Postfix: SASL authentication failure
Hi, I am trying to get SASL-authentication working with saslauthd and postfix. This is the logs I am getting and the client is unable to relay the emails: May 10 09:17:42 smtp01 postfix/smtpd[21033]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory May 10 09:17:42 smtp01 postfix/smtpd[21033]: warning: SASL authentication failure: Password verification failed May 10 09:17:42 smtp01 postfix/smtpd[21033]: warning: web.xxx.xxx[123.123.123.123]: SASL PLAIN authentication failed: generic failure I have checked the following: The user "postfix" is a member of the "sasl" group - yes /var/run/saslauthd is present - yes /var/spool/postfix/var/run/saslauthd is present - yes Tested the user works with "testsaslauthd" - yes, 0: OK "Success." This is hopefully the relevant configuration from main.cf: smtpd_client_restrictions = permit_sasl_authenticated, reject smtpd_sasl_local_domain = $myhostname smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous smtpd_delay_reject = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination I would be really thankful if someone could point out the misstakes I have done, or point me to the right direction. Thanks! -- Jonathan Sélea
Re: Postfix: SASL authentication failure
> > > May 10 09:17:42 smtp01 postfix/smtpd[21033]: warning: SASL > authentication failure: cannot connect to saslauthd server: No such file > or directory > this is a problem > > /var/run/saslauthd is present - yes > /var/spool/postfix/var/run/saslauthd is present - yes > Is one dir link to another? Do you see any files there? Run saslauthd from the command line with the "-d" argument: it should print the name of the socket it listens to or use tool like "ss" to check the socket. Check that account used by postfix has access to this folder.
Re: Postfix: SASL authentication failure
May 10 09:17:42 smtp01 postfix/smtpd[21033]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory this is a problem /var/run/saslauthd is present - yes /var/spool/postfix/var/run/saslauthd is present - yes Is one dir link to another? Do you see any files there? It seems like both of them are "their own files" - none of them are symlinked to anything /var/run: drwx--x--- 2 root sasl 140 May 10 09:17 saslauthd /var/spool/postfix/var/run drwxr-xr-x 2 root sasl 4096 May 10 09:10 saslauthd So there is defintely something going on here. I guess that /var/spool/postfix/var/run/saslauthd should be a symlink to /var/run/saslauthd ? Run saslauthd from the command line with the "-d" argument: it should print the name of the socket it listens to or use tool like "ss" to check the socket. saslauthd -d did not print the socket in use sadly. ss - I only found one socket being in use - /var/run/saslauthd I wonder, should a symlink from /var/run/saslauthd to /var/spool/postfix/var/run/saslauthd ? Thank you -- Jonathan Sélea Fingerprint: 4AF2 10DE 996B 673C 0FD8 AFA0 8B35 B3C8 94B9 64DD
Re: Postfix: SASL authentication failure
May 10 09:17:42 smtp01 postfix/smtpd[21033]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory this is a problem /var/run/saslauthd is present - yes /var/spool/postfix/var/run/saslauthd is present - yes Is one dir link to another? Do you see any files there? It seems like both of them are "their own files" - none of them are symlinked to anything /var/run: drwx--x--- 2 root sasl 140 May 10 09:17 saslauthd /var/spool/postfix/var/run drwxr-xr-x 2 root sasl 4096 May 10 09:10 saslauthd On 10.05.21 12:58, Jonathan Sélea wrote: So there is defintely something going on here. I guess that /var/spool/postfix/var/run/saslauthd should be a symlink to /var/run/saslauthd ? it should not, and if it is, then it's the problem. chrooted processes can't see files outside of chroot. for example, cyrus saslauthd should run with option "-m /var/spool/postfix/var/run/saslauthd" -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. You have the right to remain silent. Anything you say will be misquoted, then used against you.
Re: Postfix: SASL authentication failure
saslauthd creates a socket (usually in /var/run/saslauthd) and listens to it. Here what I see when run saslauthd from the command line: (I use getpwent but pam should be used probably) # saslauthd -a getpwent -d saslauthd[22825] :main: num_procs : 5 saslauthd[22825] :main: mech_option: NULL saslauthd[22825] :main: run_path : /var/state/saslauthd saslauthd[22825] :main: auth_mech : getpwent saslauthd[22825] :ipc_init: using accept lock file: /var/state/saslauthd/mux.accept saslauthd[22825] :ipc_init: listening on socket: /var/run/saslauthd/mux Look here--^^ saslauthd[22825] :detach_tty : master pid is: 0 What do you see when you run it? This is a saslauthd socket on my distro. It should be readable and accessible by postfix. There could be 2 types of problem: * Postfix user may have no access to this file because it doesn't belong to a certain group. Check who has access to this file (with ls -h) and make sure postfix runs under the account who has it. * Postfix may be chrooted. In this case it simply can't access file outside of its chroot. People solve it by symlinking this socket to the postfix chroot: See "ln" command here: https://serverfault.com/questions/319703/postfix-sasl-cannot-connect-to-saslauthd-server-no-such-file-or-directory/530346 and here: http://www.jimmy.co.at/weblog/2005/12/05/postfix-and-sasl-debian/ I believe the latter is your case. saslauthd[22825] :ipc_init: listening on socket: /var/state/saslauthd/mux
header_checks redirect multiple users
Hi i'm using header_checks redirect to filter incoming mail sender and REDIRECT. Is ti possible to redirect to multiple mail address? Something like header_checks.pcre:/From:.*sen...@externaledomain.it/       REDIRECT us...@mydomain.com, us...@mydomain.com -- Rispetta l'ambiente: se non ti è necessario, non stampare questa mail. Le informazioni contenute in questa e-mail e nei files eventualmente allegati sono destinate unicamente ai destinatari della stessa e sono da considerarsi strettamente riservate. E' proibito copiare, salvare, utilizzare, inoltrare a terzi e diffondere il contenuto della presente senza il preventivo consenso, ai sensi dell'articolo 616 c.p. e della Legge n. 196/2003. Se avete ricevuto questo messaggio per errore siete pregati di comunicarlo immediatamente all'indirizzo mittente, nonché di cancellarne il contenuto senza procedere ad ulteriore o differente trattamento. ** Ing. Matteo Cazzador NetLite snc di Cazzador Gagliardi Corso Vittorio Emanuele II, 188 37069 Villafranca di Verona VR Tel 0454856656 Fax 0454856655 Email: mat...@netlite.it Web: http://www.netlite.it **
Re: header_checks redirect multiple users
Matteo Cazzador: > Hi i'm using header_checks redirect to filter incoming mail sender and > REDIRECT. > > Is ti possible to redirect to multiple mail address? REDIRECT user@domain Write a message redirection request to the queue file, and inspect the next input line. After the message is queued, it will be sent to the specified address instead of the intended recipient(s). There can be only one address, and it is not subject to canonical mapping, virtual aliasing, and sender or recipient BCC mapping. Wietse
