Hello, I'm running a ISPConfig 3 server on xen debian lenny. Everything works perfect except sending emails remotely from eg. Thunderbird. I'm using the same login details as for imap. However authhentication fails. Post of /var/log/mail.log: Code: Sep 26 14:42:02 xtra postfix/smtpd[7230]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory Sep 26 14:42:02 xtra postfix/smtpd[7230]: warning: SASL authentication failure: Password verification failed Sep 26 14:42:02 xtra postfix/smtpd[7230]: warning: xx.rev.stofanet.dk[xx]: SASL PLAIN authentication failed: generic failure Sep 26 14:42:02 xtra postfix/smtpd[7230]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory Sep 26 14:42:02 xtra postfix/smtpd[7230]: warning: xx.rev.stofanet.dk[xx]: SASL LOGIN authentication failed: generic failure I think the problem is similar to http://www.howtoforge.com/forums/showthread.php?t=8242 but the softlink solution mentioned doesn't do any difference.
Output of "ps aux|grep sasl": Code: root 7096 0.0 0.1 53036 896 ? Ss 14:35 0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5 root 7097 0.0 0.1 53036 628 ? S 14:35 0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5 root 7099 0.0 0.0 53036 512 ? S 14:35 0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5 root 7100 0.0 0.0 53036 512 ? S 14:35 0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5 root 7101 0.0 0.0 53036 512 ? S 14:35 0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5 root 7440 0.0 0.1 5600 712 pts/0 S+ 14:58 0:00 grep sasl Output of "cat /etc/default/saslauthd": Code: # # Settings for saslauthd daemon # Please read /usr/share/doc/sasl2-bin/README.Debian for details. # # Should saslauthd run automatically on startup? (default: no) START=yes # Description of this saslauthd instance. Recommended. # (suggestion: SASL Authentication Daemon) DESC="SASL Authentication Daemon" # Short name of this saslauthd instance. Strongly recommended. # (suggestion: saslauthd) NAME="saslauthd" # Which authentication mechanisms should saslauthd use? (default: pam) # # Available options in this Debian package: # getpwent -- use the getpwent() library function # kerberos5 -- use Kerberos 5 # pam -- use PAM # rimap -- use a remote IMAP server # shadow -- use the local shadow password file # sasldb -- use the local sasldb database file # ldap -- use LDAP (configuration is in /etc/saslauthd.conf) # # Only one option may be used at a time. See the saslauthd man page # for more information. # # Example: MECHANISMS="pam" MECHANISMS="pam" # Additional options for this mechanism. (default: none) # See the saslauthd man page for information about mech-specific options. MECH_OPTIONS="" # How many saslauthd processes should we run? (default: 5) # A value of 0 will fork a new process for each connection. THREADS=5 # Other options (default: -c -m /var/run/saslauthd) # Note: You MUST specify the -m option or saslauthd won't run! # # WARNING: DO NOT SPECIFY THE -d OPTION. # The -d option will cause saslauthd to run in the foreground instead of as # a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish # to run saslauthd in debug mode, please run it by hand to be safe. # # See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information. # See the saslauthd man page and the output of 'saslauthd -h' for general # information about these options. # # Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd" OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r" Content of "/etc/init.d/saslauthd": Code: #! /bin/sh ### BEGIN INIT INFO # Provides: saslauthd # Required-Start: $local_fs $remote_fs # Required-Stop: $local_fs $remote_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: saslauthd startup script # Description: This script starts the saslauthd daemon. It is # configured using the file /etc/default/saslauthd. ### END INIT INFO # Author: Fabian Fagerholm <[email protected]> # Do NOT "set -e" # PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/sbin:/usr/sbin:/bin:/usr/bin # Global variables DAEMON=/usr/sbin/saslauthd DEFAULT_FILES=`find /etc/default -regex '/etc/default/saslauthd[_a-zA-Z0-9\-]*$' -print | sort` # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh # Define LSB log_* functions. # Depend on lsb-base (>= 3.0-6) to ensure that this file is present. . /lib/lsb/init-functions # Function that starts all saslauthd instances # Parameters: none # Return value: none do_startall() { for instance in $DEFAULT_FILES do start_instance $instance done } # Function that stops all saslauthd instances # Parameters: none # Return value: