Error on SASL SMTP authentication

Mainz

Member


Messages: 29

Hello Guys,

iI installed a new Mailserver using Dovecot, Postfix and a MySQL-Database for the Users and Domains and Mailboxes.

Now iI'm at the point to configure the secure SASL Authentication for SMTP.
I created a socket and told Postfix to use it but it wont work.

This is my main.cf
I used the normal main.cf configuration file and added the following to the bottom:

Code:
virtual_alias_maps = mysql:/usr/local/etc/postfix/valias.cf
virtual_mailbox_base = /srv/mail
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/vmailbox.cf
virtual_uid_maps = mysql:/usr/local/etc/postfix/vuidmaps.cf
virtual_gid_maps = static:125
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/vdomains.cf
smtpd_tls_cert_file = /certificates/postfix/postfix_cert.pem
smtpd_tls_key_file = /certificates/postfix/postfix_key.pem
smtpd_tls_security_level = may
smtpd_tls_auth_only= yes
smtpd_sasl_auth_enable= yes
smtpd_sasl_auth_path=/srv/postfix/private/auth
smtpd_sasl_type=dovecot

Here is my dovecot.conf

Code:
## Dovecot configuration file

protocols = imap
auth_mechanisms = plain login
ssl_cert = </certificates/cert.pem
ssl_key = </certificates/key.pem
disable_plaintext_auth = yes

passdb {
  driver = sql
  args = /usr/local/etc/dovecot/dovecot-sql.conf
}

userdb {
  driver = sql
  args = /usr/local/etc/dovecot/dovecot-sql.conf
}

service auth {
  unix_listener /srv/postfix/private/auth {
  mode = 0660
  user = postfix
  group = postfix
  }
}

When i restart my Postfix then iI get the following:

Code:
root@mailsrv:/srv # service postfix restart
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
postfix/postfix-script: stopping the Postfix mail system
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
postfix/postfix-script: starting the Postfix mail system

Then iI checked my Mail-Log and send a testmail and iI got the following:

Code:
root@mailsrv:/srv/mail/******* # tail -F /var/log/maillog

Mar 27 22:39:26 mailsrv postfix/smtpd[1166]: warning: SASL: Connect to smtpd fai   led: No such file or directory

Mar 27 22:39:26 mailsrv postfix/smtpd[1166]: fatal: no SASL authentication mecha  nisms

Mar 27 22:39:27 mailsrv postfix/master[1112]: warning: process /usr/local/libexe  c/postfix/smtpd pid 1166 exit status 1

Mar 27 22:39:27 mailsrv postfix/master[1112]: warning: /usr/local/libexec/postfi  x/smtpd: bad command startup -- throttling

Mar 27 22:40:27 mailsrv postfix/smtpd[1184]: error: open database /etc/aliases.d  b: No such file or directory

Mar 27 22:40:27 mailsrv postfix/smtpd[1184]: connect from dub004-omc3s31.hotmail   .com[157.55.2.40]

Mar 27 22:40:28 mailsrv postfix/smtpd[1184]: warning: SASL: Connect to smtpd fai  led: No such file or directory

Mar 27 22:40:28 mailsrv postfix/smtpd[1184]: fatal: no SASL authentication mecha  nisms

Mar 27 22:40:29 mailsrv postfix/master[1112]: warning: process /usr/local/libexe  c/postfix/smtpd pid 1184 exit status 1

Mar 27 22:40:29 mailsrv postfix/master[1112]: warning: /usr/local/libexec/postfi   x/smtpd: bad command startup -- throttling

EDIT: I checked /usr/local/libexec/postfix/smtpd and in the folder Postfix there is a file named smtpd but when I open it I get cryptic letters.

For me it looks like that SASL is not installed, but iI checked the port cyus-SASL and rechecked the config of Postfix and both are installed.

Did someone know where the problem is?
 
Last edited by a moderator:
OP
Mainz

Mainz

Member


Messages: 29

And here is my master.cf

Code:
submission inet n  -  n  -  -  smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

And when iI send an email iI get the following in my maillog

Code:
Mar 28 17:49:11 mailsrv postfix/qmgr[12673]: 0FDBE286B42: removed
Mar 28 17:49:11 mailsrv postfix/local[12780]: warning: hash:/etc/aliases is unavailable. open database /etc/aliases.db: No such file or directory
Mar 28 17:49:11 mailsrv postfix/local[12780]: warning: hash:/etc/aliases: lookup of 'root' failed

NOTICE: And i checked the following: Localy I can send mail to my mailboxes. I can send mails to extern providers but I cant recieve emails from extern for example outlook.com


When more logs or more files are required to show then just tell me please.

I hope that someone can help me a bit :)
 

gkontos

Daemon

Reaction score: 487
Messages: 2,160

First create the aliases db by running newaliases.

Then change: smtpd_sasl_auth_path=/srv/postfix/private/auth to smtpd_sasl_auth_path=private/auth

Also, cyus-SASL is useless because you are using Dovecot which is the default in postfix-3.1
 
OP
Mainz

Mainz

Member


Messages: 29

First create the aliases db by running newaliases.

Then change: smtpd_sasl_auth_path=/srv/postfix/private/auth to smtpd_sasl_auth_path=private/auth

Also, cyus-SASL is useless because you are using Dovecot which is the default in postfix-3.1

Thanks for your answer. Did i have to change the path in my dovecot.conf to?

Code:
service auth {
  unix_listener /srv/postfix/private/auth {
  mode = 0660
  user = postfix
  group = postfix
  }
}

I used the command newaliasesand changed the path.Then I restarted postfix and got the same error.

Code:
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=private/auth

When I change the path in my dovecot.conf file to and then try to restart dovecot I get the following error:
Code:
root@mailsrv:/usr/local/etc/dovecot # service dovecot restart
Stopping dovecot.
Waiting for PIDS: 711.
Starting dovecot.
Error: bind(/var/run/dovecot/private/auth) failed: No such file or directory
Fatal: Failed to start listeners
/usr/local/etc/rc.d/dovecot: WARNING: failed to start dovecot

EDIT: One of the errors is gone after I type in newaliases but the other errors are still there

Code:
Mar 28 23:00:29 mailsrv postfix/smtpd[1248]: connect from dub004-omc1s32.hotmail  .com[157.55.0.231]
Mar 28 23:00:29 mailsrv postfix/smtpd[1249]: connect from dub004-omc1s26.hotmail  .com[157.55.0.225]
Mar 28 23:00:30 mailsrv postfix/smtpd[1248]: warning: SASL: Connect to smtpd fai  led: No such file or directory
Mar 28 23:00:30 mailsrv postfix/smtpd[1248]: fatal: no SASL authentication mecha  nisms
Mar 28 23:00:30 mailsrv postfix/smtpd[1249]: warning: SASL: Connect to smtpd fai  led: No such file or directory
Mar 28 23:00:30 mailsrv postfix/smtpd[1249]: fatal: no SASL authentication mecha  nisms
Mar 28 23:00:31 mailsrv postfix/master[984]: warning: process /usr/local/libexec  /postfix/smtpd pid 1248 exit status 1
Mar 28 23:00:31 mailsrv postfix/master[984]: warning: /usr/local/libexec/postfix  /smtpd: bad command startup -- throttling
Mar 28 23:00:31 mailsrv postfix/master[984]: warning: process /usr/local/libexec  /postfix/smtpd pid 1249 exit status 1

This Error to :(
Code:
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=private/auth
 
OP
Mainz

Mainz

Member


Messages: 29

Here is my postconf -n maybe it will help

Code:
root@mailsrv:/usr/local/etc/postfix # postconf -n
command_directory = /usr/local/sbin
compatibility_level = 2
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = /usr/local/share/doc/postfix
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
meta_directory = /usr/local/libexec/postfix
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
shlib_directory = /usr/local/lib/postfix
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /certificates/postfix/postfix_cert.pem
smtpd_tls_key_file = /certificates/postfix/postfix_key.pem
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/usr/local/etc/postfix/valias.cf
virtual_gid_maps = static:125
virtual_mailbox_base = /srv/mail
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/vdomains.cf
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/vmailbox.cf
virtual_uid_maps = mysql:/usr/local/etc/postfix/vuidmaps.cf
postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth

And thats what my /usr/local/etc/dovecot folder looks like
Code:
root@mailsrv:/usr/local/etc/dovecot # ls
README  dovecot-sql.conf  dovecot.conf  example-config[/quote]

Did I miss something here?
 
OP
Mainz

Mainz

Member


Messages: 29

When I delete the line
Code:
smtpd_sasl_auth_path=/srv/postfix/private/auth
then I can start postfix without getting the error unused_parameter and get the following error:
Code:
Mar 29 09:54:09 mailsrv postfix/smtpd[1576]: lost connection after CONNECT from nz92l248.bb11352.ctm.net[113.52.92.248]
Mar 29 09:54:09 mailsrv postfix/smtpd[1576]: disconnect from nz92l248.bb11352.ctm.net[113.52.92.248] commands=0/0
Mar 29 09:54:09 mailsrv postfix/smtpd[1577]: connect from mail-he1eur01on0113.outbound.protection.outlook.com[104.47.0.113]
Mar 29 09:54:09 mailsrv postfix/smtpd[1578]: connect from dub004-omc1s32.hotmail.com[157.55.0.231]
Mar 29 09:54:09 mailsrv postfix/smtpd[1575]: connect from mail-db3on0127.outbound.protection.outlook.com[157.55.234.127]
Mar 29 09:54:18 mailsrv postfix/anvil[1490]: statistics: max connection rate 1/60s for (smtp:157.55.234.112) at Mar 29 09:44:18
Mar 29 09:54:18 mailsrv postfix/anvil[1490]: statistics: max connection count 1 for (smtp:157.55.234.112) at Mar 29 09:44:18
Mar 29 09:54:18 mailsrv postfix/anvil[1490]: statistics: max cache size 6 at Mar 29 09:47:23
Mar 29 09:54:19 mailsrv postfix/smtpd[1577]: fatal: no SASL authentication mechanisms
Mar 29 09:54:19 mailsrv postfix/smtpd[1578]: fatal: no SASL authentication mechanisms
Mar 29 09:54:19 mailsrv postfix/smtpd[1575]: fatal: no SASL authentication mechanisms
Mar 29 09:54:20 mailsrv postfix/master[1484]: warning: process /usr/local/libexec/postfix/smtpd pid 1578 exit status 1
Mar 29 09:54:20 mailsrv postfix/master[1484]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
Mar 29 09:54:20 mailsrv postfix/master[1484]: warning: process /usr/local/libexec/postfix/smtpd pid 1577 exit status 1
Mar 29 09:54:20 mailsrv postfix/smtpd[1576]: connect from dub004-omc1s32.hotmail.com[157.55.0.231]
Mar 29 09:54:20 mailsrv postfix/master[1484]: warning: process /usr/local/libexec/postfix/smtpd pid 1575 exit status 1
Mar 29 09:54:31 mailsrv postfix/smtpd[1576]: fatal: no SASL authentication mechanisms
Mar 29 09:54:32 mailsrv postfix/master[1484]: warning: process /usr/local/libexec/postfix/smtpd pid 1576 exit status 1
Mar 29 09:54:46 mailsrv dovecot: imap-login: Warning: Auth process not responding, delayed sending initial response (greeting): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, session=<qRnNVysvQ7dQk7HE>
Mar 29 09:54:57 mailsrv dovecot: master: Error: service(auth): command startup failed, throttling for 60 secs
Mar 29 09:54:57 mailsrv dovecot: auth: Fatal: sql /usr/local/etc/dovecot/dovecot-sql.conf: Error in configuration file /usr/local/etc/dovecot/dovecot-sql.conf line 6: Expecting '='
Mar 29 09:54:57 mailsrv dovecot: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 21 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, session=<qRnNVysvQ7dQk7HE>
Mar 29 09:55:07 mailsrv dovecot: imap-login: Warning: Auth process not responding, delayed sending initial response (greeting): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, session=<BdoGWSsvRrdQk7HE>

Here is my dovecot-sql.conf

Code:
driver = mysql
connect = host=127.0.0.1 dbname=mail user=mail password=*********
default_pass_scheme = PLAIN-MD5

password_query = SELECT mailbox AS username,
domains.domain, password
FROM mailboxes JOIN domains
ON domains.uid = mailboxes.domain
WHERE address = '%n' AND domains.domain = '%d'

user_query = SELECT CONCAT('maildir:/srv/mail/',domains.domain,'/',mailboxes.address)
as mail,mailboxes.id as uid,125 as gid
FROM mailboxes
JOIN domains ON domains.uid = mailboxes.domain

Code:
smtpd_sasl_path = /srv/postfix/private/auth
smtpd_sasl_auth_path=/srv/postfix/private/auth
Is this the same? When I use the
Code:
smtpd_sasl_path = /srv/postfix/private/auth
I get no error but when I use
Code:
smtpd_sasl_auth_path=/srv/postfix/private/auth
I get the unused_parameter error.

