33

I am struggling with the error above for more than 5 hours. I had tried to remove Postfix completely and I had followed the instructions of the next manual and the SASL manual in order to reinstall it.

When I am trying to login with telnet, the server blocks the login and I am getting this:(with smtpd -v for more verbose): 

postfix/smtpd[26301]: xsasl_cyrus_server_create: SASL service=smtp, realm=(null)  
postfix/smtpd[26301]: name_mask: noanonymous  
postfix/smtpd[26301]: warning:   xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms  
postfix/smtpd[26301]: fatal: no SASL authentication mechanisms

here are the results of postconf -n: 

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
mydestination = theflipapp.com, localhost.com, , localhost
myhostname = theflipapp.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
sender_bcc_maps = hash:/etc/postfix/bcc
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtual

postfix master config:

root@domain:/# cat /etc/postfix/master.cf | grep ^smtp
smtp    inet    n       -       -       -       -       smtpd -v -o smtpd_sasl_auth_enable=yes
smtp      unix  -       -       -       -       -       smtp

Hopes this data will help you to help me..

user2979757
  • 501
  • 1
  • 5
  • 5
  • For my case, on **Ubuntu Server 16.04**, dovecot daemon was not running, typing dovecot did the trick. However, this highlights an underlying issue that it's not running in bootup. You may read how to add it here: https://help.ubuntu.com/community/UbuntuBootupHowto – Omar Alshaker Dec 10 '16 at 11:18
  • Does `dovecot` need `cyrus` for SASL??? – 71GA Dec 11 '20 at 15:23

3 Answers3

36

You can have saslauthd installed but not have any mechanisms installed. It's quite frustrating and poor error-proofing, IMO.

"no applicable SASL mechanisms" literally means it can't find any of its mechanisms. On a Fedora-based system you'd need to install the cyrus-sasl-plain package if you want to use the 'PLAIN' auth mechanisms (i.e. SMTP/STARTTLS).

yum install cyrus-sasl-plain

or

apt-get install libsasl2-modules
mss
  • 435
  • 1
  • 6
  • 16
Bill McGonigle
  • 647
  • 5
  • 8
  • Many thanks! It's really hard to find the cause of such issues and the messages in the logs don't help - only as keywords in search to find such awesome answers. You saved my day. – hgoebl Apr 15 '19 at 10:35
  • 3
    After `apt install libsasl2-dev` it worked on my machine. – Markus Zeller Nov 29 '19 at 20:32
  • It is worth noting that Dovecot also provides a SASL daemon usable to Postfix. – DustWolf May 22 '22 at 12:50
7

the solution was very simple, the SASL daemon was down. /etc/init.d/saslauthd start

Some hacker managed to shut it down again and again so eventually I had closed it completely.

user2979757
  • 501
  • 1
  • 5
  • 5
5

At first, try to change the delimiters of smtpd_recipient_restrictions to commas. Spaces are, if I remember correctly, incorrect here.

Then try to temporarily disable smtpd_sasl_security_options = noanonymous.

Are you trying to authenticate against a CYRUS IMAP server?

Alex
  • 334
  • 1
  • 7
Tobias Mädel
  • 250
  • 1
  • 6
  • 1
    According to the main.cf man page https://linux.die.net/man/5/main.cf under smtpd_recipient_restrictions it sais: 'Specify a list of restrictions, separated by commas and/or whitespace.' So just whitespaces as a separator is just fine. – Pete Jul 05 '18 at 12:20