864 Jun 16 09:56 ..
-rwxr-xr-x 1 root root 20064 Jan 31 2018 libanonymous.so
-rwxr-xr-x 1 root root 20064 Jan 31 2018 libanonymous.so.3
-rwxr-xr-x 1 root root 20064 Jan 31 2018 libanonymous.so.3.0.0
-rwxr-xr-x 1 root root 24232 Jan 31 2018 libcrammd5.so
-rwxr-xr-x 1 root root 24232 Jan 31 2018 libcrammd5.so.3
-rwxr-xr-x 1 root root 24232 Jan 31 2018 libcrammd5.so.3.0.0
-rwxr-xr-x 1 root root 57960 Jan 31 2018 libdigestmd5.so
-rwxr-xr-x 1 root root 57960 Jan 31 2018 libdigestmd5.so.3
-rwxr-xr-x 1 root root 57960 Jan 31 2018 libdigestmd5.so.3.0.0
-rwxr-xr-x 1 root root 37048 Jan 31 2018 libgssapiv2.so
-rwxr-xr-x 1 root root 37048 Jan 31 2018 libgssapiv2.so.3
-rwxr-xr-x 1 root root 37048 Jan 31 2018 libgssapiv2.so.3.0.0
-rwxr-xr-x 1 root root 24256 Apr 10 2018 libldapdb.so
-rwxr-xr-x 1 root root 24256 Apr 10 2018 libldapdb.so.3
-rwxr-xr-x 1 root root 24256 Apr 10 2018 libldapdb.so.3.0.0
-rwxr-xr-x 1 root root 20056 Jan 31 2018 liblogin.so
-rwxr-xr-x 1 root root 20056 Jan 31 2018 liblogin.so.3
-rwxr-xr-x 1 root root 20056 Jan 31 2018 liblogin.so.3.0.0
-rwxr-xr-x 1 root root 20088 Jan 31 2018 libplain.so
-rwxr-xr-x 1 root root 20088 Jan 31 2018 libplain.so.3
-rwxr-xr-x 1 root root 20088 Jan 31 2018 libplain.so.3.0.0
-rwxr-xr-x 1 root root 28272 Jan 31 2018 libsasldb.so
-rwxr-xr-x 1 root root 28272 Jan 31 2018 libsasldb.so.3
-rwxr-xr-x 1 root root 28272 Jan 31 2018 libsasldb.so.3.0.0
-- listing of /usr/lib/sasl2 --
total 16
drwxr-xr-x 2 root root 23 Jun 18 13:57 .
dr-xr-xr-x. 49 root root 8192 Jun 16 10:50 ..
-rw-r----- 1 root root 651 Jun 25 09:47 smtpd.conf
-- listing of /usr/local/lib/sasl2 --
total 4
drwxr-xr-x 2 root root 23 Jun 18 13:58 .
drwxr-xr-x. 3 root root 18 May 28 16:48 ..
-rw-r----- 1 root root 651 Jun 25 09:47 smtpd.conf
-- listing of /etc/sasl2 --
total 24
drwxr-xr-x. 2 root root 74 Jun 25 09:47 .
drwxr-xr-x. 95 root root 8192 Jun 24 12:12 ..
