Hi all, I am new here on this forum and hoping for some help. I have a mail server and that had been running for the last decade or so without much problems other than the yearly SSL certificate refresh. Until I decided to do an Debian apt full-upgrade like I have done before with success, but not this time. Due to an broken SSH connection while running the upgrade it left the server in a terrible state. That was two and halve month ago and I have been working on it to get it up and running again to no avail. All the information on the net I can find is either outdated or incomplete. I will start with saslauthd, also the TLS certificates are a problem with courier-imap-ssl and postfix. saslauthd will not run : Apr 09 16:29:37 mail.qrp.nl systemd[1]: Starting saslauthd.service - SASL Authentication Daemon... Apr 09 16:29:37 mail.qrp.nl saslauthd[20409]: : master pid is: 20409 Apr 09 16:29:37 mail.qrp.nl saslauthd[20409]: : listening on socket: /var/spool/postfix/var/run/saslauthd//mux Apr 09 16:29:37 mail.qrp.nl systemd[1]: saslauthd.service: Can't open PID file '/run/saslauthd/saslauthd.pid' (yet?) after start: No such file or directory Apr 09 16:31:07 mail.qrp.nl systemd[1]: saslauthd.service: start operation timed out. Terminating. Apr 09 16:31:07 mail.qrp.nl saslauthd[20409]: : master exited: 20409 Apr 09 16:31:07 mail.qrp.nl systemd[1]: saslauthd.service: Failed with result 'timeout'. Apr 09 16:31:07 mail.qrp.nl systemd[1]: Failed to start saslauthd.service - SASL Authentication Daemon. It can not create the pid file. root@mail:/etc/postfix# cat /etc/default/saslauthd START=YES DESC="SASL Authentication Daemon" NAME="saslauthd" MECHANISMS="pam" MECH_OPTIONS="" THREADS=5 OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd/" But running the from the command line : root@mail:/etc/postfix# saslauthd -c -m /var/spool/postfix/var/run/saslauthd/ -r -V -n 5 -a pam saslauthd[20511] :num_procs : 5 saslauthd[20511] :mech_option: NULL saslauthd[20511] :run_path : /var/spool/postfix/var/run/saslauthd/ saslauthd[20511] :auth_mech : pam saslauthd[20511] :mmaped shared memory segment on file: /var/spool/postfix/var/run/saslauthd//cache.mmap saslauthd[20511] :bucket size: 92 bytes saslauthd[20511] :stats size : 36 bytes saslauthd[20511] :timeout : 28800 seconds saslauthd[20511] :cache table: 944764 total bytes saslauthd[20511] :cache table: 1711 slots saslauthd[20511] :cache table: 10266 buckets saslauthd[20511] :flock file opened at /var/spool/postfix/var/run/saslauthd//cache.flock saslauthd[20511] :using accept lock file: /var/spool/postfix/var/run/saslauthd//mux.accept root@mail:/etc/postfix# ll /var/spool/postfix/var/run/saslauthd/ total 928 -rw------- 1 root root 0 Apr 9 16:50 cache.flock -rw------- 1 root root 945152 Apr 9 16:50 cache.mmap srwxrwxrwx 1 root root 0 Apr 9 16:50 mux -rw------- 1 root root 0 Apr 9 16:50 mux.accept -rw------- 1 root root 6 Apr 9 16:50 saslauthd.pid root@mail:/etc/postfix# ll /var/spool/postfix/var/run/ total 4 drwxr-xr-x 2 root sasl 4096 Apr 9 16:50 saslauthd I just do not see where the problem is. Roelof
Ok, got the sasl deamon running but can not authenticate a user, I know the user is in the mysql database which is up and running : testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux -u x AT x.x -p password Apr 09 18:17:12 mail.qrp.nl saslauthd[20969]: pam_unix(imap:auth): check pass; user unknown Apr 09 18:17:12 mail.qrp.nl saslauthd[20969]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Apr 09 18:17:14 mail.qrp.nl saslauthd[20969]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure Apr 09 18:17:14 mail.qrp.nl saslauthd[20969]: auth failure: [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
If I use a local user, the same I use with SSH to login, I do get a OK success when testing with testsaslauthd But when I use a user in the mysql database I get a NO authentication failed. So the mysql backend/plugin is not working ? root@mail:/etc/postfix# cat sasl/smtpd.conf pwcheck_method: saslauthd mech_list: plain login allow_plaintext: true auxprop_plugin: sql sql_engine: mysql sql_hostnames: 127.0.0.1 sql_user: xx sql_passwd: xx sql_database: mail sql_select: select password from users where email = '%uAT%r' The mysql database is active and show all the domains and users when I check with mysql -u xx -p xx mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mail | | mysql | | performance_schema | +--------------------+ 4 rows in set (0.01 sec) mysql> use mail; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> show tables; +----------------+ | Tables_in_mail | +----------------+ | domains | | forwardings | | transport | | users | +----------------+ 4 rows in set (0.00 sec) mysql> select * from users; +-------------------------+---------------+----------+ | email | password | quota | +-------------------------+---------------+----------+ | xxATxx.xx | xxxxxxxxx | 10485760 | +-------------------------+---------------+----------+ How can I solve this ? Roelof
From journalctl -f when I run testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux -u xxATxx.xx -p xx : Apr 11 11:40:49 mail.qrp.nl saslauthd[20969]: pam_unix(imap:auth): check pass; user unknown Apr 11 11:40:49 mail.qrp.nl saslauthd[20969]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Apr 11 11:40:51 mail.qrp.nl saslauthd[20969]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure Apr 11 11:40:51 mail.qrp.nl saslauthd[20969]: auth failure: [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
I don't think this is correct. The method should be auxprop which you define further down in the config to use sql. When using saslauthd the system tries PAM Authentication which you can see in the logs:
