finding saslauthd log entries

[bfallon]

Hello and how are you All,

I hope you can find my system's info (via getinfo.sh) on Pastebin.

I'm looking for some assistance with Saslauthd. I would like to know how to enable logging (via syslog). From the Saslauthd man page this is possible, using log_auth facility(???). I have entries in /etc/syslog.conf for collecting auth.* to /var/log/secure and log_auth.* to /var/log/secure (out of desperation). Neither log files, /var/log/messages or /var/log/secure, have anyhing relevent.

Errors occur during my postfix telnet ehlo test; using instructions from the SASL_README (auth plain with username\0username\0password).

Code: Select all

Dec 15 12:57:49 localhost postfix/smtpd[8123]: < unknown[192.168.1.16]: ehlo cutey
Dec 15 12:57:49 localhost postfix/smtpd[8123]: > unknown[192.168.1.16]: 250-localhost.localdomain
Dec 15 12:57:49 localhost postfix/smtpd[8123]: > unknown[192.168.1.16]: 250-PIPELINING
Dec 15 12:57:49 localhost postfix/smtpd[8123]: > unknown[192.168.1.16]: 250-SIZE 10240000
Dec 15 12:57:49 localhost postfix/smtpd[8123]: > unknown[192.168.1.16]: 250-VRFY
Dec 15 12:57:49 localhost postfix/smtpd[8123]: > unknown[192.168.1.16]: 250-ETRN
Dec 15 12:57:49 localhost postfix/smtpd[8123]: match_list_match: unknown: no match
Dec 15 12:57:49 localhost postfix/smtpd[8123]: match_list_match: 192.168.1.16: no match
Dec 15 12:57:49 localhost postfix/smtpd[8123]: > unknown[192.168.1.16]: 250-AUTH LOGIN PLAIN
Dec 15 12:57:49 localhost postfix/smtpd[8123]: > unknown[192.168.1.16]: 250-ENHANCEDSTATUSCODES
Dec 15 12:57:49 localhost postfix/smtpd[8123]: > unknown[192.168.1.16]: 250-8BITMIME
Dec 15 12:57:49 localhost postfix/smtpd[8123]: > unknown[192.168.1.16]: 250 DSN
Dec 15 12:57:54 localhost postfix/smtpd[8123]: < unknown[192.168.1.16]: auth plain
Dec 15 12:57:54 localhost postfix/smtpd[8123]: xsasl_cyrus_server_first: sasl_method plain
Dec 15 12:57:54 localhost postfix/smtpd[8123]: xsasl_cyrus_server_auth_response: uncoded server challenge: 
Dec 15 12:57:54 localhost postfix/smtpd[8123]: > unknown[192.168.1.16]: 334 
Dec 15 12:58:04 localhost postfix/smtpd[8123]: < unknown[192.168.1.16]: d2VidGVrXDB3ZWJ0ZWtcMCU3LWdyZWVuJmNhcnMK
Dec 15 12:58:04 localhost postfix/smtpd[8123]: xsasl_cyrus_server_next: decoded response: webtek\0webtek\0%7-green&cars?
Dec 15 12:58:04 localhost postfix/smtpd[8123]: warning: SASL authentication failure: Can only find author (no password)
Dec 15 12:58:04 localhost postfix/smtpd[8123]: warning: unknown[192.168.1.16]: SASL plain authentication failed: bad protocol / cancel
Dec 15 12:58:04 localhost postfix/smtpd[8123]: > unknown[192.168.1.16]: 535 5.7.0 Error: authentication failed: bad protocol / cancel

[bfallon]

An update and sorry to have wasted your time with this; sort of glad no one put their efforts here.

I decided to check /etc/passwd and /etc/group for the local user I was using, and was shockingly absent! Made it again and checked and gave it a dead easy password.

Previously, I was using /usr/bin/base64 "sasl-user-passwd.file" for encoding; another mistake.

