POSTFIX SASL Authentication ERROR

Question

I have raised a query with the below mentioned link, and i have below mentioned configuration in main.cf POSTFIX SASL Configuration

main.cf

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname,<"all other destination list">
mydomain = <"my domain name">
myhostname = <"my hotname name">
mynetworks = <"ALL IPS">
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relay_domains = $mydestination
relayhost = <"MY RELAY HOST SERVER DETAILS">
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd
cyrus_sasl_config_path = /etc/postfix/sasl
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

master.cf

#File has the below mentioned
smtp inet n - y - - smtpd #smtp inet n - n - 1 postscreen #smtpd pass - - - - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
#submission inet n - - - - smtpd

/etc/postfix/sasl/smtpd.conf

pwcheck_method: saslauthd mech_list: LOGIN PLAIN
saslauthd_path: private/saslauthd/mux

With the above configuration i get the below error postfix/smtpd[20980]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory postfix/smtpd[20980]: warning: unknown[]: SASL LOGIN authentication failed: generic failure

What is your Linux distribution? – Michael Hampton Oct 06 '20 at 13:42 — Michael Hampton, Oct 06 '20 at 13:42

score 1 · Answer 1 · answered Feb 13 '21 at 13:07

Simply put: Postfix communicates with SASL (saslauthd) using files. In the configuration of both, you can specify the path to use. In that path, the following files will be created:

~# ls -l /var/spool/postfix/var/run/saslauthd/
total 4
srwxrwxrwx 1 root root 0 Feb 12 11:41 mux
-rw------- 1 root root 0 Feb 12 11:41 mux.accept
-rw------- 1 root root 7 Feb 12 11:41 saslauthd.pid

Chances are, your postfix process is chrooted. Which is a good thing from security point of view. This means though that postfix will write it's sasl stuff into /whatever-your-postfix-chroot-is/var/run/saslauthd/

I believe you should not specify a file in your path. So NOT:

saslauthd_path: private/saslauthd/mux

Because that would lead to postfix looking for private/saslauthd/mux/mux file. That's probably now what you intend.

Either leave that line out completely and use the default path, or specify the sasl path explicitly:

saslauthd_path: private/saslauthd/

So far for the Postfix side of things.

There is also the SASL side of things. In the saslauthd configuration, you have the OPTIONS parameter. Check out the -m parameter which is /var/run/saslauthd/ by default.

Since your postfix is probably chrooted, it does not have access to /var/run/saslauthd/ path. So change your SASL configuration to /whatever-your-postfix-chroot-is/private/saslauthd/ Like this: OPTIONS="-m /whatever-your-postfix-chroot-is/private/saslauthd/ -r"

And restart your saslauthd

systemctl restart saslauthd

If you still experience communication issues between Postfix and saslauthd, suggest you post the output of

ps -ef | grep sasl

madcap · Answer 2 · 2020-10-06T12:51:43.587

0

The error message says: cannot connect to saslauthd server: No such file or directory. The two most likely explanations is either that saslauthd is not running, or that smtpd and saslauthd disagree on the name.

edited Oct 06 '20 at 12:51

answered Oct 06 '20 at 12:44

madcap

55
6

The daemon is running : i checked with the status command. But I didnt get your second point ---> or that smtpd and saslauthd disagree on the name. How can i check this ?? – Naga Oct 06 '20 at 13:03
You can use the the command `sudo lsof -c saslauthd | grep unix` to see all unix domain sockets that saslauthd has open. You can also use `sudo lsof -c smtpd | grep rtd` to see if postfix is chrooted. – madcap Oct 06 '20 at 13:32
Actuall the command gives more output, but due to the space constraint, i have placed the first two line. ---> sudo lsof -c saslauthd | grep unix saslauthd 23203 root 3u unix 0xffff888079bbcc00 0t0 3194590 socket saslauthd 23203 root 5u unix 0xffff888079bbc400 0t0 3194591 /run/saslauthd/mux – Naga Oct 06 '20 at 14:02
sudo lsof -c smtpd | grep rtd --> this gives no output – Naga Oct 06 '20 at 14:02
Your lsof does not have the same output format as mine. For me, the third line contains the root directory for the process. The FD is "rtd" and the TYPE is "DIR" and NAME is "/var/spool/postfix". Try sudo lsof -c smtpd | more, and you can probably figure it out. You already have the pathname that sslauthd is using, which in not same as you have configured smtpd to use. – madcap Oct 06 '20 at 14:49
This command also doesnt given an output. sudo lsof -c smtpd | more – Naga Oct 07 '20 at 08:34
Try changing saslauthd_path: private/saslauthd/mux to /run/saslauthd/mux. If that does not work, your postfix is running chroot. Mine is, and then you need to change it back, and figure out how to pass -m /var/spool/postfix/private/sslauthd to ssslauthd. Your postfix might yous another root directory. – madcap Oct 07 '20 at 09:15
Sorry about the late reply. This Change doesnt work either : private/saslauthd/mux to /run/saslauthd/mux. I am not sure what you meant in the second statement. I am new to this email server configuration, Could you please kindly let me know with more information ? Still the same error : warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory warning: unknown[99.999.99.999]: SASL LOGIN authentication failed: generic failure – Naga Oct 12 '20 at 17:14
The answer is that smtpd and saslauthd disagree on the name. The lsof output you posted earlier shows that sslauthd is listening on /run/saslauthd/mux. If your postfix is running chroot to some directory, then it can't access that path. So you have to change the pathname that sslauthd is listening on to something that postfix can access. You need to figure out which directory your postfix is chrooted to, (for me, that is /var/spool/postfix, but it seems that you are not running the same OS as I do), and then figure out how to pass startup options to sslauthd. – madcap Oct 13 '20 at 14:43

POSTFIX SASL Authentication ERROR

2 Answers2