Postfix SASL Authentication error. CentOS 7 Fresh install.

Submitted by runnerz on Sun, 02/07/2016 - 13:30

Hi,

When trying to send mail from the server the following is from the /var/log/maillog.

Feb 7 20:15:01 bender01 postfix/smtpd[22782]: connect from unknown[::1] Feb 7 20:15:01 bender01 postfix/smtpd[22782]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory Feb 7 20:15:01 bender01 postfix/smtpd[22782]: warning: unknown[::1]: SASL LOGIN authentication failed: generic failure Feb 7 20:15:01 bender01 postfix/smtpd[22782]: disconnect from unknown[::1]

Can't seem to find a working solution to the problem. In the beginning I had a problem with mails being queued up, fix that by copy /etc/resolv.conf and /etc/services to the postfix chroot ( /var/spool/postfix ) I guess this is related but can't find out what is missing. Tried to make a symlink for saslauth. so making /var/run/saslauthd -> /var/spool/postfix/var/run/saslauth but that does not seem to change anything.

I am kind of lost...

Sune

Status: 
Closed (fixed)

Comments

Submitted by runnerz on Sun, 02/07/2016 - 15:41

Category: Bug report » Support request
Priority: Normal » Critical

Submitted by andreychek on Mon, 02/08/2016 - 10:26

Howdy -- what is the output of this command:

ls -la /var/spool/postfix/var/run/saslauthd

Submitted by runnerz on Wed, 02/10/2016 - 04:44

Hi Andreychek

The output is ls: cannot access /var/spool/postfix/var/run/saslauthd: No such file or directory

I have it sort of working now, i made postfix run in NON-chroot, but am not sure this is what i want, because i want to enable SSL for Postfix and Dovecot. or am i seeing something wrong.?

Her is the output from master.cf

#

Postfix master process configuration file. For details on the format of the file, see the master(5) manual page (command: "man 5 master").

#

Do not forget to execute "postfix reload" after editing this file.

#

========================================================================== service type private unpriv chroot wakeup maxproc command + args (yes) (yes) (yes) (never) (100) ==========================================================================

smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes

submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING

smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING

628 inet n - n - - qmqpd

pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr

qmgr fifo n - n 300 1 oqmgr

tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp

When relaying mail as backup MX, disable fallback_relay to avoid MX loops

relay unix - - n - - smtp -o smtp_fallback_relay=

-o smtp_helo_timeout=5 -o smtp_connect_timeout=5

showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache #

==================================================================== Interfaces to non-Postfix software. Be sure to examine the manual pages of the non-Postfix software to find out what options it wants.

#

Many of the following services use the Postfix pipe(8) delivery agent. See the pipe(8) man page for information about ${recipient} and other message envelope options. ====================================================================

#

maildrop. See the Postfix MAILDROP_README file for details. Also specify in main.cf: maildrop_destination_recipient_limit=1

# maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} #

====================================================================

#

Recent Cyrus versions can use the existing "lmtp" master.cf entry.

#

Specify in cyrus.conf: lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4

#

Specify in main.cf one or more of the following: mailbox_transport = lmtp:inet:localhost virtual_transport = lmtp:inet:localhost

#

====================================================================

#

Cyrus 2.1.5 (Amos Gouaux) Also specify in main.cf: cyrus_destination_recipient_limit=1

#

cyrus unix - n n - - pipe user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}

#

==================================================================== Old example of delivery via Cyrus.

#

old-cyrus unix - n n - - pipe flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}

#

====================================================================

#

See the Postfix UUCP_README file for configuration details.

# uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) #

Other external delivery methods.

# ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}

submission inet n n - - - smtpd -o smtpd_sasl_auth_enable=yes

smtp inet n - n - 1 postscreen smtpd pass - - n - - smtpd dnsblog unix - - n - 0 dnsblog tlsproxy unix - - n - 0 tlsproxy

The output from /etc/sysconfig/saslauthd

Directory in which to place saslauthd's listening socket, pid file, and so on. This directory must already exist.

SOCKETDIR=/run/saslauthd

Mechanism to use when checking passwords. Run "saslauthd -v" to get a list of which mechanism your installation was compiled with the ablity to use.

MECH=pam

Additional flags to pass to saslauthd on the command line. See saslauthd(8) for the list of accepted flags.

FLAGS="-r"

Submitted by andreychek on Wed, 02/10/2016 - 10:08

It's okay to not run that in chroot, a lot of distros do that setup by default.

What issues (if any) are you seeing now that you changed that? It shouldn't be a problem to use SSL, when not using chroot.

Submitted by runnerz on Thu, 02/11/2016 - 03:47

The issues I have right now is a lot of bounce mails, so if i send an email from user1@test.local to user2@test.local the mail gets through fine. But user1 will get a bounce mail saying the mail was not delivered. I am very close to reinstall the server and try again. The problem started after a restore of virtualmin config from a debian server and this is CentOS maybe the did something...

Submitted by andreychek on Thu, 02/11/2016 - 10:39

Well, that's unusual.

I'd be curious to see what shows up in your email logs when that occurs. That's either /var/log/mail.log or /var/log/maillog.

Also, does that bounce only occur for that user2? Or does it occur when sending an email to anyone on your server?

Submitted by runnerz on Thu, 03/03/2016 - 05:52

Finaly I seem to be able to fix this issue. There was something wrong in the master.cf file for postfix. I replaced it with a copy from a fresh install of virtualmin. Did not look into how the master.cf file got corrupted, but my guess is that the backup restore of virtualmin settings from a Debian server to a CentOS server did the scewup. The case can now be closed.

Submitted by runnerz on Thu, 03/03/2016 - 05:53

Status: Active » Closed (fixed)