Setting the "Use SASL SMTP authentication?" option to 'Yes writes incorrect configuration option to main.cf

This is quite important issue, because one could be sending e-mails for days without noticing they are not delivered at all. That is what happen to one of our Webmin servers, where we had set the "Use SASL SMTP authentication?" option to 'Yes', which apparently inserts smtp_sasl_auth_enable = yes when in fact it should be smtpd_sasl_auth_enable = yes. See the discussion between persons who got exactly the same issue on https://serverfault.com/questions/698854/postfix-fatal-specify-a-passwor...

Status: 
Active

Comments

There are two separate config options for smtp_sasl vs smtpd_sasl in Webmin on the "SMTP Authentication And Encryption" page though.

I am not sure if there are two and what each of them is for, but what I care about is when you set the "Use SASL SMTP authentication?" to Yes it inserts smtp_sasl_auth_enable = yes instead of smtpd_sasl_auth_enable = yes and breaks Postfix causing the postfix fatal: specify a password table via the `smtp_sasl_password_maps' configuration parameter error. At least, thats what's what happens on CentOS 7.x systems. Why don't you run some tests, Jamie?

tpnsolutions's picture
Submitted by tpnsolutions on Sun, 03/24/2019 - 12:31

Jamie,

I'd like to chime in on this topic. I have confirmed the error per a recent install of Virtualmin. Inside the "/etc/postfix/main.cf", the wrong parameter is being added which essentially breaks sending via STARTTLS.

smtp_tls_security_level = may (incorrect)
smtpd_tls_security_level = may (correct)

I spent days working with a client, and then examined the configuration against a working server which is how I discovered the typo. Once corrected sending via STARTTLS worked without issue.

  • Peter

Guys, IMHO you two have started discussing a different issue. The problem here is very simple - setting something on Virtualmin UI is causing the error. That's it! Clicking on anything on *min UI should be clean and cause no errors. Of course that's expected in ideal scenario whereas in practice we occasionally face lot's of issues. But at least we should try to always reach ideal.

Now, please concentrate on the issue itself here: go and set the "Use SASL SMTP authentication?" to 'Yes' and then witness Postfix giving the following error:

postfix fatal: specify a password table via the `smtp_sasl_password_maps' configuration parameter error.

Will this be finally fixed or kept ignored?

Just to note in case this may be the confusion... there are 2 sasl settings on that config page as Jamie said... One for local server config and 1 for remote. The LOCAL Setting at the top of the SMTP Authentication And Encryption page "Require SASL SMTP authentication?", when set to yes does indeed add 'smtpd_sasl_auth_enable = yes' to the main.cf file. I changed to yes, Restarted postfix, sent and recvd mail fine. Compared before and after files, that line was added at the bottom.

The "Use SASL SMTP authentication?" down at the bottom of the SMTP Authentication And Encryption page is only for configuring connection to another mail server for sending mail. Those bottom 3 settings are in their own 'section'. Ignore them unless you're sending mail via a relay server.

Local, not local - doesn't really matter. Guys, how don't you understand that changing ANYTHING on UI should not cause error on Postfix logs and in this case it not only does, but also actually breaks normal work of Postfix. No mail delivered after you go and change that setting on UI. Please don't be lazy and just run some tests.

Not only this issue is the cause to the postfix fatal: specify a password table via the `smtp_sasl_password_maps' configuration parameter error, but also to the following one:

warning: /usr/libexec/postfix/smtp: bad command startup -- throttling

That is the same here with fresh centos7 install if you put the yes there, ok if not put it there , should be given a warning or Documentation how to solve the error after such. Only error , not working and so on is not so good sorry ;)

I'm only supporting here with my test result, so not asking support with my gpl test hihi ;)

1:36:18 vp postfix/smtp[23434]: fatal: specify a password table via the `smtp_sasl_password_maps' configuration parameter
Apr 16 01:36:19 vp postfix/master[5736]: warning: process /usr/libexec/postfix/smtp pid 23434 exit status 1
Apr 16 01:36:19 vp postfix/master[5736]: warning: /usr/libexec/postfix/smtp: bad command startup -- throttling
Apr 16 01:37:19 vp postfix/smtp[24305]: fatal: specify a password table via the `smtp_sasl_password_maps' configuration parameter