Relay access denied when using SMTP to external recipients

Please follow chapter 14 from http://www.howtoforge.com/perfect_server_ubuntu7.10_p5

This link might be interesting if you want to set up mail accounts on the command line: http://www.howtoforge.com/forums/showthread.php?t=2

 

Hi Falko, and thanks for the pointer to the tutorial. I did as it suggested (but without the complete reinstall of postfix and procmail).

My /etc/postfix/main.cf and /etc/default/saslauthd are now the same as in the tutorial.

However I'm still having problems. My mail log file offers:

May 10 18:20:16 pooh postfix/smtpd[8139]: setting up TLS connection from unknown[xx.xx.xx.xx (real values removed)]
May 10 18:20:16 pooh postfix/smtpd[8139]: TLS connection established from unknown[xx.xx.xx.xx]: SSLv3 with cipher RC4-MD5 (128/128 bits)
May 10 18:20:16 pooh postfix/smtpd[8139]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
May 10 18:20:16 pooh postfix/smtpd[8139]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
May 10 18:20:16 pooh postfix/smtpd[8139]: warning: unknown[xx.xx.xx.xx]: SASL LOGIN authentication failed: authentication failure
May 10 18:20:17 pooh postfix/smtpd[8139]: warning: unknown[xx.xx.xx.xx]: SASL NTLM authentication failed: bad protocol / cancel
May 10 18:20:17 pooh postfix/smtpd[8139]: disconnect from unknown[xx.xx.xx.xx]

and of course my mail client reports that it is unable to send the message.

Any ideas? How / where should I have created the sasldb2 files / entries? Previously I have listed permitted users in an access file in the postfix directory (converted to .db format of course)...?

Andy

 

What's in /etc/postfix/sasl/smtpd.conf, /etc/default/saslauthd, and /etc/postfix/main.cf?

 

Hi Falko, and thanks again.

/etc/postfix/sasl/smtpd.conf contains:

--------------------------------------
pwcheck_method: saslauthd
mech_list: plain login
-----------------------------------------

/etc/default/saslauthd contains:

-------------------------------------
# This needs to be uncommented before saslauthd will be run automatically
# START=yes

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

# MECHANISMS="pam"
# PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"

# Falko's settings below
#
# Settings for saslauthd daemon
#

# Should saslauthd run automatically on startup? (default: no)

START=yes

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
------------------------------------------------------------------


/etc/postfix/main.cf contrains:

-------------------------------------------------------------------------
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters [Falko: these just happen to be where my (self-generated) certs are. TLS has worked before]
smtpd_tls_cert_file = /etc/apache2/ssl.crt
# Following line added by Andy
smtpd_tls_key_file = /etc/apache2/ssl.key
# Following line added by Andy
# smtpd_tls_key_file=/etc/ssl/certs/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = pooh.boul.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
home_mailbox = Maildir/
mydestination = pooh.boul.net, localhost.pooh.boul.net, localhost.boul.net, localhost
relayhost =
mynetworks = 127.0.0.0/8, 192.168.1.0/24
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/ssl/certs/ca.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
maximal_queue_lifetime = 1d
relayhost = outbound.mailhop.org:2525
smtpd_helo_required = yes
delay_warning_time = 1

# Following lines to end added by Andy
# smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd


# force authentication
# smtp_sasl_security_options = noanonymous
# be courteous ! (optional)
# smtp_helo_name = pooh.boul.net
# identify yourself (optional)
# smtpd_banner = Pooh Boul Mail

# maximal_queue_lifetime = 1d
# mydomain = pooh.boul.net
# myorigin = pooh.boul.net
# mydestination = pooh.boul.net, localhost.pooh.boul.net, localhost.boul.net, localhost
# home_mailbox = Maildir/

# relayhost = outbound.mailhop.org:2525
# smtpd_delay_reject = no
# smtpd_sender_restrictions = hash:/etc/postfix/access, reject_unknown_sender_domain
# smtpd_recipient_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/access, reject_unauth_destination
# smtpd_helo_required = yes
# relay_domains = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, permit_inet_interfaces
# hash_queue_depth = 3
# delay_warning_time = 1
---------------------------------------------------------------------

You can see there is a lot I have tried in main.cf, but I have commented out everything not in the tutorial.

Thanks again for your help,

Andy

 

Looks ok. Can you restart saslauthd and Postfix?

IF that doesn't help, what's in /etc/postfix/master.cf?

