Continuing our triumphs and tribulations with Zimbra, sometimes we encounter issues that defy the general rules of the game. In many such cases, we’ve found solutions on blogs or the zimbra forum.

But here’s one issue that I couldn’t find anywhere on the net. It might help you if you are running zimbra and encounter this issue ;-)

When clients try to send emails through Zimbra (SMTP Relay) using SMTP Authentication, the authentication used to fail though the webmail (Zimbra’s own as well as Squirrelmail and even POP/IMAP ) worked. Poking at the logs showed:

Aug 14 07:44:07 localhost saslauthd[26944]: auth_zimbra: vendor.informedia auth failed: cur
l_easy_perform: error(28): Connection time-out
Aug 14 07:44:07 localhost saslauthd[26944]: do_auth : auth failure: [
formedia] [service=smtp] [realm=] [mech=zimbra] [reason=Unknown]
Aug 14 07:44:07 localhost postfix/smtpd[19245]: warning: unknown[]: SASL LOGIN
authentication failed

Running saslauthd in the debug mode was not a big help either. Zimbra uses soap and a specific authentication mechanism (called zimbra) for sending the credential info and interfacing with saslauthd and the webservice. IOW, tomcat (the SOAP provider) should be getting requests. But looking at the tomcat logs showed up no such requests. Trying the URL manually, from my laptop I was able to connect to the URL. No use, still.

But trying to connect to the URL using lynx on the server itself pointed out that the response time was large. It was taking up so much time to resolve the host (local hostname) that saslauthd used to time out.

Ahh!! The solution was now so simple. Install a local caching DNS server and try out the name resolution a couple of times. That does it. It did!! The whole thing’s working like a charm, ever since :-)

Also, while at it, I discovered a cool tool for testing out SMTP issues. No more setting up accounts on Balsa/Evolution.

shashi@anacoluthon:~$ apt-cache show swaks
Package: swaks

Description: SMTP command-line test tool
swaks (Swiss Army Knife SMTP) is a command-line tool written in Perl
for testing SMTP setups; it supports STARTTLS and SMTP AUTH (PLAIN,
LOGIN, CRAM-MD5, SPA, and DIGEST-MD5). swaks allows to stop the SMTP
dialog at any stage, e.g to check RCPT TO: without actually sending a
If you are spending too much time iterating “telnet foo.example 25″
swaks is for you.

Now, on to the next task … ;-)

By shashi

3 thoughts on “Zimbra Post or SASL Auth fails …”

Leave a Reply

Your email address will not be published. Required fields are marked *