[SOLVED]Problem with SASL Auth

[Joeg1484]

I just installed Zentyal 3 on my server (3.0.13) and am running into an interesting issue.

I can send mail fine using Thunderbird, but when I try to send using Kmail (KDE 4.10) I get an error stating that the server does not support PLAIN authentication. So, I tried LOGIN and still same issue.

The log files read:

Feb 25 20:24:16 wolfserver postfix/smtpd[25142]: warning: unknown[192.168.0.1]: SASL LOGIN authentication failed: Invalid authentication mechanism
Feb 25 20:24:16 wolfserver postfix/smtpd[25142]: lost connection after AUTH from unknown[192.168.0.1]
Feb 25 20:24:16 wolfserver postfix/smtpd[25142]: disconnect from unknown[192.168.0.1]


Again, I can send using Thunderbird, just not KMail... Is there some way to fix this? With Zentyal 2, I was able to send using any client.

Thanks!
Joe

[Joeg1484]

Not sure what is going on, but looks like some auth mech is broken in Zentyal.

I tried using the following:
openssl s_client -connect server.com:587 -starttls smtp

This gets the SSL cert just fine (No need to post it here), then:

250 DSN
AUTH
503 5.5.1 Error: send HELO/EHLO first
EHLO myusername@server.com
250-server.com
250-PIPELINING
250-SIZE
250-ETRN
250-AUTH GSSAPI PLAIN
250-AUTH=GSSAPI PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
STARTTLS
554 5.5.1 Error: TLS already active

AUTH LOGIN (My base64 login)
535 5.7.8 Error: authentication failed: Invalid authentication mechanism


So, it doesn't seem to allow AUTH LOGIN... I tried AUTH PLAIN as well, but got this:

535 5.7.8 Error: authentication failed: Invalid base64 data in initial response

However, I created my base64 password using: echo 'password' |base64

Any ideas?
Thanks!
Joe

[christian]

However, I created my base64 password using: echo 'password' |base64

I don't understand this 
Could you please elaborate ?

[Joeg1484]

Sure,

I read that in order to connect using sasl auth on "Most" postfix/dovecot servers that use tls/ssl, you have to use the openssl tools as I did. It was also noted, that you can't simply pass a plane text password to the commands, you have to convert your password to a base64 password. I did this with echo |base64 command (Using OpenSUSE)

I also tested this with my ISP's smtp server and it worked without issue. We are using my ISPs server to send my e-mails using KMail, so it appears to be some deficiency or misconfiguration in the way Zentyal configures its mail server. Perhaps a missing package or something?

Thanks!

[Joeg1484]

It could very well be some bug in KMail 4.10, however, its working on other mail servers.

On Zentyal, I can connect using Thunderbird, my Android devices, and a web mail client (Remote Roundcube installation.)

I'm not sure and don't have a lot of experience in troubleshooting mail server :->. All I know is it "Used" to work and when I upgraded my Zentyal server, it stopped working.

Any other ideas anyone can offer, I would be grateful!

Thanks!
Joe

[christian]

I don't know whenever there is something wrong or not Zentyal server side but it doesn't seem as related to what you show above.
- to me, STARTTLS fails because you already built this tunnel with openssl
- authentication fails not because of wrong password (not based64 encoded) but because SASL is not supported if STARTTLS failed.

Am I correct ?

Using you mail client (rather than command line), what are your smtp setting ?

[christian]

It could very well be some bug in KMail 4.10, however, its working on other mail servers.

On Zentyal, I can connect using Thunderbird, my Android devices, and a web mail client (Remote Roundcube installation.)

at least we can state there is something wrong between Kmail and Zentyal

I'm not sure and don't have a lot of experience in troubleshooting mail server :->. All I know is it "Used" to work and when I upgraded my Zentyal server, it stopped working.

what kind of upgrade ?

[Joeg1484]

I don't know whenever there is something wrong or not Zentyal server side but it doesn't seem as related to what you show above.
- to me, STARTTLS fails because you already built this tunnel with openssl
- authentication fails not because of wrong password (not based64 encoded) but because SASL is not supported if STARTTLS failed.

Am I correct ?

Using you mail client (rather than command line), what are your smtp setting ?

HEH, like I said, I'm not that versed in troubleshooting mail servers. I was just doing some reading and tying to figure out how to troubleshoot it .

Im using KMail 4.10 (From KDE 4.10) and I set up an SMTP server using port 587. I use the auto config and it sets up TLS and PLAIN as the standard choices - These have worked in the past.

When I try to send am e-mail, I get an error from KMail saying that SMTP server doesn’t support PLAIN. In the mail logs on the server, I get the SASL LOGIN authentication failed: Invalid authentication mechanism.

Is there some other setting I should be using in KMail?

Thanks!

[Joeg1484]

Let me blow away my kmail config and start over. Perhaps its something in kmail...

Thanks!
Joe

[christian]

As I wrote, I would rather focus first on the STARTTLS step.
Using KMail, do you notice any error in syslog before the "SASL" one ? (something related to TLS ?)

What kind of upgrade did you apply ?

[Joeg1484]

Actually, I think this was a KMail issue...

I removed the configuration from my desktop and rebooted, then re added the Zentyal SMTP server to kmail and its working. Looks like it was kmail.

Very strange, because Thunderbird and my Samsung Galaxy 3 were able to send just fine... Weird config with kmail I suppose.

Thanks for your help and offering to help me troubleshoot this!

Joe

[Joeg1484]

As I wrote, I would rather focus first on the STARTTLS step.
Using KMail, do you notice any error in syslog before the "SASL" one ? (something related to TLS ?)

What kind of upgrade did you apply ?

Oh, the upgrade was a reinstall of Zentyal. I was using 2.0.x and wanted to upgrade to 3.0. It was a fresh install though

Thanks!
Joe