 

I've restarted Postfix, and entered the following to restart saslauthd:

> /etc/init.d/saslauthd restart
* To enable saslauthd, edit /etc/default/saslauthd and set START=yes

However, when checking the running processes, saslauthd doesn't appear. I don't think it's running. What have I done wrong!?

In case it's useful, master.cf is:
------------------------------------------------------------------
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
--------------------------------------------------------------------


Thanks,

Andy

 

Please make /etc/default/saslauthd look exactly as shown on http://www.howtoforge.com/perfect_server_ubuntu7.10_p5

 

Hi again,

I have made it exactly the same as you suggested (I cut and pasted, and checked). I then restarted saslauthd and Postfix, but I have the same symptoms.

My Postfix log file gives:
-----------------------------------------------------------------
May 16 17:28:24 pooh postfix/smtpd[26512]: connect from unknown[xx.xx.xx.xx (hidden as this is my public ip address)]
May 16 17:28:25 pooh postfix/smtpd[26512]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
May 16 17:28:25 pooh postfix/smtpd[26512]: warning: unknown[xx.xx.xx.xx]: SASL LOGIN authentication failed: generic failure
May 16 17:28:25 pooh postfix/smtpd[26512]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
May 16 17:28:25 pooh postfix/smtpd[26512]: warning: unknown[xx.xx.xx.xx]: SASL LOGIN authentication failed: generic failure
May 16 17:28:25 pooh postfix/smtpd[26512]: disconnect from unknown[xx.xx.xx.xx]
----------------------------------------------------------------

Also, as I said before, checking running processes does not show that saslauthd is actually runnning anywhere (I checked all process owners, including root, myself, postfix and saslauthd).

And when I do a restart of saslauthd, using:

/etc/init.d/saslauthd restart

The command line returns:

* To enable saslauthd, edit /etc/default/saslauthd and set START=yes

(which of course I have done by making /etc/default/saslauthd exactly as you say)

I don't think the deamon is running at all, for some reason...?

Andy

 

Did you do all changes as root or as a normal user?

What's in /etc/default/saslauthd now?

 

Hi Falko,

Yes, all changes done as root. Permissions are as follows:

main.cf:
User: root
Group: root
Octal: 0644

smtpd.conf:
User: root
Group: root
Octal: 0644

saslauthd:
User: root
Group: root
Octal: 0744

saslauthd now contains:
------------------------------------------
#
# Settings for saslauthd daemon
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
-----------------------------------------------------------------

Thanks again,

Andy

 

What's the output of

Code:

updatedb
locate saslauthd

?

 

Hi again,

updatedb didn't report any output but took a while to complete.

locate saslauthd gives the following:
----------------------------------------
/etc/default/saslauthd
/etc/rc4.d/S20saslauthd
/etc/rc3.d/S20saslauthd
/etc/rc1.d/K20saslauthd
/etc/rc2.d/S20saslauthd
/etc/init.d/saslauthd
/etc/rc5.d/S20saslauthd
/usr/share/man/man8/saslauthd.8.gz
/usr/share/man/man8/testsaslauthd.8.gz
/usr/sbin/saslauthd
/usr/sbin/testsaslauthd
--------------------------------------

Thanks,

Andy

 

Looks ok. What's in /etc/init.d/saslauthd?

 

I too am also having the same problems and am a noob when it comes to this.

Thank you for any help.

-Skot

--------------------------------------------------------

System: Redhat Linux Fedora 8

Tutorial: http://www.howtoforge.com/perfect_server_fedora7

Did not install ISPConfig, don't need it.

When I sent to my email address on my server I also get the 554 No Relay message.

From my Gmail to my linux box:

Delivery to the following recipient failed permanently:

name@server

Technical details of permanent failure:
PERM_FAILURE: Gmail tried to deliver your message, but it was rejected by the recipient domain. The error that the other server returned was: 554 554 5.7.1 <name@server>: Relay access denied. We recommend contacting the other email provider for further information about the cause of this error. Thanks for your continued support. (state 14)


Details from my mail log:

mtpd[25639]: connect from rv-out-0506.google.com[209.85.198.231]
May 20 19:41:10 mysystemname postfix/smtpd[25639]: NOQUEUE: reject: RCPT from rv-out-0506.google.com[209.85.198.231]: 554 5.7.1 <name@server>: Relay access denied; from=<[email protected]> to=<name@server> proto=ESMTP helo=<rv-out-0506.google.com>
May 20 19:41:10 mysystemname postfix/smtpd[25639]: disconnect from rv-out-0506.google.com[209.85.198.231]



Here's all the info I can get (from this thread):

--------------------------------------------------
cat /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login

--------------------------------------------------

"Did you enable "Server requires authentication" in your email client?"

