problems running postfix/courier-imap-ssl/saslauthd/mysql server

Discussion in 'Server Operation' started by Roelof 't Hooft, Apr 9, 2025.

  1. Roelof 't Hooft

    Roelof 't Hooft New Member

    Hi all,
    I am new here on this forum and hoping for some help.
    I have a mail server and that had been running for the last decade or so without much problems other than the yearly SSL certificate refresh. Until I decided to do an Debian apt full-upgrade like I have done before with success, but not this time. Due to an broken SSH connection while running the upgrade it left the server in a terrible state. That was two and halve month ago and I have been working on it to get it up and running again to no avail. All the information on the net I can find is either outdated or incomplete.

    I will start with saslauthd, also the TLS certificates are a problem with courier-imap-ssl and postfix.

    saslauthd will not run :
    Apr 09 16:29:37 mail.qrp.nl systemd[1]: Starting saslauthd.service - SASL Authentication Daemon...
    Apr 09 16:29:37 mail.qrp.nl saslauthd[20409]: : master pid is: 20409
    Apr 09 16:29:37 mail.qrp.nl saslauthd[20409]: : listening on socket: /var/spool/postfix/var/run/saslauthd//mux
    Apr 09 16:29:37 mail.qrp.nl systemd[1]: saslauthd.service: Can't open PID file '/run/saslauthd/saslauthd.pid' (yet?) after start: No such file or directory
    Apr 09 16:31:07 mail.qrp.nl systemd[1]: saslauthd.service: start operation timed out. Terminating.
    Apr 09 16:31:07 mail.qrp.nl saslauthd[20409]: : master exited: 20409
    Apr 09 16:31:07 mail.qrp.nl systemd[1]: saslauthd.service: Failed with result 'timeout'.
    Apr 09 16:31:07 mail.qrp.nl systemd[1]: Failed to start saslauthd.service - SASL Authentication Daemon.

    It can not create the pid file.

    root@mail:/etc/postfix# cat /etc/default/saslauthd
    START=YES
    DESC="SASL Authentication Daemon"
    NAME="saslauthd"
    MECHANISMS="pam"
    MECH_OPTIONS=""
    THREADS=5
    OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd/"

    But running the from the command line :

    root@mail:/etc/postfix# saslauthd -c -m /var/spool/postfix/var/run/saslauthd/ -r -V -n 5 -a pam
    saslauthd[20511] :num_procs : 5
    saslauthd[20511] :mech_option: NULL
    saslauthd[20511] :run_path : /var/spool/postfix/var/run/saslauthd/
    saslauthd[20511] :auth_mech : pam
    saslauthd[20511] :mmaped shared memory segment on file: /var/spool/postfix/var/run/saslauthd//cache.mmap
    saslauthd[20511] :bucket size: 92 bytes
    saslauthd[20511] :stats size : 36 bytes
    saslauthd[20511] :timeout : 28800 seconds
    saslauthd[20511] :cache table: 944764 total bytes
    saslauthd[20511] :cache table: 1711 slots
    saslauthd[20511] :cache table: 10266 buckets
    saslauthd[20511] :flock file opened at /var/spool/postfix/var/run/saslauthd//cache.flock
    saslauthd[20511] :using accept lock file: /var/spool/postfix/var/run/saslauthd//mux.accept
    root@mail:/etc/postfix# ll /var/spool/postfix/var/run/saslauthd/
    total 928
    -rw------- 1 root root 0 Apr 9 16:50 cache.flock
    -rw------- 1 root root 945152 Apr 9 16:50 cache.mmap
    srwxrwxrwx 1 root root 0 Apr 9 16:50 mux
    -rw------- 1 root root 0 Apr 9 16:50 mux.accept
    -rw------- 1 root root 6 Apr 9 16:50 saslauthd.pid
    root@mail:/etc/postfix# ll /var/spool/postfix/var/run/
    total 4
    drwxr-xr-x 2 root sasl 4096 Apr 9 16:50 saslauthd

    I just do not see where the problem is.

    Roelof
     
  2. Roelof 't Hooft

    Roelof 't Hooft New Member

    Ok, got the sasl deamon running but can not authenticate a user, I know the user is in the mysql database which is up and running :
    testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux -u x AT x.x -p password

    Apr 09 18:17:12 mail.qrp.nl saslauthd[20969]: pam_unix(imap:auth): check pass; user unknown
    Apr 09 18:17:12 mail.qrp.nl saslauthd[20969]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
    Apr 09 18:17:14 mail.qrp.nl saslauthd[20969]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
    Apr 09 18:17:14 mail.qrp.nl saslauthd[20969]: auth failure: [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
     
  3. Roelof 't Hooft

    Roelof 't Hooft New Member

    If I use a local user, the same I use with SSH to login, I do get a OK success when testing with testsaslauthd
    But when I use a user in the mysql database I get a NO authentication failed.
    So the mysql backend/plugin is not working ?

    root@mail:/etc/postfix# cat sasl/smtpd.conf
    pwcheck_method: saslauthd
    mech_list: plain login
    allow_plaintext: true
    auxprop_plugin: sql
    sql_engine: mysql
    sql_hostnames: 127.0.0.1
    sql_user: xx
    sql_passwd: xx
    sql_database: mail
    sql_select: select password from users where email = '%uAT%r'

    The mysql database is active and show all the domains and users when I check with mysql -u xx -p xx

    mysql> show databases;
    +--------------------+
    | Database |
    +--------------------+
    | information_schema |
    | mail |
    | mysql |
    | performance_schema |
    +--------------------+
    4 rows in set (0.01 sec)

    mysql> use mail;
    Reading table information for completion of table and column names
    You can turn off this feature to get a quicker startup with -A

    Database changed
    mysql> show tables;
    +----------------+
    | Tables_in_mail |
    +----------------+
    | domains |
    | forwardings |
    | transport |
    | users |
    +----------------+
    4 rows in set (0.00 sec)

    mysql> select * from users;
    +-------------------------+---------------+----------+
    | email | password | quota |
    +-------------------------+---------------+----------+
    | xxATxx.xx | xxxxxxxxx | 10485760 |
    +-------------------------+---------------+----------+

    How can I solve this ?

    Roelof
     
  4. Roelof 't Hooft

    Roelof 't Hooft New Member

    From journalctl -f when I run testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux -u xxATxx.xx -p xx :
    Apr 11 11:40:49 mail.qrp.nl saslauthd[20969]: pam_unix(imap:auth): check pass; user unknown
    Apr 11 11:40:49 mail.qrp.nl saslauthd[20969]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
    Apr 11 11:40:51 mail.qrp.nl saslauthd[20969]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
    Apr 11 11:40:51 mail.qrp.nl saslauthd[20969]: auth failure: [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
     
  5. pyte

    pyte Well-Known Member HowtoForge Supporter

    I don't think this is correct. The method should be auxprop which you define further down in the config to use sql. When using saslauthd the system tries PAM Authentication which you can see in the logs:
     

Share This Page