Hello guys!
I'm using webmin and virtualmin to configure my mail server. And for that I get up my postfix, dovecot and saslauthd services. But when I sent an test mail from my Gmail to my server, I get this error:
fatal: no SASL authentication mechanisms
Here is all my configuration files and log files, to help us:
Nov 4 14:42:49 ns1 postfix/postfix-script[2147]: stopping the Postfix mail system
Nov 4 14:42:49 ns1 postfix/master[1340]: terminating on signal 15
Nov 4 14:42:49 ns1 postfix/postfix-script[2228]: starting the Postfix mail system
Nov 4 14:42:49 ns1 postfix/master[2230]: daemon started -- version 2.10.1, configuration /etc/postfix
Nov 4 14:45:37 ns1 postfix/smtpd[2314]: connect from mail-oi0-f51.google.com[209.85.218.51]
Nov 4 14:45:37 ns1 postfix/smtpd[2314]: fatal: no SASL authentication mechanisms
Nov 4 14:45:38 ns1 postfix/master[2230]: warning: process /usr/libexec/postfix/smtpd pid 2314 exit status 1
Nov 4 14:45:38 ns1 postfix/master[2230]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
Nov 4 14:47:18 ns1 postfix/anvil[2317]: statistics: max connection rate 1/60s for (smtp:209.85.218.51) at Nov 4 14:45:37
Nov 4 14:47:18 ns1 postfix/anvil[2317]: statistics: max connection count 1 for (smtp:209.85.218.51) at Nov 4 14:45:37
Nov 4 14:47:18 ns1 postfix/anvil[2317]: statistics: max cache size 1 at Nov 4 14:45:37
/var/log/maillog
Nov 04 14:45:37 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Nov 04 14:45:37 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
Nov 04 14:45:37 auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat
Nov 04 14:45:37 auth: Debug: auth client connected (pid=0)
/var/log/dovecot.debug
Nov 04 14:43:28 anvil: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill)
Nov 04 14:43:28 log: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill)
Nov 04 14:43:28 master: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill)
Nov 04 14:43:28 master: Info: Dovecot v2.2.10 starting up for imap, pop3 (core dumps disabled)
/var/log/dovecot.info Proccess killed because I restarted the service, so ignore that, please.
[root@ns1 ~]# systemctl status dovecot -l
dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2016-11-04 14:43:28 BRST; 35s ago
Process: 2246 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS)
Main PID: 2250 (dovecot)
CGroup: /system.slice/dovecot.service
├─2250 /usr/sbin/dovecot -F
├─2251 dovecot/anvil
├─2252 dovecot/log
└─2254 dovecot/config
Nov 04 14:43:28 ns1.domain.com.br systemd[1]: Starting Dovecot IMAP/POP3 email server...
Nov 04 14:43:28 ns1.domain.com.br systemd[1]: Started Dovecot IMAP/POP3 email server.
systemctl status dovecot -l
[root@ns1 ~]# systemctl status postfix -l
postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2016-11-04 14:42:49 BRST; 1min 55s ago
Process: 2141 ExecStop=/usr/sbin/postfix stop (code=exited, status=0/SUCCESS)
Process: 2158 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
Process: 2154 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
Process: 2152 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
Main PID: 2230 (master)
CGroup: /system.slice/postfix.service
├─2230 /usr/libexec/postfix/master -w
├─2231 pickup -l -t unix -u
└─2232 qmgr -l -t unix -u
Nov 04 14:42:49 ns1.domain.com.br systemd[1]: Starting Postfix Mail Transport Agent...
Nov 04 14:42:49 ns1.domain.com.br postfix/postfix-script[2228]: starting the Postfix mail system
Nov 04 14:42:49 ns1.domain.com.br postfix/master[2230]: daemon started -- version 2.10.1, configuration /etc/postfix
Nov 04 14:42:49 ns1.domain.com.br systemd[1]: Started Postfix Mail Transport Agent.
systemctl status postfix -l
[root@ns1 ~]# systemctl status saslauthd -l
saslauthd.service - SASL authentication daemon.
Loaded: loaded (/usr/lib/systemd/system/saslauthd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2016-11-03 12:19:08 BRST; 1 day 2h ago
Process: 1978 ExecStart=/usr/sbin/saslauthd -m $SOCKETDIR -a $MECH $FLAGS (code=exited, status=0/SUCCESS)
Main PID: 1979 (saslauthd)
CGroup: /system.slice/saslauthd.service
├─1979 /usr/sbin/saslauthd -m /run/saslauthd -a pam -r
├─1980 /usr/sbin/saslauthd -m /run/saslauthd -a pam -r
├─1981 /usr/sbin/saslauthd -m /run/saslauthd -a pam -r
├─1982 /usr/sbin/saslauthd -m /run/saslauthd -a pam -r
└─1983 /usr/sbin/saslauthd -m /run/saslauthd -a pam -r
Nov 03 12:19:08 ns1.domain.com.br systemd[1]: Starting SASL authentication daemon....