I was only trying to test sending an email TO this account from another, I was not trying to send an email using (through SMTP) this account.

--------------------------------------------------

cat /etc/postfix/sasl/smtpd.conf
cat: /etc/postfix/sasl/smtpd.conf: No such file or directory

--------------------------------------------------

cat /etc/postfix/main.cf (I left out all the commented code)

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
inet_interfaces = all
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.4.5/samples
readme_directory = /usr/share/doc/postfix-2.4.5/README_FILES
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
mynetworks = 127.0.0.0/8
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_sasl_authenticated_header = yes
myhostname = <my.system.name>
home_mailbox = Maildir/
mailbox_command =

--------------------------------------------------

cd /etc/postfix/sasl
-bash: cd: /etc/postfix/sasl: No such file or directory

--------------------------------------------------

cd /etc/default/saslauthd
-bash: cd: /etc/default/saslauthd: No such file or directory

--------------------------------------------------

cat /etc/postfix/master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}

 

/etc/init.d/saslauthd contains:

------------------------------------------------
#! /bin/sh
### BEGIN INIT INFO
# Provides: saslauthd
# Required-Start: $local_fs $remote_fs
# Required-Stop: $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: S 0 1 6
# Short-Description: saslauthd startup script
# Description: This script starts the saslauthd daemon. It is
# configured using the file /etc/default/saslauthd.
### END INIT INFO

# Author: Fabian Fagerholm <[email protected]>
#
# Based on previous work by Dima Barsky.

# Do NOT "set -e"

# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/usr/sbin:/usr/bin:/sbin:/bin
DESC="SASL Authentication Daemon"
NAME=saslauthd
DAEMON=/usr/sbin/$NAME
DAEMON_ARGS=""
SCRIPTNAME=/etc/init.d/$NAME
FALLBACK_RUN_DIR=/var/run/$NAME
EXIT_ERROR_CODE=1

# Exit if the daemon is not installed
test -x "$DAEMON" || exit 0

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME

# Load the VERBOSE setting and other rcS variables
[ -f /etc/default/rcS ] && . /etc/default/rcS

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions

# Determine run directory and pid file location by looking for an -m option.
RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
if [ -z "$RUN_DIR" ]; then
# No run directory defined in defaults file, use fallback
RUN_DIR=$FALLBACK_RUN_DIR
fi
PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"

# If the daemon is not enabled, give the user a warning and then exit,
# unless we are stopping the daemon
if [ "$START" != "yes" -a "$1" != "stop" ]; then
log_warning_msg "To enable $NAME, edit /etc/default/$NAME and set START=yes"
exit 0
fi

# If no mechanisms are defined, log this and exit
if [ -z "$MECHANISMS" ]; then
log_failure_msg "No mechanisms defined in /etc/default/$NAME," \
"not starting $NAME"
exit $EXIT_ERROR_CODE
fi

# If there are mechanism options defined, prepare them for use with the -O flag
if [ -n "$MECH_OPTIONS" ]; then
MECH_OPTIONS="-O $MECH_OPTIONS"
fi

# If there is a threads option defined, prepare it for use with the -n flag
if [ -n "$THREADS" ]; then
THREAD_OPTIONS="-n $THREADS"
fi

# Construct argument string
DAEMON_ARGS="$DAEMON_ARGS -a $MECHANISMS $MECH_OPTIONS $OPTIONS $THREAD_OPTIONS"

#
# Function that creates a directory with the specified
# ownership and permissions
#
createdir()
{
# $1 = user
# $2 = group
# $3 = permissions (octal)
# $4 = path to directory
# In the future, use -P/-Z to have SE Linux enhancement.
install -d --group="$2" --mode="$3" --owner="$1" "$4"
}

#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started

if dpkg-statoverride --list $RUN_DIR > /dev/null; then
dir=`dpkg-statoverride --list $RUN_DIR`
fi
test -z "$dir" || createdir $dir

start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
--exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
--exec $DAEMON -- $DAEMON_ARGS \
|| return 2
# Add code here, if necessary, that waits for the process to be ready
# to handle requests from services started subsequently which depend
# on this one. As a last resort, sleep for some time.
}

#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
--pidfile $PIDFILE --name $NAME
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
# and if the daemon is only ever run from this initscript.
# If the above conditions are not satisfied then add some other code
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 \
--exec $DAEMON
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
return "$RETVAL"
}