none do_stopall() { for instance in $DEFAULT_FILES do stop_instance $instance done } # Function that sends a SIGHUP to all saslauthd instances # Parameters: none # Return value: none do_reloadall() { for instance in $DEFAULT_FILES do reload_instance $instance done } # Function that starts a single saslauthd instance # Parameters: # $1 = path of default file for this instance # Return value: # 0 on success (does not mean the instance started) # 1 on failure start_instance() { # Load defaults file for this instance. . $1 # If the daemon is not enabled, give the user a warning and stop. if [ "$START" != "yes" ]; then log_warning_msg "To enable $NAME, edit $1 and set START=yes" return 0 fi # If the short name of this instance is undefined, warn the user # but choose a default name. if [ -z "$NAME" ]; then log_warning_msg "Short name (NAME) undefined in $1, using default" NAME=default fi log_daemon_msg "Starting $DESC" "$NAME" # Determine run directory and pid file location by looking # for an -m option. RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'` if [ -z "$RUN_DIR" ]; then # No run directory defined in defaults file, fail. log_failure_msg "No run directory defined for $NAME, not starting" return 1 fi PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid" # If no mechanisms are defined, fail. if [ -z "$MECHANISMS" ]; then log_failure_msg "No mechanisms defined in $1, not starting $NAME" return 1 fi # If there are mechanism options defined, prepare them for use with # the -O flag. if [ -n "$MECH_OPTIONS" ]; then MECH_OPTIONS="-O $MECH_OPTIONS" fi # If there is a threads option defined, prepare it for use with # the -n flag. if [ -n "$THREADS" ]; then THREAD_OPTIONS="-n $THREADS" fi # Construct argument string. DAEMON_ARGS="-a $MECHANISMS $MECH_OPTIONS $OPTIONS $THREAD_OPTIONS" # If there is a statoverride for the run directory, then pull # permission and ownership information from it and create the directory. # Otherwise, we create the directory with default permissions and # ownership (root:sasl, 710). if dpkg-statoverride --list $RUN_DIR > /dev/null; then createdir `dpkg-statoverride --list $RUN_DIR` else createdir root sasl 710 $RUN_DIR fi # Start the daemon, phase 1: see if it is already running. start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \ --exec $DAEMON --test > /dev/null if [ "$?" != 0 ]; then log_progress_msg "(already running)" log_end_msg 0 return 0 fi # Start the daemon, phase 2: it was not running, so actually start it now. start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \ --exec $DAEMON -- $DAEMON_ARGS if [ "$?" -ne 0 ]; then log_end_msg 1 return 1 fi # Started successfully. log_end_msg 0 return 0 } # Function that stops a single saslauthd instance # Parameters: # $1 = path of default file for this instance # Return value: # 0 on success (daemon was stopped) # 1 if the daemon was already stopped # 2 if the daemon could not be stopped stop_instance() { # Load defaults file for this instance. . $1 # If the short name of this instance is undefined, warn the user # but choose a default name. if [ -z "$NAME" ]; then log_warning_msg "Short name (NAME) undefined in $1, using default" NAME=default fi # Determine run directory and pid file location by looking # for an -m option. RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'` if [ -z "$RUN_DIR" ]; then # No run directory defined in defaults file, fail. log_failure_msg "No run directory defined for $NAME, cannot stop" return 2 fi PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid" log_daemon_msg "Stopping $DESC" "$NAME" start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \ --pidfile $PIDFILE --exec $DAEMON if [ "$?" -eq 2 ]; then # Failed to stop. log_end_msg 1 return 2 fi if [ "$?" -eq 1 ]; then # Already stopped. log_progress_msg "(not running)" fi # Many daemons don't delete their pidfiles when they exit. rm -f $PIDFILE # Stopped successfully. log_end_msg 0 return $RETVAL } # Function that sends a SIGHUP to a single saslauthd instance # Parameters: # $1 = path of default file for this instance # Return value: # 0 on success (does not mean the daemon was reloaded) # other values on failure reload_instance() { # Load defaults file for this instance. . $1 # If the short name of this instance is undefined, warn the user # but choose a default name. if [ -z "$NAME" ]; then log_warning_msg "Short name (NAME) undefined in $1, using default" NAME=default fi # Determine run directory and pid file location by looking # for an -m option. RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'` if [ -z "$RUN_DIR" ]; then # No run directory defined in defaults file, fail. log_failure_msg "No run directory defined for $NAME, cannot reload" return 2 fi PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid" log_daemon_msg "Reloading $DESC" "$NAME" # Reload the daemon. First, see if it is already running. start-stop-daemon --start --quiet --pidfile $PIDFILE \ --exec $DAEMON --test > /dev/null if [ "$?" -eq 0 ]; then # Not running, signal this and stop. log_progress_msg "(not running)" log_end_msg 0 return 0 fi start-stop-daemon --stop --signal 1 \ --pidfile $PIDFILE --exec $DAEMON log_end_msg $? } # Function that creates a directory with the specified # ownership and permissions # Parameters: # $1 = user # $2 = group # $3 = permissions (octal) # $4 = path to directory # Return value: none createdir() { # In the future, use -P/-Z to have SE Linux enhancement install -d --group="$2" --mode="$3" --owner="$1" "$4" } # Action switch case "$1" in start) do_startall ;; stop) do_stopall ;; reload|force-reload) do_reloadall ;; restart) do_stopall do_startall ;; start-instance) if [ -f /etc/default/$2 ]; then start_instance /etc/default/$2 else log_failure_msg "Instance $2 does not exist." fi ;; stop-instance) if [ -f /etc/default/$2 ]; then stop_instance /etc/default/$2 else log_failure_msg "Instance $2 does not exist." fi ;; reload-instance|force-reload-instance) if [ -f /etc/default/$2 ]; then reload_instance /etc/default/$2 else log_failure_msg "Instance $2 does not exist." fi ;; restart-instance) if [ -f /etc/default/$2 ]; then stop_instance /etc/default/$2 start_instance /etc/default/$2 else log_failure_msg "Instance $2 does not exist." fi ;; *) SCRIPTNAME=$0 echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 echo " or {start-instance|stop-instance|restart-instance|" >&2 echo " reload-instance|force-reload-instance} " \ "<instance name>" >&2 exit 3 ;; esac : Output of "ls -la /var/spool/postfix/var/run": Code: total 12 drwxr-xr-x 3 root root 4096 2010-09-17 18:46 . drwxr-xr-x 3 root root 4096 2010-09-17 18:46 .. drwx--x--- 2 root sasl 4096 2010-09-26 14:35 saslauthd Output of "/etc/init.d/saslauthd start": Code: Starting SASL Authentication Daemon: saslauthd (already running)
Please change the options line in /etc/default/saslauthd to: OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r" then restart saslauth.
Thanks for your reply falko. Unfortunately after rebooting it still doesn't work and I'm getting the same errormessages in mail.log
I forgot to tell my ISP blocks port 25 and therefore I added: Code: 587 inet n - n - - smtpd to /etc/postfix/master.cf. Does that make a difference to saslauth?
Yes, still the same error. main.cf: Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = [I]my.hostname.tld[/I] alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = [I]my.hostname.tld[/I], localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination smtpd_tls_security_level = may transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf virtual_create_maildirsize = yes virtual_maildir_extended = yes virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = "The user you are trying to reach is over quota." virtual_overquota_bounce = yes proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = maildrop header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings message_size_limit = 0 Master.cf: Code: # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - - - - smtpd #submission inet n - - - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #smtps inet n - - - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - - 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - - - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender} # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_bind_address=127.0.0.1 587 inet n - n - - smtpd Post of mail.log: Code: Sep 28 16:06:53 xtra postfix/smtpd[20309]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory Sep 28 16:06:53 xtra postfix/smtpd[20309]: warning: SASL authentication failure: Password verification failed Sep 28 16:06:53 xtra postfix/smtpd[20309]: warning: xx.rev.stofanet.dk[xx]: SASL PLAIN authentication failed: generic failure Sep 28 16:06:53 xtra postfix/smtpd[20309]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory Sep 28 16:06:53 xtra postfix/smtpd[20309]: warning: xx.rev.stofanet.dk[xx]: SASL LOGIN authentication failed: generic failure
I found out that this method does make a difference. I simply uncommented the submission line in master.cf instead. And now it works
