SASL LOGIN authentication failed: Invalid authentication mechanism on Rails using Postfix and Dovecot on Ubuntu 12.10

guillemhs picture guillemhs · Feb 21, 2013 · Viewed 23.4k times · Source

I have configured an ubuntu 12.10 server with Postfix and Dovecot. Nonetheless, I have SASL Login authentication problem when I try to send emails using a rails web application.

Using RoundCube Webmail, I get this log when I send an email:

Feb 21 21:09:01 ks400054 postfix/qmgr[17883]: 61D4E113: removed
Feb 21 21:16:34 ks400054 postfix/smtpd[19157]: connect from ks400054.kimsufi.com[37.59.38.218]
Feb 21 21:16:34 ks400054 postfix/smtpd[19157]: 9FA8419: client=ks400054.kimsufi.com[37.59.38.218], sasl_method=CRAM-MD5, [email protected]
Feb 21 21:16:34 ks400054 postfix/cleanup[19161]: 9FA8419: message-id=<[email protected]>
Feb 21 21:16:34 ks400054 postfix/qmgr[17883]: 9FA8419: from=<[email protected]>, size=723, nrcpt=1 (queue active)
Feb 21 21:16:34 ks400054 postfix/smtpd[19157]: disconnect from ks400054.kimsufi.com[37.59.38.218]
Feb 21 21:16:35 ks400054 postfix/smtp[19162]: 9FA8419: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[2a00:1450:4013:c01::1b]:25, delay=0.91, delays=0.26/0.02/0.1/0.53, dsn=2.0.0, status=sent (250 2.0.0 OK 1361477795 w41si55958842eel.117 - gsmtp)
Feb 21 21:16:35 ks400054 postfix/qmgr[17883]: 9FA8419: removed

However, when I try to send the email using the Rails webapp, I get this log:

Feb 21 21:17:32 ks400054 postfix/smtpd[19157]: connect from ks400054.kimsufi.com[37.59.38.218]
Feb 21 21:17:32 ks400054 postfix/smtpd[19157]: warning: ks400054.kimsufi.com[37.59.38.218]: SASL LOGIN authentication failed: Invalid authentication mechanism
Feb 21 21:17:32 ks400054 postfix/smtpd[19157]: lost connection after AUTH from ks400054.kimsufi.com[37.59.38.218]
Feb 21 21:17:32 ks400054 postfix/smtpd[19157]: disconnect from ks400054.kimsufi.com[37.59.38.218]
Feb 21 21:17:33 ks400054 postfix/smtpd[19157]: connect from ks400054.kimsufi.com[37.59.38.218]
Feb 21 21:17:33 ks400054 postfix/smtpd[19157]: warning: ks400054.kimsufi.com[37.59.38.218]: SASL LOGIN authentication failed: Invalid authentication mechanism
Feb 21 21:17:33 ks400054 postfix/smtpd[19157]: lost connection after AUTH from ks400054.kimsufi.com[37.59.38.218]
Feb 21 21:17:33 ks400054 postfix/smtpd[19157]: disconnect from ks400054.kimsufi.com[37.59.38.218]

My Postfix main.cf file is as follows:

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $myhostname
mynetworks = 127.0.0.0/8, 10.0.0.0/24
mailbox_size_limit = 0
home_mailbox = Maildir/
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_mailbox_domains = /etc/postfix/vhosts
virtual_mailbox_base = /var/vmail
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noplaintext,noanonymous
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth-client
virtual_transport=dovecot
dovecot_destination_recipient_limit=1

My Postfix master.cf file is as follows:

#
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
smtps     inet  n       -       -       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
submission inet n       -       -       -       -       smtpd
pickup    fifo  n       -       -       60      1       pickup
  -o content_filter=
  -o receive_override_options=no_header_body_checks
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
    -o smtp_fallback_relay=
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -   n   n   -   2   pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
amavis    unix -        -       -       -       2       smtp
  -o smtp_data_done_timeout=1200
  -o smtp_send_xforward_command=yes
  -o disable_dns_lookups=yes
  -o max_use=20
127.0.0.1:10025 inet n  -       -       -       -       smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_delay_reject=no
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o smtpd_data_restrictions=reject_unauth_pipelining
  -o smtpd_end_of_data_restrictions=
  -o mynetworks=127.0.0.0/8
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
  -o smtpd_client_connection_count_limit=0
  -o smtpd_client_connection_rate_limit=0
  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
# AV scan filter (used by content_filter)
scan      unix  -       -       n       -       16      smtp
        -o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10025 inet  n -       n       -       16      smtpd
        -o content_filter=
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks_style=host
        -o smtpd_authorized_xforward_hosts=127.0.0.0/8
dovecot unix - n n - - pipe
 flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}

And my Dovecot configuration file, my dovecot.conf is as follows:

auth_mechanisms = plain cram-md5
auth_verbose = yes
base_dir = /var/run/dovecot/
info_log_path = /var/log/dovecot.info
log_path = /var/log/dovecot
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = maildir:/var/vmail/%d/%n
passdb {
  args = /etc/dovecot/passwd
  driver = passwd-file
}
protocols = imap pop3
service auth {
  executable = /usr/lib/dovecot/auth
  user = root
}
service imap-login {
  chroot = login
  executable = /usr/lib/dovecot/imap-login
  user = dovecot
}
service imap {
  executable = /usr/lib/dovecot/imap
}
service pop3-login {
  chroot = login
  executable = /usr/lib/dovecot/pop3-login
  user = dovecot
}
service pop3 {
  executable = /usr/lib/dovecot/pop3
}
ssl = no
userdb {
  args = /etc/dovecot/users
  driver = passwd-file
}
valid_chroot_dirs = /var/spool/vmail
protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
}

auth default {
  mechanisms = plain cram-md5
  passdb passwd-file {
    args = /etc/dovecot/passwd
  }
  userdb passwd-file {
    args = /etc/dovecot/users
  }
  user = root
  socket listen {
    client {
      # The client socket is generally safe to export to everyone. Typical use
      # is to export it to your SMTP server so it can do SMTP AUTH lookups
      # using it.
      path = /var/spool/postfix/private/auth-client
      mode = 0660
      user = postfix
      group = postfix
    }
  }
}

Then, the mail configuration on the Rails app is as follows:

config.action_mailer.smtp_settings = {
  :address => "ks400054.kimsufi.com" ,
  :port => 25,
  :domain => "ks400054.kimsufi.com" ,
  :user_name => "[email protected]" ,
  :password  => "THE_CORRECT_PASSWORD",
  :authentication => :cram_md5,
  :enable_starttls_auto => true,
  :tls => true
}

I don't know why I can not login using the Rails webapp.

What am I missing? Is it something on the configuration?

Answer

guillemhs picture guillemhs · Feb 25, 2013

I migrate from dovecot to the classical configuration.

When I mean classical I mean I followed this 2010 how-to

http://www.pixelinx.com/2010/10/creating-a-mail-server-on-ubuntu-using-postfix-courier-ssltls-spamassassin-clamav-and-amavis/

On Ubuntu 12.10 you have to change /etc/postfix/main.cf into this one:

myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = host
mailbox_size_limit = 0
virtual_mailbox_limit = 0
recipient_delimiter = +
inet_interfaces = all
message_size_limit = 0

# SMTP Authentication (SASL)

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

# Encrypted transfer (SSL/TLS)

smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_cert_file=/etc/apache2/ssl/mail.crt
smtpd_tls_key_file=/etc/apache2/ssl/mail.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# Basic SPAM prevention

smtpd_helo_required = yes
smtpd_delay_reject = yes
disable_vrfy_command = yes
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks,permit
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

# Force incoming mail to go through Amavis

content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

# Virtual user mappings

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_maps = mysql:/etc/postfix/maps/user.cf
virtual_uid_maps = static:5000
virtual_gid_maps =  static:5000
virtual_alias_maps = mysql:/etc/postfix/maps/alias.cf
virtual_mailbox_domains = mysql:/etc/postfix/maps/domain.cf

And it works.