Nov 03 12:19:08 ns1.domain.com.br saslauthd[1979]: detach_tty : master pid is: 1979
Nov 03 12:19:08 ns1.domain.com.br saslauthd[1979]: ipc_init : listening on socket: /run/saslauthd/mux
Nov 03 12:19:08 ns1.domain.com.br systemd[1]: Started SASL authentication daemon..
systemctl status saslauthd -l
# MY CONFIGS
myhostname = mail.domain.com.br
mydomain = domain.com.br
myorigin = $mydomain
inet_protocols = ipv4
mydestination = $myhostname, localhost, ns1.domain.com.br
mynetworks = 168.100.189.0/28, 127.0.0.0/8
relay_domains = $mydestination
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
recipient_bcc_maps = hash:/etc/postfix/bcc
queue_directory = /var/spool/postfix
# SASL
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_security_options = noanonymous noplaintext
smtpd_sasl_local_domain = domain.com.br
smtpd_recipient_restrictions = check_policy_service unix:/var/spool/postfix/postgrey/socket
# TLS
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/postfix/ssl/mail.domain.com.br.key
smtpd_tls_cert_file = /etc/postfix/ssl/mail.domain.com.br.crt
smtpd_tls_security_level=encrypt
smtpd_tls_auth_only = yes
smtpd_sasl_tls_security_options = noanonymous, noplaintext
# OTHERS
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
/etc/postfix/main.cf
smtp inet n - n - - smtpd
/etc/postfix/master.cf
protocols = imap pop3
listen = *
/etc/dovecot/dovecot.conf
disable_plaintext_auth = no
auth_mechanisms = plain login
/etc/dovecot/10-auth.conf
service auth {
unix_listener auth-userdb {
#mode = 0660
#user = postfix
#group = postfix
}
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
# Auth process is run as this user.
#user = $default_internal_user
}
/etc/dovecot/10-master.conf
log_path = /var/log/dovecot.info
info_log_path = /var/log/dovecot.info
debug_log_path = /var/log/dovecot.debug
auth_verbose = yes
auth_debug = yes
mail_debug = yes
verbose_ssl = yes
/etc/dovecot/10-logging.conf
Thanks for the atention.
This is my postfix main.cf file which i have just been playing around with in order to reduce spam and stop backscatter. You certainly need to add to smtpd_recipient_restrictions = permit_mynetworks, permit_inet_interfaces, permit_sasl_authenticated
N.B. I am far form being an expert in Postifx configuration but this works for me and reduced the amount of spam I was getting from over 100 a day to less than 10.
You may wish to take a look a these which I found useful.
https://www.pantz.org/software/postfix/
https://www.webstershome.co.uk/2014/04/07/postfix-blocking-spam-enters-s...
biff = no
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_name = mail.domain.co.uk
smtpd_banner = ESMTP $mail_name
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtp_use_tls = yes
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_use_tls = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
myhostname = server.domain.co.uk
mydomain = server.domain.co.uk
inet_protocols = all
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, server.domain.co.uk
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8, etc #run postconf -d to get this
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
bounce_size_limit = 2000
message_size_limit = 40960000
header_size_limit = 402400
maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_error_sleep_time = 10
smtpd_soft_error_limit = 20
smtpd_hard_error_limit = 20
smtpd_junk_command_limit = 20
strict_rfc821_envelopes = yes
show_user_unknown_table_name = no
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
home_mailbox = Maildir/
2bounce_notice_recipient = postmaster@domain.co.uk
error_notice_recipient = postmaster@domain.co.uk
bounce_notice_recipient = postmaster@domain.co.uk
header_checks = regexp:/etc/postfix/header_checks
#body_checks = regexp:/etc/postfix/body_checks
### Reject codes
access_map_reject_code = 554
defer_code = 554
invalid_hostname_reject_code = 554
maps_rbl_reject_code = 554
non_fqdn_reject_code = 554
reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_sender_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
### SMTP Restrictions
smtpd_client_restrictions = permit_mynetworks,
permit_inet_interfaces,
permit_sasl_authenticated,
check_client_access regexp:/etc/postfix/client_restrictions,
reject_unknown_client
smtpd_helo_restrictions = permit_mynetworks,
permit_inet_interfaces,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
check_helo_access regexp:/etc/postfix/helo.regexp,
warn_if_reject reject_invalid_hostname,
permit
smtpd_etrn_restrictions = permit_mynetworks,
permit_inet_interfaces,
permit_sasl_authenticated,
reject
smtpd_sender_restrictions = permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_address,
permit
smtpd_recipient_restrictions = permit_mynetworks,
permit_inet_interfaces,
permit_sasl_authenticated,
check_client_access regexp:/etc/postfix/client_restrictions,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
reject_unauth_destination,
reject_multi_recipient_bounce,
reject_non_fqdn_hostname,
reject_invalid_hostname,
reject_unknown_client,
warn_if_reject reject_unknown_hostname,
reject_unauth_pipelining,
check_policy_service unix:/var/spool/postfix/postgrey/socket,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client zen.spamhaus.org,
permit
smtpd_data_restrictions = reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
smtpd_timeout = 300s
smtp_destination_rate_delay = 1s
smtpd_tls_cert_file = /etc/letsencrypt/live/domain.co.uk/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/domain.co.uk/privkey.pem
smtpd_tls_CAfile = /etc/letsencrypt/live/domain.co.uk/fullchain.pem
smtpd_tls_security_level = may
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers = high
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
/etc/postfix/header_checks and /etc/postfix/helo.regexp and /etc/postfix/client_restrictions
See https://www.pantz.org/software/postfix/
In some other Postfix configurations I saw this being used as one of the RBL lists enablerbl:dnsbl.sorbs.net. However on this list google is blacklisted and has been apparently for 8 years !!! The regex in client_restrictions should overcome this but I didn't have time to fully test yet. Make sure the checks in smtpd_recipient_restrictions are before the reject_rbl_client lines
Also check /etc/postfix/virtual as I had catchall email addresses going to BOUNCE which I removed after which you need to run
postmap /etc/postfix/virtualservice postfix restart
Thanks for your atention.
