Postfix on CentOS 7 cannot authenticate against cyrus saslauthd

Question

Postfix fails to authenticate against cyrus saslauthd. However, saslauthd itself is willing to authenticate. What am I missing?

From syslog mail facility:

Aug  5 14:47:26 centos7-msa-test postfix/postfix-script[20286]: starting the Postfix mail system
Aug  5 14:47:26 centos7-msa-test postfix/master[20288]: daemon started -- version 2.10.1, configuration /etc/postfix
Aug  5 14:47:34 centos7-msa-test postfix/submission/smtpd[20291]: connect from client.example.com[192.0.2.2]
Aug  5 14:47:34 centos7-msa-test postfix/submission/smtpd[20291]: Anonymous TLS connection established from client.example.com[192.0.2.2]: TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits
Aug  5 14:47:34 centos7-msa-test postfix/submission/smtpd[20291]: warning: SASL authentication failure: Internal Error -4 in server.c near line 1757
Aug  5 14:47:34 centos7-msa-test postfix/submission/smtpd[20291]: warning: SASL authentication failure: Internal Error -4 in server.c near line 1757
Aug  5 14:47:34 centos7-msa-test postfix/submission/smtpd[20291]: warning: SASL authentication failure: Internal Error -4 in server.c near line 1757
Aug  5 14:47:34 centos7-msa-test postfix/submission/smtpd[20291]: warning: xsasl_cyrus_server_get_mechanism_list: no mechanism available
Aug  5 14:47:34 centos7-msa-test postfix/submission/smtpd[20291]: fatal: no SASL authentication mechanisms
Aug  5 14:47:35 centos7-msa-test postfix/master[20288]: warning: process /usr/libexec/postfix/smtpd pid 20291 exit status 1
Aug  5 14:47:35 centos7-msa-test postfix/master[20288]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

Test of saslauthd:

# testsaslauthd -u $user -p $password -s smtp
0: OK "Success."

smtpd.conf:

# cat /etc/sasl2/smtpd.conf`
pwcheck_method: saslauthd
mech_list: plain login

postfix sasl settings:

# postconf | grep -e cyrus_sasl -e smtpd_sasl
cyrus_sasl_config_path =
send_cyrus_sasl_authzid = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus

score 19 · Accepted Answer · edited Nov 28 '14 at 02:41

19

Required additional package cyrus-sasl-plain. You can install it by

yum install cyrus-sasl-plain

edited Nov 28 '14 at 02:41

masegaloeh

17,978
9
56
104

answered Aug 05 '14 at 21:16

84104

12,698
6
43
75

True on Fedora 24 as well. Thanks very much for this answer. – user553702 Nov 11 '16 at 02:41
This is exactly correct. Thanks for documenting this. – Arnon Feb 23 '18 at 23:48
Also true for CentOS 7 and sendmail as well! – MadHatter May 27 '20 at 15:00

Postfix on CentOS 7 cannot authenticate against cyrus saslauthd

1 Answers1