#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
#
# If the daemon can reload its configuration without
# restarting (for example, when it is sent a SIGHUP),
# then implement that here.
#
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE \
--name $NAME
return 0
}

case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
1) [ "$VERBOSE" != no ] && log_progress_msg "(already running)" && \
log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
1) [ "$VERBOSE" != no ] && log_progress_msg "(not running)" && \
log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
#reload|force-reload)
#
# If do_reload() is not implemented then leave this commented out
# and leave 'force-reload' as an alias for 'restart'.
#
#log_daemon_msg "Reloading $DESC" "$NAME"
#do_reload
#log_end_msg $?
#;;
restart|force-reload)
#
# If the "reload" option is implemented then remove the
# 'force-reload' alias
#
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
exit 3
;;
esac

:
-------------------------------------------------

Could it be a permissions / chroot jail problem?

Thanks,

Andy

 

I think it could be a chroot problem, but I don't know why...

 

Ok Falko, I'll keep trying and let you know if I make any progress...

Thanks,

Andy

 

Hi Falko,

I think I might have fixed it.

Any saslauthd command was returning the following: 'could not chdir to: /var/run/saslauthd chdir: no such file or directory Check to make sure the directory exists and is writeable by the user this process runs as'

I therefore created the directory, set permissions for the user postfix, and restarted salsauthd and postfix.

This then gave the mail log error: 'SASL LOGIN authentication failed: authentication failure', which suggested that at least saslauthd was running now.

I then ran the command 'saslauthd -a shadow' to specify my login and password source, and it now seems to work.

Does all of this make sense? Have I opened any security loopholes here?

Thanks for all your help to get me this far.

Andy

 

You should then specify

Code:

MECHANISMS="shadow"

in /etc/default/saslauthd.

 

Thanks Falko,

I have another problem (not related to this) in that I think I am now getting lots of attempts to use my mail server as a relay. I have it locked down OK (tested using abuse.net) so the emails are NOT being relayed, but still the attempts seem to be draining resources. A sample from the log file shows:

----------------------------------------------------------------------------
May 27 23:18:28 pooh postfix/smtpd[24094]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.1.8 <NewYorkBusinessDevelopmentCorporation@pop-smtp1-f.bt.mail.vip.ird.yahoo.com>: Sender address rejected: Malformed DNS server reply; from=<NewYorkBusinessDevelopmentCorporation@pop-smtp1-f.bt.mail.vip.ird.yahoo.com> to=<ask_me@localhost> proto=ESMTP helo=<pooh.boul.net>
May 27 23:18:28 pooh postfix/smtpd[24094]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<ask_me@localhost> proto=ESMTP helo=<pooh.boul.net>
May 27 23:18:29 pooh postfix/smtpd[24094]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<ask_me@localhost> proto=ESMTP helo=<pooh.boul.net>
May 27 23:18:29 pooh postfix/smtpd[24094]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<ask_me@localhost> proto=ESMTP helo=<pooh.boul.net>
May 27 23:18:29 pooh postfix/smtpd[24094]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<ask_me@localhost> proto=ESMTP helo=<pooh.boul.net>
May 27 23:18:29 pooh postfix/smtpd[24094]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<ask_me@localhost> proto=ESMTP helo=<pooh.boul.net>
May 27 23:18:30 pooh postfix/smtpd[24094]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<ask_me@localhost> proto=ESMTP helo=<pooh.boul.net>
May 27 23:18:32 pooh postfix/smtpd[24094]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<ask_me@localhost> proto=ESMTP helo=<pooh.boul.net>
May 27 23:18:35 pooh postfix/smtpd[24094]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<ask_me@localhost> proto=ESMTP helo=<pooh.boul.net>
May 27 23:18:39 pooh postfix/smtpd[24094]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<ask_me@localhost> proto=ESMTP helo=<pooh.boul.net>
May 27 23:18:42 pooh postfix/smtpd[24094]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<ask_me@localhost> proto=ESMTP helo=<pooh.boul.net>
May 27 23:18:46 pooh postfix/smtpd[24094]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<ask_me@localhost> proto=ESMTP helo=<pooh.boul.net>
May 27 23:18:49 pooh postfix/smtpd[24094]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<ask_me@localhost> proto=ESMTP helo=<pooh.boul.net>
May 27 23:18:52 pooh postfix/smtpd[24094]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<ask_me@localhost> proto=ESMTP helo=<pooh.boul.net>
May 27 23:18:55 pooh postfix/smtpd[24094]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<ask_me@localhost> proto=ESMTP helo=<pooh.boul.net>
------------------------------------------------------------------------

Is this normal and simply a hazard of running a mail server, or is my server doing something it shouldn't be doing?

Thanks,

Andy