15

I try to setup postfix with smtp authentication. I want to use /etc/shadow as my realm

Unfortunately I get a "generic error" when i try to authenticate

# nc localhost 25
220 mail.foo ESMTP Postfix
AUTH PLAIN _base_64_encoded_user_name_and_password_
535 5.7.8 Error: authentication failed: generic failure

In the mail.warn logfile i get the following entry

Oct  8 10:43:40 mail postfix/smtpd[1060]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Oct  8 10:43:40 mail postfix/smtpd[1060]: warning: SASL authentication failure: Password verification failed
Oct  8 10:43:40 mail postfix/smtpd[1060]: warning: _ip_: SASL PLAIN authentication failed: generic failure

However the sasl setup seems to be fine

$ testsaslauthd -u _user_ -p _pass_
0: OK "Success."

i added smtpd_sasl_auth_enable = yes to the main.cf

This is my smtpd.conf

$ cat /etc/postfix/sasl/smtpd.conf 
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
saslauthd_path: /var/run/saslauthd/mux
autotransition:true

I tried this conf with the last two commands and without.

I'm running debian stable.

How can postfix find and connect to the saslauthd server?

Edit:

I'm not sure whether postfix runs in a chroot The master.cf looks like this: http://pastebin.com/Fz38TcUP

saslauth is located in the sbin

$ which saslauthd
/usr/sbin/saslauthd

The EHLO has this response

EHLO _server_name_
250-_server_name_
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

1 Answers1

9

Are you perhaps missing the symlink from /var/run/saslauthd to /var/spool/postfix/var/run/saslauthd?

From my working system:

root@mail:/etc/postfix/sasl# ls -la /var/run/saslauthd
lrwxrwxrwx 1 root root 36 Dec 31  2010 /var/run/saslauthd -> /var/spool/postfix/var/run/saslauthd
Paul Gear
  • 3,938
  • 15
  • 36
  • is it normal for an update followed by a restart to remove the symlink? this happens from time to time on ubuntu 16.04 – Gaia Jun 24 '17 at 20:36
  • /var/run is a symlink to /run nowadays, which is a temporary file system that does not survive reboots; recent packages should recreate this automatically - maybe you have an edited startup script? – Paul Gear Jul 03 '17 at 23:49
  • nope. all default – Gaia Aug 18 '17 at 03:46
  • 1
    I'm out of ideas, sorry. :-( – Paul Gear Aug 30 '17 at 23:41
  • I had to move this directory and create this symlink manually on Ubuntu 18.04.1 LTS (bionic) after installing the distribution's standard postfix and sasl2-bin packages. – Brent Baccala Nov 07 '18 at 03:17
  • This seems necessary on Ubuntu 16 (and up) servers. Maybe also related to upgrading and not clean install issues. I modified the saslauthd startup script to recreate the link: `ln -sfn /var/spool/postfix/var/run/saslauthd /var/run/saslauthd` – Michel Mar 07 '19 at 18:43
  • 1
    This blog from 2005 sorted out my similar issue: http://www.jimmy.co.at/weblog/2005/12/05/postfix-and-sasl-debian/ – David Tinker Jun 21 '19 at 16:24
  • Could you please explain or provide some url about why this symlink is necessary? – MiSHuTka Feb 02 '22 at 14:01
  • 1
    @MiSHuTka Postfix runs in a chroot jail in /var/spool/postfix, but saslauthd doesn't. So the saslauthd running outside the jail needs to point at the path where postfix expects the saslauthd files to be. – Paul Gear Feb 04 '22 at 06:59
  • 1
    @MiSHuTka Note also that nowadays saslauthd is automatically configured to point at the correct place, without the need for a symlink. See `OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"` in `/etc/default/saslauthd`. – Paul Gear Feb 04 '22 at 07:00