-rw-r----- 1 root root 651 Jun 25 09:47 smtpd.conf
-rw-r----- 1 root root 610 Jun 19 11:42 smtpd.conf.original
-rw-r----- 1 root root 50 Jun 15 14:18 smtpd.conf.rpmsave
-- content of /usr/lib/sasl2/smtpd.conf --
#server uses PAM & local login/passwd
# client uses pflogin:PW in sasl_passwd
#pwcheck_method: saslauthd
#mech_list: plain login
# server uses /etc/sasldb database
#pwcheck_method: auxprop
#auxprop_plugin: sasldb
#mech_list: plain login
#uses local sqlite DB
#pwcheck_method: saslauthd
pwcheck_method: auxprop
auxprop_plugin: sql
sql_hostnames: localhost
mech_list: plain login cram-md5 digest-md5
#mech_list: plain login
sql_engine: sqlite3
sql_data: /path/to/mydatabaseh.db
-- content of /usr/local/lib/sasl2/smtpd.conf --
#server uses PAM & local login/passwd
# client uses pflogin:PW in sasl_passwd
#pwcheck_method: saslauthd
#mech_list: plain login
# server uses /etc/sasldb database
#pwcheck_method: auxprop
#auxprop_plugin: sasldb
#mech_list: plain login
#uses local sqlite DB
#pwcheck_method: saslauthd
pwcheck_method: auxprop
auxprop_plugin: sql
sql_hostnames: localhost
mech_list: plain login cram-md5 digest-md5
#mech_list: plain login
sql_engine: sqlite3
sql_data: /path/to/mydatabaseh.db
-- content of /etc/sasl2/smtpd.conf --
#server uses PAM & local login/passwd
# client uses pflogin:PW in sasl_passwd
#pwcheck_method: saslauthd
#mech_list: plain login
# server uses /etc/sasldb database
#pwcheck_method: auxprop
#auxprop_plugin: sasldb
#mech_list: plain login
#uses local sqlite DB
#pwcheck_method: saslauthd
pwcheck_method: auxprop
auxprop_plugin: sql
sql_hostnames: localhost
mech_list: plain login cram-md5 digest-md5
#mech_list: plain login
sql_engine: sqlite3
sql_data: /path/to/mydatabaseh.db
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
smtp inet n - n - - smtpd -v
submission inet n - n - - smtpd -v
-o syslog_name=postfix/submission
smtps inet n - n - - smtpd -v
-o syslog_name=postfix/smtps
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o syslog_name=postfix/$service_name
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd
-- mechanisms on localhost --
-- end of saslfinger output --
If anyone knows anything about using sqlite3 for sasl authentication, I would love your advice.
Stephanie
and my saslauthd runs with -a pam

Should there be a list of mechanisms in my saslfinger output??

Thanks anyone,
Stephanie
Stephanie Fuller
2020-06-25 17:27:34 UTC
Permalink
Post by Stephanie Fuller
Post by Stephanie Fuller
I am trying to use sasl authentication with my postfix.
This is my /etc/sasl2/smtpd.conf
cat /etc/sasl2/smtpd.conf
#server uses PAM & local login/passwd
# client uses login:PW in sasl_passwd
#this works and authenticates & relays email
#pwcheck_method: saslauthd
#mech_list: plain login
# server uses /etc/sasldb database
#this also works, relays email
#pwcheck_method: auxprop
#auxprop_plugin: sasldb
#mech_list: plain login
#uses local sqlite DB
pwcheck_method: auxprop
auxprop_plugin: sql
sql_hostnames: localhost
mech_list: plain login cram-md5 digest-md5
#mech_list: plain login
sql_engine:path/to/mydatabase.db
warning: SASL authentication problem: unknown password verifier(s) auxprop
warning: SASL authentication failure: Password verification failed
warning: smtpauth.weber.edu[137.190.1.5]: SASL PLAIN authentication failed: no mechanism available
I have read about past users with this problem, but the solutions for them I have already applied.
Am I missing some libraries or packages linking postfix-sasl-sqlite3?
saslfinger - postfix Cyrus sasl configuration Thu Jun 25 11:05:05 MDT 2020
version: 1.0.2
mode: server-side SMTP AUTH
-- basics --
Postfix: 3.5.2
System: Red Hat Enterprise Linux Server release 7.8 (Maipo)
-- smtpd is linked to --
libsasl2.so.3 => /lib64/libsasl2.so.3 (0x00007f3d6f5a9000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /path/filename.cert.cer
smtpd_tls_key_file = /path/filename.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_use_tls = yes
-- listing of /usr/lib64/sasl2 --
total 768
drwxr-xr-x. 2 root root 4096 May 6 09:43 .
dr-xr-xr-x. 52 root root 36864 Jun 16 09:56 ..
