SASL auth problem

I've been running courier for several years now. Thanks guys for the
awesome system!

The problem I am having right now is that I am unable to authenticate
from a shell, using SASL. I am sure, I am doing something wrong here.

I am running courier 0.58 on Fedora Core 4.
I require smtp authentication for all users, and that is working out
fine.
All of the users have pam accounts on the system, and pamauth is the
only thing I've got going on.

Here are key settings from esmtpd

AUTHREQUIRED=0
ESMTP_TLS_REQUIRED=0
TLS_PROTOCOL=SSL3

ESMTPAUTH='LOGIN PLAIN CRAM-MD5'
ESMTPAUTH_TLS="PLAIN LOGIN CRAM-MD5"

So what I am trying to do, is send mail from our webservers by doing the
following:
perl -MMIME::Lite -e '
        MIME::Lite->send(qw/smtp mail.domain.com Timeout  60 AuthUser
kate AuthPass pass/);
        my $msg = new MIME::Lite(From => "kate@...",
Subject=>"Hello world", To=>"kate@...", Data=>"Rainbows!");
$msg->send;  '

MIME::Lite requires MIME::Base64 and Authen::SASL to do authentication.
It uses Net::SMTP to do the actual connecting.

The script above is telling MIME::Lite to use
 smtp on my mail server, authenticating as a specific user with a
password.


Is this enough information, or do I need to dig further?

Thanks for the help!
Kate


-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
courier-users mailing list
courier-users@...
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Kate Yoak writes:
No, it's not. You need to show what does or does not happen when you do
this.

Additionally, always enable "use strict" and "use warnings". If you did, the
above Perl snippet is sure to generate a bunch of warning messages from
Perl, that you should pay heed to.




-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
courier-users mailing list
courier-users@...
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

My problem statement was poor in the last message, so I decided to just
start over. Thanks for the help!

The problem is - authentication fails when attempting to send mail from a
script. It fails both for my own script and for some installed software
(such as trac).

Here is the debug output from MIME::Lite (it uses Net::SMTP):
MIME::Lite::SMTP>>> MIME::Lite::SMTP
MIME::Lite::SMTP>>>   Net::SMTP(2.31)
MIME::Lite::SMTP>>>     Net::Cmd(2.29)
MIME::Lite::SMTP>>>       Exporter(5.58)
MIME::Lite::SMTP>>>     IO::Socket::INET(1.29)
MIME::Lite::SMTP>>>       IO::Socket(1.29)
MIME::Lite::SMTP>>>         IO::Handle(1.25)
MIME::Lite::SMTP=GLOB(0x10f04ec0)<<< 220 yoak.com ESMTP
MIME::Lite::SMTP=GLOB(0x10f04ec0)>>> EHLO localhost.localdomain
MIME::Lite::SMTP=GLOB(0x10f04ec0)<<< 250-yoak.com Ok.
MIME::Lite::SMTP=GLOB(0x10f04ec0)<<< 250-AUTH LOGIN PLAIN CRAM-MD5
MIME::Lite::SMTP=GLOB(0x10f04ec0)<<< 250-AUTH=LOGIN PLAIN CRAM-MD5
X-NETSCAPE-HAS-BUGS
MIME::Lite::SMTP=GLOB(0x10f04ec0)<<< 250-XVERP=Courier
MIME::Lite::SMTP=GLOB(0x10f04ec0)<<< 250-XEXDATA
MIME::Lite::SMTP=GLOB(0x10f04ec0)<<< 250-XSECURITY=NONE,STARTTLS
MIME::Lite::SMTP=GLOB(0x10f04ec0)<<< 250-PIPELINING
MIME::Lite::SMTP=GLOB(0x10f04ec0)<<< 250-8BITMIME
MIME::Lite::SMTP=GLOB(0x10f04ec0)<<< 250-SIZE
MIME::Lite::SMTP=GLOB(0x10f04ec0)<<< 250 DSN
MIME::Lite::SMTP=GLOB(0x10f04ec0)>>> AUTH CRAM-MD5
MIME::Lite::SMTP=GLOB(0x10f04ec0)<<< 334
PEQyNENGNjlGRjYxNkQ3Qzk0N0UyNEQ3NTkyNDM4MjlDQG5hdC5sb25nbWVkaWEuY29tPg==
MIME::Lite::SMTP=GLOB(0x10f04ec0)>>>
a2F0ZSBmYzQ5MWRhYmJlOTNiZmM4N2U5ZTNiNzViYTgxZWM1ZQ==
MIME::Lite::SMTP=GLOB(0x10f04ec0)<<< 535 Authentication failed.
---
Here is what the log says:
Jul  1 10:07:45 nat courieresmtpd: started,ip=[::ffff:64.235.49.166]
Jul  1 10:07:45 nat courieresmtpd: error,relay=::ffff:64.235.49.166,msg="535
Authentication failed.",cmd: a2F0ZSBmYzQ5MWRhYmJlOTNiZm
M4N2U5ZTNiNzViYTgxZWM1ZQ==
---
Here are key settings from esmtpd

AUTHREQUIRED=0
ESMTP_TLS_REQUIRED=0
TLS_PROTOCOL=SSL3

ESMTPAUTH='LOGIN PLAIN CRAM-MD5'
ESMTPAUTH_TLS="PLAIN LOGIN CRAM-MD5"

---
Authentication works correctly from desktop clients.
I am running courier 0.58 on Fedora Core 4.
I require smtp authentication for all users, and that is working out fine.
All of the users have pam accounts on the system, and pamauth is the only
thing I've got going on.


-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
courier-users mailing list
courier-users@...
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Kate Yoak wrote:
pam is incompatible with CRAM-MD5.  In order to use CRAM-MD5, you must
have the plain-text passwords available to courier.  Remove CRAM-MD5,
restart courier, and see if your scripts start working.


-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
courier-users mailing list
courier-users@...
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

> pam is incompatible with CRAM-MD5.  In order to use CRAM-MD5,
> you must
> have the plain-text passwords available to courier.  Remove CRAM-MD5,
> restart courier, and see if your scripts start working.

Hmmm... Removing cram-md5 caused my script to fail with "auth() not
supported".  That supports what you are saying.

But the weird thing is that Mail client on a mac, which used to work
correctly, began to fail with the same message.  In other words, it looks
like it was using cram-md5 successfully despite pamd. How is that possible?
Magic?  I hate it when servers resort to using magic... :-)


-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
courier-users mailing list
courier-users@...
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Kate Yoak wrote:
> Hmmm... Removing cram-md5 caused my script to fail with "auth() not
> supported".  That supports what you are saying.
>
> But the weird thing is that Mail client on a mac, which used to work
> correctly, began to fail with the same message.  In other words, it looks
> like it was using cram-md5 successfully despite pamd. How is that possible?
>  

More than likely, you disabled auth entirely rather than just the
CRAM-MD5 setting.  We can only guess...

Post your esmtpd configuration file, and authdaemonrc.  An updated copy
of the debug output from MIME::Lite that you included earlier wouldn't
hurt, either.


-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
courier-users mailing list
courier-users@...
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Kate Yoak writes:

> correctly, began to fail with the same message.  In other words, it looks
> like it was using cram-md5 successfully despite pamd. How is that possible?

It is completely impossible, according to the laws of physics in this
universe.




-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
courier-users mailing list
courier-users@...
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users