No worthy mechs found

[0xbrigles]

Hi and thanks for your awesome work. Sadly i got this "No worthy mechs found" errors on my test maschine.

OS: Almalinux 8.5 (RHEL clone like CentOS) mail_version = 3.5.8

output /var/log/messages

Mar  8 16:58:37 de-testserver-01 pluginviewer[22979]: sasl-xoauth2: Exception during init: * Line 4, Column 3#012  Missing ',' or '}' in object declaration
Mar  8 16:58:37 testserver-01 pluginviewer[22979]: sasl_client_add_plugin(): entry_point(): failed for plugname sasl-xoauth2
Mar  8 17:00:56 testserver-01 postfix/smtp[22986]: sasl_client_add_plugin(): entry_point(): failed for plugname sasl-xoauth2
Mar  8 17:05:56 testserver-01 postfix/smtp[23013]: sasl_client_add_plugin(): entry_point(): failed for plugname sasl-xoauth2
Mar  8 17:05:56 testserver-01 postfix/smtp[23014]: sasl_client_add_plugin(): entry_point(): failed for plugname sasl-xoauth2

output /var/log/maillog

warning: SASL authentication failure: No worthy mechs found
...
 status=deferred (SASL authentication failed; cannot authenticate to server smtp.office365.com

/usr/sbin/pluginviewer -s (list server authentication (SASL) plugins)

  GSS-SPNEGO GSSAPI EXTERNAL LOGIN PLAIN ANONYMOUS
Available SASL (server side) mechanisms matching your criteria are:
  GSS-SPNEGO GSSAPI LOGIN PLAIN ANONYMOUS
List of server plugins follows
Plugin "gssapiv2" [loaded],     API version: 4
    SASL mechanism: GSS-SPNEGO, best SSF: 256, supports setpass: no
    security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
    features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|DONTUSE_USERPASSWD|CHANNEL_BINDING|SUPPORTS_HTTP
Plugin "gssapiv2" [loaded],     API version: 4
    SASL mechanism: GSSAPI, best SSF: 256, supports setpass: no
    security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
    features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|DONTUSE_USERPASSWD|CHANNEL_BINDING
Plugin "login" [loaded],    API version: 4
    SASL mechanism: LOGIN, best SSF: 0, supports setpass: no
    security flags: NO_ANONYMOUS|PASS_CREDENTIALS
    features:
Plugin "plain" [loaded],    API version: 4
    SASL mechanism: PLAIN, best SSF: 0, supports setpass: no
    security flags: NO_ANONYMOUS|PASS_CREDENTIALS
    features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "anonymous" [loaded],    API version: 4
    SASL mechanism: ANONYMOUS, best SSF: 0, supports setpass: no
    security flags: NO_PLAINTEXT
    features: WANT_CLIENT_FIRST|DONTUSE_USERPASSWD

the libsasl-xoauth2.so file is located under /usr/lib64/sasl2/ like all other sasl.so`s do.

i compiled the plugin with the options -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_INSTALL_SYSCONFDIR=/etc

selinux is temporarly disabled for testing

Maybe someone got the same error and knows what`s wrong on my setup.

[tarickb]

I think there's a hint in the first line you included from /var/log/messages:

Mar  8 16:58:37 de-testserver-01 pluginviewer[22979]: sasl-xoauth2: Exception during init: * Line 4, Column 3#012  Missing ',' or '}' in object declaration

Can you share your sasl-xoauth2.conf, with the sensitive bits redacted?

[0xbrigles]

Oh yes, it is a comma fail. My configuration looks like the following:

{
  "client_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "client_secret": ""
  "token_endpoint": "https://login.microsoftonline.com/organizations/oauth2/v2.0/token"
}

I added the missing comma after "client_secret": "" and now the plugin is loaded correctly.

/usr/sbin/pluginviewer -c:

....
Plugin "sasl-xoauth2" [loaded],     API version: 4
    SASL mechanism: XOAUTH2, best SSF: 60
    security flags: NO_ANONYMOUS|PASS_CREDENTIALS
    features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
....

I totally missinterpret the error message. Now i think the authentication process is successfully done. I've got a bounce message from relay but this should be a missing send as permission or something in this direction i think (Client not authenticated to send mail).

Thanks for your fast reply and for this awesome project :+1: