Hey. I'm having a PITA problem that is frustrating me. I am running the "Virtual Users And Domains With Postfix" email server on Sarge and it has been working like a dream for about a year. The only problems I have run into with it has been the occasional problem with amavis dying (which a restart fixes) and the problem with the soft link related to chrooted postfix (requiring a ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd on server reboot). About 48 hours ago amavis died and on a server reboot auth stopped working. telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 most.openguild.net ESMTP Postfix (Debian/GNU) ehlo most.openguild.net 250-most.openguild.net 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250 8BITMIME So saslauth (250 AUTH) isn't working correctly. I am looking for ways to troubleshoot this. Thoughts?
Any errors in your mail log? What's in /etc/postfix/main.cf? Did you (or a cron job) maybe upgrade the packages that are installed on the system?
What are your thoughts about troubleshooting if a package has been upgraded? I don't believe anything in the postfix-saslauth family of packages has been but what do you believe the symptoms would looks like? This is as good as I'm getting for errors on this issue Apr 9 12:00:37 most postfix/smtpd[9594]: connect from adsl.pltn13.sbcglobal.net[ip] Apr 9 12:00:40 most postfix/smtpd[9594]: warning: adsl.dsl.pltn13.sbcglobal.net[ip]: SASL PLAIN authentication failed Apr 9 12:00:40 most postfix/smtpd[9594]: warning: adsl.dsl.pltn13.sbcglobal.net[ip]: SASL LOGIN authentication failed Apr 9 12:00:49 most postfix/smtpd[9594]: disconnect from adsl.pltn13.sbcglobal.net[ip] and the postfix main.cf should look exactly like the tutorial # See /usr/share/postfix/main.cf.dist for a commented, more complete version smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h myhostname = domain.domain alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = domain.domain, domain, localhost.localdomain, localhost mynetworks = 127.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /home/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 maildrop_destination_recipient_limit = 1 smtpd_sasl_auth_enable = yes smtpd_tls_auth_only = yes smtp_tls_loglevel = 3 broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_use_tls = yes smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf virtual_create_maildirsize = yes virtual_mailbox_extended = yes virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = "The user you are trying to reach is over quota." virtual_overquota_bounce = yes proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings
Take a look at the postfix, amavisd, saslauthd binaries (you can find them with Code: which saslauthd , for example) and check their modification dates (e.g. Code: ls -l /usr/bin/saskauthd ) to find out if they've been changed recently.
Doesn't look like it -rwxr-xr-x 1 root root 6868 Mar 20 2007 /usr/sbin/postfix -rwxr-xr-x 1 root root 762560 Feb 24 2007 /usr/sbin/amavisd-new -rwxr-xr-x 1 root root 72312 Aug 7 2006 /usr/sbin/saslauthd This server is just about exactly a year old so I am thinking the issue may be related to an expired cert but on replacing it (/etc/postfix/smtp.cert & key) there wasn't any change in behavior. Frustrating!
I never solved this problem, which as you can imagine is frustrating, since I feel like I know enough about mail servers to get myself into trouble... Instead I fixed the problem by creating a second email server (using the install instructions for etch instead of sarge) but with the same howto. This works great (and works!) for external email addresses but NOT for addresses in the domains I actually host. So if I send an email from aragod@domain to friend@domain it never actually does a name lookup, but instead just uses the mysql info to sort the email into a mail dir. In this case I'd like it to do lookups for mx records rather than starting with address information in the db. Thoughts about how to do this?
So you mean you have friend@domain in your database, but have another server that is the MX for domain, and you want the server to send to the MX instead of delivering the mail locally?
Right. I need to keep friend@domain in the db for authentication but need to send to friend@domain on a different server. In essence I now have one server that accepts emails and another that sends them (from email clients, web clients still connect to the primary server).
Yep. That appears to have fixed it. Here is what I did (for others) /etc/postfix/main.cf #transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf transport_maps = hash:/etc/postfix/transport /etc/postfix/transport domain1.com smtpriginalmailserver.net domain2.com smtpriginalmailserver.net where the mx record of domain1 & 2 points to orginalmailserver.net Thanks a ton.