-rwxr-xr-x 1 root root 20064 Jan 31 2018 libanonymous.so
-rwxr-xr-x 1 root root 20064 Jan 31 2018 libanonymous.so.3
-rwxr-xr-x 1 root root 20064 Jan 31 2018 libanonymous.so.3.0.0
-rwxr-xr-x 1 root root 24232 Jan 31 2018 libcrammd5.so
-rwxr-xr-x 1 root root 24232 Jan 31 2018 libcrammd5.so.3
-rwxr-xr-x 1 root root 24232 Jan 31 2018 libcrammd5.so.3.0.0
-rwxr-xr-x 1 root root 57960 Jan 31 2018 libdigestmd5.so
-rwxr-xr-x 1 root root 57960 Jan 31 2018 libdigestmd5.so.3
-rwxr-xr-x 1 root root 57960 Jan 31 2018 libdigestmd5.so.3.0.0
-rwxr-xr-x 1 root root 37048 Jan 31 2018 libgssapiv2.so
-rwxr-xr-x 1 root root 37048 Jan 31 2018 libgssapiv2.so.3
-rwxr-xr-x 1 root root 37048 Jan 31 2018 libgssapiv2.so.3.0.0
-rwxr-xr-x 1 root root 24256 Apr 10 2018 libldapdb.so
-rwxr-xr-x 1 root root 24256 Apr 10 2018 libldapdb.so.3
-rwxr-xr-x 1 root root 24256 Apr 10 2018 libldapdb.so.3.0.0
-rwxr-xr-x 1 root root 20056 Jan 31 2018 liblogin.so
-rwxr-xr-x 1 root root 20056 Jan 31 2018 liblogin.so.3
-rwxr-xr-x 1 root root 20056 Jan 31 2018 liblogin.so.3.0.0
-rwxr-xr-x 1 root root 20088 Jan 31 2018 libplain.so
-rwxr-xr-x 1 root root 20088 Jan 31 2018 libplain.so.3
-rwxr-xr-x 1 root root 20088 Jan 31 2018 libplain.so.3.0.0
-rwxr-xr-x 1 root root 28272 Jan 31 2018 libsasldb.so
-rwxr-xr-x 1 root root 28272 Jan 31 2018 libsasldb.so.3
-rwxr-xr-x 1 root root 28272 Jan 31 2018 libsasldb.so.3.0.0
-- listing of /usr/lib/sasl2 --
total 16
drwxr-xr-x 2 root root 23 Jun 18 13:57 .
dr-xr-xr-x. 49 root root 8192 Jun 16 10:50 ..
-rw-r----- 1 root root 651 Jun 25 09:47 smtpd.conf
-- listing of /usr/local/lib/sasl2 --
total 4
drwxr-xr-x 2 root root 23 Jun 18 13:58 .
drwxr-xr-x. 3 root root 18 May 28 16:48 ..
-rw-r----- 1 root root 651 Jun 25 09:47 smtpd.conf
-- listing of /etc/sasl2 --
total 24
drwxr-xr-x. 2 root root 74 Jun 25 09:47 .
drwxr-xr-x. 95 root root 8192 Jun 24 12:12 ..
-rw-r----- 1 root root 651 Jun 25 09:47 smtpd.conf
-rw-r----- 1 root root 610 Jun 19 11:42 smtpd.conf.original
-rw-r----- 1 root root 50 Jun 15 14:18 smtpd.conf.rpmsave
-- content of /usr/lib/sasl2/smtpd.conf --
#server uses PAM & local login/passwd
# client uses pflogin:PW in sasl_passwd
#pwcheck_method: saslauthd
#mech_list: plain login
# server uses /etc/sasldb database
#pwcheck_method: auxprop
#auxprop_plugin: sasldb
#mech_list: plain login
#uses local sqlite DB
#pwcheck_method: saslauthd
pwcheck_method: auxprop
auxprop_plugin: sql
sql_hostnames: localhost
mech_list: plain login cram-md5 digest-md5
#mech_list: plain login
sql_engine: sqlite3
sql_data: /path/to/mydatabaseh.db
-- content of /usr/local/lib/sasl2/smtpd.conf --
#server uses PAM & local login/passwd
# client uses pflogin:PW in sasl_passwd
#pwcheck_method: saslauthd
#mech_list: plain login
# server uses /etc/sasldb database
#pwcheck_method: auxprop
#auxprop_plugin: sasldb
#mech_list: plain login
#uses local sqlite DB
#pwcheck_method: saslauthd
pwcheck_method: auxprop
auxprop_plugin: sql
sql_hostnames: localhost
mech_list: plain login cram-md5 digest-md5
#mech_list: plain login
sql_engine: sqlite3
sql_data: /path/to/mydatabaseh.db
-- content of /etc/sasl2/smtpd.conf --
#server uses PAM & local login/passwd
# client uses pflogin:PW in sasl_passwd
#pwcheck_method: saslauthd
#mech_list: plain login
# server uses /etc/sasldb database
#pwcheck_method: auxprop
#auxprop_plugin: sasldb
#mech_list: plain login
#uses local sqlite DB
#pwcheck_method: saslauthd
pwcheck_method: auxprop
auxprop_plugin: sql
sql_hostnames: localhost
mech_list: plain login cram-md5 digest-md5
#mech_list: plain login
sql_engine: sqlite3
sql_data: /path/to/mydatabaseh.db
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
smtp inet n - n - - smtpd -v
submission inet n - n - - smtpd -v
-o syslog_name=postfix/submission
smtps inet n - n - - smtpd -v
-o syslog_name=postfix/smtps
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o syslog_name=postfix/$service_name
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd
-- mechanisms on localhost --
-- end of saslfinger output --
If anyone knows anything about using sqlite3 for sasl authentication, I would love your advice.
