DevHeads.net

intermittent sasl auth fails?

I have a user with TBird saying they get ocassional error when trying to
send with SASL AUTH, looking at log, I see this;

Mar 17 22:10:44 postfix/smtpd[11975]: connect from
111-222-333-444.static.tpgi.com.au[111.222.333.444]
Mar 17 22:10:45 postfix/smtpd[11975]: Anonymous TLS connection established
from 111-222-333-444.static.tpgi.com.au[111.222.333.444]: TLSv1.2 with
cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Mar 17 22:10:47 postfix/smtpd[11975]: warning:
111-222-333-444.static.tpgi.com.au[111.222.333.444]: SASL PLAIN
authentication failed:
Mar 17 22:10:53 postfix/smtpd[11975]: warning:
111-222-333-444.static.tpgi.com.au[111.222.333.444]: SASL LOGIN
authentication failed: UGFzc3dvcmQ6
Mar 17 22:10:59 postfix/smtpd[11975]: warning:
111-222-333-444.static.tpgi.com.au[111.222.333.444]: SASL PLAIN
authentication failed: UGFzc3dvcmQ6
Mar 17 22:11:05 postfix/smtpd[11975]: warning:
111-222-333-444.static.tpgi.com.au[111.222.333.444]: SASL LOGIN
authentication failed: UGFzc3dvcmQ6
Mar 17 22:11:59 postfix/smtpd[11975]: disconnect from
111-222-333-444.static.tpgi.com.au[111.222.333.444] ehlo=2 starttls=1
auth=0/4 quit=1 commands=4/8

Mar 17 22:14:37 postfix/smtpd[12089]: connect from
111-222-333-444.static.tpgi.com.au[111.222.333.444]
Mar 17 22:14:38 postfix/smtpd[12089]: Anonymous TLS connection established
from 111-222-333-444.static.tpgi.com.au[111.222.333.444]: TLSv1.2 with
cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Mar 17 22:14:42 postfix/smtpd[12089]: 5425745329A0:
client=111-222-333-444.static.tpgi.com.au 111.222.333.444],
sasl_method=PLAIN, sasl_username= ... at tld dot com.au
Mar 17 22:14:42 postfix/smtpd[12089]: disconnect from
111-222-333-444.static.tpgi.com.au[111.222.333.444] ehlo=2 starttls=1
auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
Mar 17 22:14:43 amavis[11177]: (11177-17) Passed CLEAN {RelayedOutbound},
ORIGINATING LOCAL [111.222.333.444]:54608 [111.222.333.444] < ... at tld dot com>
-> < ... at yahoo dot com>, Queue-ID: 5425745329A0, Message-ID:
<7252a376-030e-0a85-cede- ... at autopack dot com>, mail_id:
WUkk9VvorFcd, Hits: 0.076, size: 1111, queued_as: BAE5645329A6, 1303 ms

hmmmm, as I was munging the email address, I've noticed that:

the sasl username is ' ... at tld dot com.au' BUT on next line they have
' ... at tld dot com' (both domains are valid, tld.com as well as tld.com.au) -
could that be a problem ?

how else to t/s this ?

V

Comments

Re: intermittent sasl auth fails?

By Viktor Dukhovni at 03/17/2019 - 21:23

Try to avoid pasting SASL-generated base64-encoded strings from
verbose logs, these often contain easily decoded passwords. In
this case "UGFzc3dvcmQ6" just decodes to "Password:", which I hope
is not the actual password for the account.

The SASL login name is " ... at tld dot com.au". The envelope
sender email address is: " ... at tld dot com".

No. The SASL login name need not be, and often isn't, the same as
the envelope sender address.

Re: intermittent sasl auth fails?

By LuKreme at 03/17/2019 - 17:47

On 17 Mar 2019, at 05:40, <a href="mailto: ... at sbt dot net.au"> ... at sbt dot net.au</a> wrote:
both are valid in your lookup table? Have you checked this with postman?

Re: intermittent sasl auth fails?

By LuKreme at 03/17/2019 - 17:50

On 17 Mar 2019, at 15:47, @lbutlr < ... at kreme dot com> wrote:
postmaP

(sorry, spelling correcting one wild)