［求助］用邮件客户端死活无法通过Postfix的SASL认证

[flarefox]

我都快哭了，从昨天上午到现在一直在倒腾邮件服务，现在总算能收外部信，也能在telnet localhost 25里发外部信了，可是用邮件客户端(TB, Evo)都不能发信，提示用户密码错误。恳求大侠救命啊…………

在命令行下输入
testsaslauthd -u username -p password
提示
0: OK "Success."

但是，在邮件客户端里，无论怎样设置（用/不用TLS）都提示错误，错误日志如下：
May 17 13:54:38 mathelite postfix/smtpd[17573]: connect from mathelite.cn[127.0.0.1]
May 17 13:54:41 mathelite postfix/smtpd[17573]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
May 17 13:54:41 mathelite postfix/smtpd[17573]: warning: SASL authentication failure: Password verification failed
May 17 13:54:41 mathelite postfix/smtpd[17573]: warning: mathelite.cn[127.0.0.1]: SASL PLAIN authentication failed: generic failure
May 17 13:54:41 mathelite postfix/smtpd[17573]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
May 17 13:54:41 mathelite postfix/smtpd[17573]: warning: mathelite.cn[127.0.0.1]: SASL LOGIN authentication failed: generic failure
May 17 13:54:42 mathelite postfix/smtpd[17573]: disconnect from mathelite.cn[127.0.0.1]

# postconf -d |grep mail_version
mail_version = 2.5.5

/etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
home_mailbox = Maildir/

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_auth_only = no
smtpd_use_tls=yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mathelite.cn
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.mathelite.cn, iyuan-desktop, localhost.localdomain, localhost,mathelite.cn
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
#mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 1000000000
message_size_limit=102400000
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

# sasl configuration
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

/etc/postfix/sasl/smtpd.conf：
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true

/etc/default/saslauthd：
#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#

# Should saslauthd run automatically on startup? (default: no)
START=yes
PWDIR="var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"

# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"

# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="shadow"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
#OPTIONS="-c -m /var/run/saslauthd"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

印象中我就改了这些文件。
还改了/var/spool/postfix/var/run/saslauthd的权限为711，要不连testsaslauthd都提示permission denied.
在线等！江湖救急啊，大侠们救命啊！！

[flarefox]

我的神哪，总算搞定了。
简直是鬼使神差，我打开了鬼斧神工的man saslauthd，满屏鸟语看得我神哭鬼嚎之际，一段话跳入了我的眼睛：
-r Combine the realm with the login (with an '@' sign in between).
e.g. login: "foo" realm: "bar" will get passed as login:
"foo@bar". Note that the realm will still be passed, which may
lead to unexpected behaviour.
-r原来是这个用处，真牛。所以说绝对不要相信Google……

还有另一个错误，就是我把/var/run/saslauthd移动位置之后，没有改/var/lib/dpkg/statoverride，结果每次重启sala服务，权限又变回去了。
ok…… 把这两个问题改完，天下天平

[井蛙]

能不能写一个安装日志阿~