Stephanie
and my saslauthd runs with -a pam
Should there be a list of mechanisms in my saslfinger output??
Thanks anyone,
Stephanie
I noticed an editing error in my /etc/sasl2/smtpd.conf file.
It actually is:

#uses local sqlite DB
# client uses pflogin or ***@FQDN & PW in sasl_passwd
#pwcheck_method: saslauthd
pwcheck_method: auxprop
auxprop_plugin: sql
sql_hostnames: localhost
mech_list: plain login cram-md5 digest-md5
#mech_list: plain login
sql_engine: sqlite3
sql_data: /path/to/mydatabase.db
sql_select: SELECT password FROM users WHERE user = '%u@%r'

Stephanie Fuller
2020-06-25 17:25:57 UTC
Permalink
Post by Stephanie Fuller
I am trying to use sasl authentication with my postfix.
This is my /etc/sasl2/smtpd.conf
cat /etc/sasl2/smtpd.conf
#server uses PAM & local login/passwd
# client uses login:PW in sasl_passwd
#this works and authenticates & relays email
#pwcheck_method: saslauthd
#mech_list: plain login
# server uses /etc/sasldb database
#this also works, relays email
#pwcheck_method: auxprop
#auxprop_plugin: sasldb
#mech_list: plain login
#uses local sqlite DB
pwcheck_method: auxprop
auxprop_plugin: sql
sql_hostnames: localhost
mech_list: plain login cram-md5 digest-md5
#mech_list: plain login
sql_engine:path/to/mydatabase.db
warning: SASL authentication problem: unknown password verifier(s) auxprop
warning: SASL authentication failure: Password verification failed
warning: smtpauth.weber.edu[137.190.1.5]: SASL PLAIN authentication failed: no mechanism available
I have read about past users with this problem, but the solutions for them I have already applied.
Am I missing some libraries or packages linking postfix-sasl-sqlite3?
saslfinger - postfix Cyrus sasl configuration Thu Jun 25 11:05:05 MDT 2020
version: 1.0.2
mode: server-side SMTP AUTH
-- basics --
Postfix: 3.5.2
System: Red Hat Enterprise Linux Server release 7.8 (Maipo)
-- smtpd is linked to --
libsasl2.so.3 => /lib64/libsasl2.so.3 (0x00007f3d6f5a9000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /path/filename.cert.cer
smtpd_tls_key_file = /path/filename.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_use_tls = yes
-- listing of /usr/lib64/sasl2 --
total 768
drwxr-xr-x. 2 root root 4096 May 6 09:43 .
dr-xr-xr-x. 52 root root 36864 Jun 16 09:56 ..
-rwxr-xr-x 1 root root 20064 Jan 31 2018 libanonymous.so
-rwxr-xr-x 1 root root 20064 Jan 31 2018 libanonymous.so.3
-rwxr-xr-x 1 root root 20064 Jan 31 2018 libanonymous.so.3.0.0
-rwxr-xr-x 1 root root 24232 Jan 31 2018 libcrammd5.so
-rwxr-xr-x 1 root root 24232 Jan 31 2018 libcrammd5.so.3
-rwxr-xr-x 1 root root 24232 Jan 31 2018 libcrammd5.so.3.0.0
-rwxr-xr-x 1 root root 57960 Jan 31 2018 libdigestmd5.so
-rwxr-xr-x 1 root root 57960 Jan 31 2018 libdigestmd5.so.3
-rwxr-xr-x 1 root root 57960 Jan 31 2018 libdigestmd5.so.3.0.0
-rwxr-xr-x 1 root root 37048 Jan 31 2018 libgssapiv2.so
-rwxr-xr-x 1 root root 37048 Jan 31 2018 libgssapiv2.so.3
-rwxr-xr-x 1 root root 37048 Jan 31 2018 libgssapiv2.so.3.0.0
-rwxr-xr-x 1 root root 24256 Apr 10 2018 libldapdb.so
-rwxr-xr-x 1 root root 24256 Apr 10 2018 libldapdb.so.3
-rwxr-xr-x 1 root root 24256 Apr 10 2018 libldapdb.so.3.0.0
-rwxr-xr-x 1 root root 20056 Jan 31 2018 liblogin.so
-rwxr-xr-x 1 root root 20056 Jan 31 2018 liblogin.so.3
-rwxr-xr-x 1 root root 20056 Jan 31 2018 liblogin.so.3.0.0
-rwxr-xr-x 1 root root 20088 Jan 31 2018 libplain.so
-rwxr-xr-x 1 root root 20088 Jan 31 2018 libplain.so.3
-rwxr-xr-x 1 root root 20088 Jan 31 2018 libplain.so.3.0.0
-rwxr-xr-x 1 root root 28272 Jan 31 2018 libsasldb.so
-rwxr-xr-x 1 root root 28272 Jan 31 2018 libsasldb.so.3
-rwxr-xr-x 1 root root 28272 Jan 31 2018 libsasldb.so.3.0.0
-- listing of /usr/lib/sasl2 --
total 16
drwxr-xr-x 2 root root 23 Jun 18 13:57 .
