You mean your server, acting as client, connects to another server to
transport a message; the other server requires authentication and it
fails?
If I am correct with my assumtion made above, then you have configured
your Postfix server to _offer_ SMTP AUTH (it's the smtpd daemon that has
problems...), but not to _use_ SMTP AUTH.
OK.

First of all, can you verify that SASL authentication works without
Postfix? Use 'testsaslauthd' to test authentication if you run
saslauthd; use 'server' and 'client' from the SASL sources if you use
"auxprop" as pwcheck_method.

Next, if authentication works, can you verify that SMTP AUTH works
without a client using only telnet?
See my example at:
<http://postfix.state-of-mind.de/patrick.koetter/smtpauth/smtp_auth_mailclients.html>, Section 12.4

Finally, what mechanisms does your server offer? Are there any matches
with mechanisms supported by KMail?

We need the following things to start debugging:

smtpd.conf
postconf -n

if you use saslauthd
the directory it put's the socket in
the permissions of that directory


For your own debugging. SASL logs to auth.*; make sure syslogd catches
those messages and writes them to a log file.
Also, if you use saslauthd, you start it with '-d' for debugging; do not
start it from a init-script or you will not get any output.
All built and installed from source or from packages?

HTH

***@rick

Patrick,

Thanks for your help points and your document.

I am definately trying to debug SMTP auth on this server.

I do not have 'testsaslauthd', I only have these (in my install directoy):
/sasl/cyrus-sasl-2.1.18/saslauthd/testsaslauthd.c
/sasl/cyrus-sasl-2.1.18/saslauthd/.deps/testsaslauthd.Po

Is this a sign of my problems?

My /var/log/messages continues to report:

rabbit postfix/smtpd[4050]: SQL engine 'mysql' not supported
rabbit postfix/smtpd[4050]: auxpropfunc error no mechanism available

...when /var/log/maillog is saying:
rabbit postfix/smtpd[7942]: warning: SASL authentication failure: Password
verification failed
rabbit postfix/smtpd[7942]: warning: ...: SASL PLAIN authentication failed
rabbit postfix/smtpd[7942]: >..: 535 Error: authentication failed


What I've done:

SASL:
./configure --enable-anon --enable-sql --enable-plain --enable-login
--with-mysql=/usr --with-openssl --with-plugindir=/usr/local/lib/sasl2
make
make install
ln -s /usr/local/lib/sasl2 /usr/lib/sasl2

Postfix:
make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -DHAS_PCRE
-DUSE_SASL_AUTH -DUSE_SSL -I/usr/include/pcre -I/usr/include/mysql
-I/usr/local/include/sasl' 'AUXLIBS=-L/usr/lib/mysql -L/usr/local/lib/sasl2
-L/usr/lib -lmysqlclient -lsasl2 -lz -lm -lpcre -lssl -lcrypto'
make
make install

I've been using a (customized) working config set (/etc/postfix/* and
smtpd.conf) from another working machine that I set up last week.

[***@rabbit bryanl]# postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_queue_lifetime = 1d
mydestination = localhost.$mydomain,localhost, $myhostname, $mydomain,
$transport_maps
mydomain = [mydomain.tld]
myhostname = rabbit.[mydomain.tld]
mynetworks_style = host
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.0.11/README_FILES
sample_directory = /usr/share/doc/postfix-2.0.11/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_application_name = smtpd
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
transport_maps = mysql:/etc/postfix/transport.cf
unknown_local_recipient_reject_code = 550
virtual_gid_maps = mysql:/etc/postfix/gids.cf
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virt.cf
virtual_uid_maps = mysql:/etc/postfix/uids.cf

# cat /usr/local/lib/sasl2/smtpd.conf
pwcheck_method:auxprop
auxprop_plugin:sql
sql_plugin:mysql
mech_list:plain
sql_user:postfix
sql_passwd:********
sql_hostnames:localhost
sql_database:maildb
sql_select: SELECT clear FROM users WHERE id = 'bryanl@[mydomain.tld]'
sql_verbose: yes

Bryan

*snip*

All I can point out is that that SASL library that's linked into postfix doesn't have mysql support enabled.
The configure process for cyrus sasl2 doesn't halt on SQL library errors (it's classified as a warning), so you might think you have it compiled in, but in actuallity it isn't.
Also, the results for the SQL library tests are cached and aren't retested on subsequent runs of configure.

You'll need to recompile SASL2, I believe the SASL2 library are shared so you shouldn't have to worry about recompiling postfix.

Before you run the configure command, do a "make distclean". This should remove all files generated by the usual install process.

Since SASL configure doesn't halt on SQL library not found, what you have to watch out for is this:
checking SQL... enabled
checking for mysql_select_db in -lmysqlclient... no
configure: WARNING: MySQL library mysqlclient does not work

If you get that warning, it didn't get compiled in, and your path is most likely incorrect.
The path must be the same prefix path used when compiling the mysql server.

I believe this should fix your problem with the mysql plugin not being compiled. Hopefully this is all that you need to do =)

Eric

doesn't have mysql support enabled.
(it's classified as a warning), so you might think you have it compiled in,
but in actuallity it isn't.
on subsequent runs of configure.
you shouldn't have to worry about recompiling postfix.
remove all files generated by the usual install process.
likely incorrect.
server.
compiled. Hopefully this is all that you need to do =)


I had the same problem. My problem was when compiling SASL, I couldn't get
rid of that darn warning/error. Finally, with the help of the sasl mailing
list, someone finally suggested that the problem was due to configure no
knowing about zlib (something the mysqlclient library is linked to). The
solution was pretty simple once it was figured out.

If you are building from SRPM, update the cyrus-sasl.spec file with the
following:
Line 179: LIBS="-lcrypt -lz"; export LIBS;

If you are buidling from tarball, you can try the folowing updates to
configure: (can probably done thru an environment varialbe as well, but am
not sure which)

change the following lines (don't know the line #s).
LIB_MYSQL="$LIB_MYSQL -lmysqlclient"
LIBS="-lmysqlclient $LIB_MYSQL_DIR $LIBS"

to:
LIB_MYSQL="$LIB_MYSQL -lmysqlclient -lz"
LIBS="-lmysqlclient -lz $LIB_MYSQL_DIR $LIBS"


Then do a make distclean, before a configure and you should be all set.

Good luck!

Eric

Eric(s),

Thank you so much for chiming in on this.. the differences between my servers
(the one that worked and the one that didn't) was apparently were related to
the different mysql SRPMS - RH (mysql-3.23.58) verses mysql.org's
(MySQL-server-4.0.18-0).

While my SASL ./configure worked on the first box (RH) using
--with-mysql=/usr, this did not work for the second set up... although both
distributions put everything in the same places (/usr/lib/mysql/,
/usr/include/mysql/, and /usr/bin), using --with-mysql=/usr kept failing with
So, this is getting off topic for Postfix, but I really appreciate your help
getting my SMTP Auth happening!


Bryan