Can someone give me a hint or help me?
 

gkontos

Daemon

Reaction score: 487
Messages: 2,160

While looking at your postconf -d, it appears that smtpd_sasl_path is missing. Add it and you should be ok.
 
OP
Mainz

Mainz

Member


Messages: 29

While looking at your postconf -d, it appears that smtpd_sasl_path is missing. Add it and you should be ok.
Much thanks for your Answer!

Code:
command_directory = /usr/local/sbin
compatibility_level = 2
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = /usr/local/share/doc/postfix
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
meta_directory = /usr/local/libexec/postfix
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
shlib_directory = /usr/local/lib/postfix
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /srv/postfix/private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /certificates/postfix/postfix_cert.pem
smtpd_tls_key_file = /certificates/postfix/postfix_key.pem
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/usr/local/etc/postfix/valias.cf
virtual_gid_maps = static:125
virtual_mailbox_base = /srv/mail
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/vdomains.cf
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/vmailbox.cf
virtual_uid_maps = mysql:/usr/local/etc/postfix/vuidmaps.cf

Thats my postconf -n now. What is with the command smtpd_sasl_auth_path did I need it?

And I still get the following error

Code:
Mar 29 11:01:08 mailsrv postfix/smtpd[9625]: fatal: no SASL authentication mechanisms
Mar 29 11:01:09 mailsrv postfix/master[9622]: warning: process /usr/local/libexec/postfix/smtpd pid 9625 exit status 1
Mar 29 11:01:09 mailsrv postfix/master[9622]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
Mar 29 11:01:10 mailsrv postfix/smtpd[9629]: fatal: no SASL authentication mechanisms
Mar 29 11:01:11 mailsrv postfix/master[9622]: warning: process /usr/local/libexec/postfix/smtpd pid 9629 exit status 1
Mar 29 11:01:17 mailsrv postfix/smtpd[9631]: fatal: no SASL authentication mechanisms
Mar 29 11:01:18 mailsrv postfix/master[9622]: warning: process /usr/local/libexec/postfix/smtpd pid 9631 exit status 1

Did you have an idea what can I do?
 

gkontos

Daemon

Reaction score: 487
Messages: 2,160

That's my postconf

Code:
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
 

obsigna

Daemon

Reaction score: 830
Messages: 1,236

For some reason you want Dovecot to provide authentication information for Postfix on the non-standard path /srv/postfix/private/auth, OK so far, even if this looks funny, it's your choice.

However, if you want this, than you need to make sure, that the directory /srv/postfix/private/ does exist before Dovecot starts up, AND that the user postfix got at least x permissions to the directory and read permissions to something inside of it. If the directory /srv/postfix/private/ does not exit, then Dovecot cannot create the local domain (unix) socket auth in it. Dovecot would listen on this unix socket for SASL authentication requests from Postfix. If the unix socket does not exist, OR Postfix is configured with the wrong path, OR Postfix does not have sufficient access permissions for the path, then you experience those errors in your error logs.

Checks:
ls -ld /srv/postfix/private
Code:
drwx------  2 postfix  wheel  512 29 Mär 07:40 /srv/postfix/private

ls -l /srv/postfix/private
Code:
total 0
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 anvil
srw-rw-rw-  1 postfix  postfix  0 29 Mär 07:40 auth
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 bounce
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 defer
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 discard
srw-rw----  1 postfix  postfix  0 29 Mär 07:40 dovecot-lmtp
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 error
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 lmtp
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 local
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 proxymap
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 proxywrite
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 relay
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 retry
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 rewrite
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 scache
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 smtp
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 tlsmgr
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 trace
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 verify
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 virtual
 
Top