dr-xr-xr-x. 49 root root 8192 Jun 16 10:50 ..
-rw-r----- 1 root root 651 Jun 25 09:47 smtpd.conf
-- listing of /usr/local/lib/sasl2 --
total 4
drwxr-xr-x 2 root root 23 Jun 18 13:58 .
drwxr-xr-x. 3 root root 18 May 28 16:48 ..
-rw-r----- 1 root root 651 Jun 25 09:47 smtpd.conf
-- listing of /etc/sasl2 --
total 24
drwxr-xr-x. 2 root root 74 Jun 25 09:47 .
drwxr-xr-x. 95 root root 8192 Jun 24 12:12 ..
-rw-r----- 1 root root 651 Jun 25 09:47 smtpd.conf
-rw-r----- 1 root root 610 Jun 19 11:42 smtpd.conf.original
-rw-r----- 1 root root 50 Jun 15 14:18 smtpd.conf.rpmsave
-- content of /usr/lib/sasl2/smtpd.conf --
#server uses PAM & local login/passwd
# client uses pflogin:PW in sasl_passwd
#pwcheck_method: saslauthd
#mech_list: plain login
# server uses /etc/sasldb database
#pwcheck_method: auxprop
#auxprop_plugin: sasldb
#mech_list: plain login
#uses local sqlite DB
#pwcheck_method: saslauthd
pwcheck_method: auxprop
auxprop_plugin: sql
sql_hostnames: localhost
mech_list: plain login cram-md5 digest-md5
#mech_list: plain login
sql_engine: sqlite3
sql_data: /path/to/mydatabaseh.db
-- content of /usr/local/lib/sasl2/smtpd.conf --
#server uses PAM & local login/passwd
# client uses pflogin:PW in sasl_passwd
#pwcheck_method: saslauthd
#mech_list: plain login
# server uses /etc/sasldb database
#pwcheck_method: auxprop
#auxprop_plugin: sasldb
#mech_list: plain login
#uses local sqlite DB
#pwcheck_method: saslauthd
pwcheck_method: auxprop
auxprop_plugin: sql
sql_hostnames: localhost
mech_list: plain login cram-md5 digest-md5
#mech_list: plain login
sql_engine: sqlite3
sql_data: /path/to/mydatabaseh.db
-- content of /etc/sasl2/smtpd.conf --
#server uses PAM & local login/passwd
# client uses pflogin:PW in sasl_passwd
#pwcheck_method: saslauthd
#mech_list: plain login
# server uses /etc/sasldb database
#pwcheck_method: auxprop
#auxprop_plugin: sasldb
#mech_list: plain login
#uses local sqlite DB
#pwcheck_method: saslauthd
pwcheck_method: auxprop
auxprop_plugin: sql
sql_hostnames: localhost
mech_list: plain login cram-md5 digest-md5
#mech_list: plain login
sql_engine: sqlite3
sql_data: /path/to/mydatabaseh.db
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
smtp inet n - n - - smtpd -v
submission inet n - n - - smtpd -v
-o syslog_name=postfix/submission
smtps inet n - n - - smtpd -v
-o syslog_name=postfix/smtps
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o syslog_name=postfix/$service_name
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd
-- mechanisms on localhost --
-- end of saslfinger output --
If anyone knows anything about using sqlite3 for sasl authentication, I would love your advice.
Stephanie
Loading...