SMTP-SASL authentification doesn't work

Question

I created another thread previously, where I reported about the problem that I wasn't able to get saslauthd starting up at all: SMTP authentification: saslauthd won't start

I now re-installed a completely new Ubuntu 16.04 system on my VPS in order to set up postfix with SMTP-SASL authentification from the scratch. At least now "ps ax" shows that saslauthd is running, but it still doesn't work, as a telnet test seems to suggest:

root@servername:~# telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. 220 servername.com ESMTP Postfix (Ubuntu) EHLO test 250-servername.de 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 SMTPUTF8

(It should show "250-AUTH LOGIN PLAIN" if it would be working properly).

I've configured smtpd to run in a chroot environment and changed the configuration files accordingly, but also when not running it via chroot (with modified configuration) the result is the same.

The "postfix" user belongs to the "sasl" group and there's no error output in /var/log/mail.log. Also /var/log/auth.log seems to suggest that saslauthd starts without any problems.

I collected all relevant configuration files and output here: postfix and sasl configuration / output

If there's anything else that might be relevant I'll post this as well of course.

I'd be really thankful for any ideas, suggestions or advice, since I've already spent many hours on configuring this, but still can't get the SMTP-SASL authentification running (besides this issue my mail server is running fine).

Kind regards

I checked all relevant logs, none of them contains any hint on what the reason could be. — c128linux, Oct 24 '16 at 15:59
If authentication actually failed, _something_ would be logged when you made the attempt. Try again and look carefully. — Michael Hampton, Oct 24 '16 at 16:02

score 0 · Answer 1 · answered Oct 25 '16 at 00:33

First of all: This is not exactly an "answer to my original question", and since I understand the sense of the rules in this regard, I apologize for making use of this function - The only reason why I do so is that I think it would be totally confusing to anyone if I'd instead use the comment function due to its quite strict restrictions (I'd have to split this up into many separate comments without being able to format my text properly). However, since I want to obey the rules of this site, I will delete my answer or accept it of course, if a moderator should decide to do so - I post this as an 'answer' only for pragmatic reasons.

Second: Thank a lot to Michael - He gave me the crucial hint that instead of reconfiguring/checking all kind of configurations after seeing that the telnet test failed it would be a much better approach to try sending an authenticated SMTP mail and then check the logs (something I could have figured out by myself as well - since the telnet test might show whether SASL is working, but of course it's of no use to find out why it's not working).

So I must admit that a lot of stuff had been messed up (not referring to the non-authentificated SMTP server, which worked without any problems). Basiclly I followed this tutorial for setting up my mail server, having adjusted the configuration to my system and added some extra functionality (automatic Bcc forwarding for incoming and outcoming mail in particular): Email with Postfix, Dovecot, and MySQL

Actually I think that this tutorial is a really good one, but I now believe that this configuration might be the reason why SASL authentication didn't work so far.

First of all I had to add this to my /etc/dovecot/dovecot.conf, otherwise it wouldn't start:

namespace inbox { inbox = yes }

Then I had to add to add/modify the line "smtpd_sasl_path = private/auth" in /etc/postfix/main.cf

I found this information when I searched for the entry "Oct 25 01:30:31 servername postfix/smtpd[2983]: warning: SASL: Connect to smtpd failed: No such file or directory" which showed up in my /var/log/mail.log and after having changed it the error message disappeared.

SMTP-SASL authentication still doesn't work, but I think that's because I changed the authentication from "sasldb" to "shadow" in /etc/default/saslauthd but didn't configure it so far. Probably "shadow" would be a more recommendable approach when working with virtual users, right?

I can send mails using my SMTP server, but my server doesn't request a proper authentication.

By the way, my /var/log/auth.log is completely filled with SMTP connection attempts, but even though there's no authentication none of those attempts to send mails via my mail server had been successful (but nonetheless one should secure it obviously).

So this is my current /etc/postfix/main.cf: /etc/postfix/main.cf

I'd really appreciate it, if someone could give me a link to a tutorial which describes how to set up mail server running postfix with virtual users and SASL-SMTP authentication.

Kind regards and all the best

As I already wrote, I also changed various things in my dovecot configuration files, so I created a pastebin including all relevant dovecot configuration files: http://pastebin.com/DVhJ50vL My question: Should I go on with this 'patchwork' approach (maybe there wouldn't bee too much I'd have to change), or would it be rather recommendable to set it all up from the scratch? — c128linux, Oct 25 '16 at 06:51

SMTP-SASL authentification doesn't work

1 Answers1