postfix/dovecot - sasl authentication works no more

ddaas · 05-14-2009, 06:38 AM

Hello everybody,
I am running FreeBSD with posftix and dovecot. There virtual domains and users and postfix authenticates users using sasl and dovecot.
Today I've performed a server upgrade and sasl authentication works no more. It worked for the last 4 months without problems.

In postfix logs I get

Code:

May 14 13:34:21 sfdsa postfix/smtpd[1345]: warning: SASL: Connect to smtpd failed: No such file or directory
May 14 13:34:21 sfdsa postfix/smtpd[1345]: fatal: no SASL authentication mechanisms

postfix is running, dovecot is running, saslauthd is running.

For me everything seems ok, what file or directory has been changed and can not be found anymore?

Please help me if you can, this is a production server.

Many thanks

ddaas · 05-14-2009, 06:58 AM

If it helps:

postconf -n

Code:

command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debug_peer_list = softexp.ro
header_checks = regexp:/usr/local/etc/postfix/header_checks
html_directory = no
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
myhostname = mail.softexp.ro
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_hostname permit
smtpd_recipient_restrictions = reject_non_fqdn_sender reject_non_fqdn_recipient permit_mynetworks  permit_sasl_authenticated  reject_unauth_destination reject_sender_login_mismatch reject_invalid_hostname  reject_unknown_recipient_domain reject_unverified_recipient check_sender_access hash:/usr/local/etc/postfix/access_sender check_helo_access pcre:/usr/local/etc/postfix/helo_checks  reject_unknown_sender_domain reject_rbl_client zen.spamhaus.org, reject_rhsbl_sender    dsn.rfc-ignorant.org  permit
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, permit
soft_bounce = no
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/usr/local/etc/postfix/valias.txt
virtual_gid_maps = static:1000
virtual_mailbox_base = /var/spool/vmail
virtual_mailbox_domains = /usr/local/etc/postfix/vhost.txt
virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmaps.txt
virtual_uid_maps = static:1000

and dovecot -n

Code:

# 1.1.11: /usr/local/etc/dovecot.conf
# OS: FreeBSD 7.0-RELEASE amd64  ufs
base_dir: /var/run/dovecot/
log_path: /var/log/dovecot.log
info_log_path: /var/log/dovecot.info
protocols: imap imaps pop3 pop3s
ssl_disable: yes
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
login_greeting_capability(default): yes
login_greeting_capability(imap): yes
login_greeting_capability(pop3): no
verbose_proctitle: yes
first_valid_uid: 1000
first_valid_gid: 1000
mail_privileged_group: mail
mail_location: maildir:/var/spool/vmail/%d/%n
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
imap_client_workarounds(default): delay-newmail netscape-eoh tb-extra-mailbox-sep
imap_client_workarounds(imap): delay-newmail netscape-eoh tb-extra-mailbox-sep
imap_client_workarounds(pop3): 
pop3_client_workarounds(default): 
pop3_client_workarounds(imap): 
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
  mechanisms: plain login
  username_format: %Lu
  passdb:
    driver: pam
    args: session=yes dovecot
  passdb:
    driver: passwd-file
    args: /usr/local/etc/dovecot_passwd
  userdb:
    driver: passwd
    args: blocking=yes
  userdb:
    driver: passwd-file
    args: /usr/local/etc/dovecot_users
  socket:
    type: listen
    client:
      path: /var/run/dovecot/auth-client
      mode: 432
    master:
      path: /var/run/dovecot/auth-master
      mode: 384

datopdog · 05-14-2009, 10:43 AM

postfix cannot find your smtpd.conf file which has the sasl mechs configured in.

chitambira · 05-14-2009, 11:50 AM

# locate smtpd.conf

ddaas · 05-14-2009, 02:53 PM

I found that file in /usr/lib/sasl2/smtpd.conf and /usr/lib/sasl2

Its content is:

log_level:3
pwcheck_method: saslauthd
mech_list: plain login

Does postfix looks for the file in another location?
How can I tell postfix to look in the correct location?
I've added in main.cf:
smtpd_sasl_path = smtpd

Any ideas?

Thanks

datopdog · 05-15-2009, 03:10 AM

your postfix is built with the prefix /usr/local so this may help

Code:

mkdir -p /usr/local/lib/sasl2/
ln -s /usr/lib/sasl2/smtpd.conf /usr/local/lib/sasl2/smtpd.conf

chitambira · 05-15-2009, 05:45 AM

- Did you recompile/rebuild postfix with sasl2 support on upgrade?
- Is saslauthd (daemon) really running? What is content of a directory /var/run/saslauthd/ and permissions?
- Whats the sasl config in your main.cf

Quote:

smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
smtp_sasl_auth_enable = no
#smtpd_sasl_path = smtpd
smtpd_sasl_path=/var/run/saslauthd/mux
smtp_sasl_type =

Open your /usr/local/lib/sasl2/smtpd.conf and check if there is any trailing whitespace after the word "socket" in this file?