Ah, opted for a different vector and read the CentOS 5 wiki whereby it encodes via Perl (I so dislike Perl and its dowloading modules and minimal support for versions). Ah, very different encoding...yet it works!

Thanks a bunch for providing the wiki page! It helped out my simple CentOS implementation.

Code: Select all

Dec 16 07:05:40 localhost postfix/smtpd[2882]: < unknown[192.168.1.16]: ehlo cutey
Dec 16 07:05:40 localhost postfix/smtpd[2882]: > unknown[192.168.1.16]: 250-localhost.localdomain
Dec 16 07:05:40 localhost postfix/smtpd[2882]: > unknown[192.168.1.16]: 250-PIPELINING
Dec 16 07:05:40 localhost postfix/smtpd[2882]: > unknown[192.168.1.16]: 250-SIZE 10240000
Dec 16 07:05:40 localhost postfix/smtpd[2882]: > unknown[192.168.1.16]: 250-VRFY
Dec 16 07:05:40 localhost postfix/smtpd[2882]: > unknown[192.168.1.16]: 250-ETRN
Dec 16 07:05:40 localhost postfix/smtpd[2882]: match_list_match: unknown: no match
Dec 16 07:05:40 localhost postfix/smtpd[2882]: match_list_match: 192.168.1.16: no match
Dec 16 07:05:40 localhost postfix/smtpd[2882]: > unknown[192.168.1.16]: 250-AUTH LOGIN PLAIN
Dec 16 07:05:40 localhost postfix/smtpd[2882]: > unknown[192.168.1.16]: 250-ENHANCEDSTATUSCODES
Dec 16 07:05:40 localhost postfix/smtpd[2882]: > unknown[192.168.1.16]: 250-8BITMIME
Dec 16 07:05:40 localhost postfix/smtpd[2882]: > unknown[192.168.1.16]: 250 DSN
Dec 16 07:05:43 localhost postfix/smtpd[2882]: < unknown[192.168.1.16]: auth plain
Dec 16 07:05:43 localhost postfix/smtpd[2882]: xsasl_cyrus_server_first: sasl_method plain
Dec 16 07:05:43 localhost postfix/smtpd[2882]: xsasl_cyrus_server_auth_response: uncoded server challenge: 
Dec 16 07:05:43 localhost postfix/smtpd[2882]: > unknown[192.168.1.16]: 334 
Dec 16 07:05:54 localhost postfix/smtpd[2882]: < unknown[192.168.1.16]: AHdlYnRlawB0ZXN0dXNlcjE=
Dec 16 07:05:54 localhost postfix/smtpd[2882]: xsasl_cyrus_server_next: decoded response: 
Dec 16 07:05:54 localhost postfix/smtpd[2882]: > unknown[192.168.1.16]: 235 2.0.0 Authentication successful
Dec 16 07:06:10 localhost postfix/smtpd[2882]: < unknown[192.168.1.16]: quit
Dec 16 07:06:10 localhost postfix/smtpd[2882]: > unknown[192.168.1.16]: 221 2.0.0 Bye
Dec 16 07:06:10 localhost postfix/smtpd[2882]: match_hostname: unknown ~? 127.0.0.0/8
Dec 16 07:06:10 localhost postfix/smtpd[2882]: match_hostaddr: 192.168.1.16 ~? 127.0.0.0/8
Dec 16 07:06:10 localhost postfix/smtpd[2882]: match_hostname: unknown ~? 192.168.1.0/24
Dec 16 07:06:10 localhost postfix/smtpd[2882]: match_hostaddr: 192.168.1.16 ~? 192.168.1.0/24
Dec 16 07:06:10 localhost postfix/smtpd[2882]: disconnect from unknown[192.168.1.16]
Dec 16 07:06:10 localhost postfix/smtpd[2882]: master_notify: status 1
Dec 16 07:06:10 localhost postfix/smtpd[2882]: connection closed
Dec 16 07:07:13 localhost postfix/smtpd[2882]: proxymap stream disconnect

...I would like to know how to improve Saslauthd logging but my problem is solved.