Is too much to ask you your master.cf and dovecot conf?
O will check that tomorrow and update here.
Hi
Hope this helps.
master.cf
## Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
my.ip.add.ress:smtp inet n - n - 200 smtpd -o smtpd_sasl_auth_enable=yes
my.ip.add.ress:submission inet n - n - - smtpd
-o smtpd_tls_security_level=may
-o tls_preempt_cipherlist=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
#submission inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes
127.0.0.1:smtp inet n - n - 200 smtpd -o smtpd_sasl_auth_enable=yes
127.0.0.1:submission inet n - n - - smtpd
dovcot.conf
## Dovecot configuration file
# If you're in a hurry, see http://wiki.dovecot.org/QuickConfiguration
# "doveconf -n" command gives a clean output of the changed settings. Use it
# instead of copy&pasting files when posting to the Dovecot mailing list.
# '#' character and everything after it is treated as comments. Extra spaces
# and tabs are ignored. If you want to use either of these explicitly, put the
# value inside quotes, eg.: key = "# char and trailing whitespace "
# Default values are shown for each setting, it's not required to uncomment
# those. These are exceptions to this though: No sections (e.g. namespace {})
# or plugin settings are added by default, they're listed only as examples.
# Paths are also just examples with the real defaults being based on configure
# options. The paths listed here are for configure --prefix=/usr
# --sysconfdir=/etc --localstatedir=/var
# Protocols we want to be serving.
#protocols = imap pop3 lmtp
#protocols = imap pop3 imaps pop3s
protocols = imap pop3
# A comma separated list of IPs or hosts where to listen in for connections.
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf.
#listen = *, ::
# Base directory where to store runtime data.
#base_dir = /var/run/dovecot/
# Greeting message for clients.
#login_greeting = Dovecot ready.
# Space separated list of trusted network ranges. Connections from these
# IPs are allowed to override their IP addresses and ports (for logging and
# for authentication checks). disable_plaintext_auth is also ignored for
# these networks. Typically you'd specify your IMAP proxy servers here.
#login_trusted_networks =
# Sepace separated list of login access check sockets (e.g. tcpwrap)
#login_access_sockets =
# Show more verbose process titles (in ps). Currently shows user name and
# IP address. Useful for seeing who are actually using the IMAP processes
# (eg. shared mailboxes or if same uid is used for multiple accounts).
#verbose_proctitle = no
# Should all processes be killed when Dovecot master process shuts down.
# Setting this to "no" means that Dovecot can be upgraded without
# forcing existing client connections to close (although that could also be
# a problem if the upgrade is e.g. because of a security fix).
#shutdown_clients = yes
# If non-zero, run mail commands via this many connections to doveadm server,
# instead of running them directly in the same process.
#doveadm_worker_count = 0
# UNIX socket or host:port used for connecting to doveadm server
#doveadm_socket_path = doveadm-server
##
## Dictionary server settings
##
# Dictionary can be used to store key=value lists. This is used by several
# plugins. The dictionary can be accessed either directly or though a
# dictionary server. The following dict block maps dictionary names to URIs
# when the server is used. These can then be referenced using URIs in format
# "proxy::<name>".
dict {
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}
# Most of the actual configuration gets included below. The filenames are
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
# in filenames are intended to make it easier to understand the ordering.
!include conf.d/*.conf
# A config file can also tried to be included without giving an error if
# it's not found:
#!include_try /etc/dovecot/local.conf
#ssl_ca_file = /etc/letsencrypt/live/mydomain.co.uk/fullchain.pem
ssl_ca = </etc/letsencrypt/live/mydomain.co.uk/fullchain.pem
#ssl_verify_client_cert=yes