postfix error? warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory

Hey Gaby,

It looks like configuration of saslauthd didn't happen correctly during installation. You don't actually want /etc/sasldb2 to be used at all (and the problem isn't with Postfix).

The solution is to configure saslauthd to not offer unsupported authentication methods. You only want LOGIN and PLAIN to be offered to clients (because those are the only ones that work with PAM or /etc/shadow).

To change this you'd edit the file /etc/postfix/sasl/smtpd.conf

There should be a single mech_list line, like this:

mech_list: plain login

If there isn't one, add it. If there is one, make sure no other mech types are listed.

After making that change, restart saslauthd:

/etc/init.d/saslauthd restart

Holler if this doesn't resolve it (and post any new errors, as I'm pretty sure this will at least change the way it fails if it doesn't actually fix it).

I'll try to figure out where I messed up in the install scripts and get this fixed in the installation soon.

Hey Gaby,

I guess the Debian default configuration of saslauthd is broken in some way for PAM. I've just got my new test/build box online and I'm installing a Debian test system, so I'll see if I can reproduce this problem and spot some cause/solution.

In the meantime, what's the complete contents of /etc/postfix/sasl/smtpd.conf? Maybe it doesn't have necessary values by default on Debian. It probably ought to contain:

pwcheck_method: saslauthd
mech_list: plain login

Then there's the /etc/default/saslauthd file, which I'm not actually sure what it should contain (if not the defaults)...I'll have to test to figure out what it's trying to do by default and figure out what needs to change to make it all spin nicely.

Also worth noting: Are you using @ in the usernames? If so, you'll want to consult with the FAQ here:

http://www.virtualmin.com/faq/one-faq?faq_id=1511#51230

Specifically, the third paragraph, which discusses SMTP auth. The "-r" option is needed on relatively recent versions of saslauthd. I doubt the version in Debian stable counts as "new", but it might.

Hey Gaby,

Believe it or not, this is an improvement! I know, it didn't work before, and it doesn't work now, so it seems like it's the same. But we're on the right track. ;-)

This looks like Postfix doesn't know how to find the saslauthd server...which makes me think maybe we need to setup a named pipe or similar, so they can talk. I'm looking into it and will get back to you as soon as I know what to do next.

Oh, wait...Are we sure saslauthd is running? Check the process list ("ps auxc") to be sure.

Hey Gaby,

Believe it or not, this is an improvement! I know, it didn't work before, and it doesn't work now, so it seems like it's the same. But we're on the right track. ;-)

This looks like Postfix doesn't know how to find the saslauthd server...which makes me think maybe we need to setup a named pipe or similar, so they can talk. I'm looking into it and will get back to you as soon as I know what to do next.

Oh, wait...Are we sure saslauthd is running? Check the process list ("ps auxc") to be sure.

Hey Gaby,

Believe it or not, this is an improvement! I know, it didn't work before, and it doesn't work now, so it seems like it's the same. But we're on the right track. ;-)

This looks like Postfix doesn't know how to find the saslauthd server...which makes me think maybe we need to setup a named pipe or similar, so they can talk. I'm looking into it and will get back to you as soon as I know what to do next.

Oh, wait...Are we sure saslauthd is running? Check the process list ("ps auxc") to be sure.

Hey Gaby,

Could I possibly login to have a look at your box? That's probably the quickest way to resolve this. Send over the IP and auth details to joe@virtualmin.com, and I'll probably be able to kick it into shape in no time.

I'm getting the same error. How can i solve this.

Adam

Okay,

I've managed to fix this issue on Debian Sarge.

I was getting the following error.
warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

So I stopped the services and created the directory
/var/spool/postfix/var/run/saslauthd

and created a symlink from /var/run/saslauthd to /var/spool/postfix/var/run/saslauthd

Then i granted permission to the directory to the mail group and made sure that postfix was a member of this group.

It all now seems to work and email is working perfectly ;-)

Adam

I'm having the same exact problem here, I just transfered a big chunk of my customers on this server and my phone is ringing!

There isn't really a clear solution posted here....

I don't have any files in /etc/postfix/sasl to begin with,
I tried creating it and adding a single line
mech_list: plain login
restarted postfix, no changes, I still get "warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory"

Have you tried my suggestions.

Actually it doesn't sound like saslauthd is running. Check /etc/default/saslauthd and check the line START=yes is uncommented.

Then restart the server and you should get a message to say it started successfully.

Okay,

I've managed to fix this issue on Debian Sarge.

I was getting the following error.
warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

So I stopped the services and created the directory
/var/spool/postfix/var/run/saslauthd

and created a symlink from /var/run/saslauthd to /var/spool/postfix/var/run/saslauthd

Then i granted permission to the directory to the mail group and made sure that postfix was a member of this group.

It all now seems to work and email is working perfectly ;-)

Adam

Hey Adam, Can you explain in just a bit more detail your statement "Then i granted permission to the directory to the mail group and made sure that postfix was a member of this group."

Thanks. I"m close to getting this whole thing working but I wanna be sure I get this stuff right.

Ref:
16: Re: Re: postfix error? warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory In response to 12 12/09/06 09:40 PM
[[ Forward ]]
Hey Adam, Can you explain in just a bit more detail your statement "Then i granted permission to the directory to the mail group and made sure that postfix was a member of this group."

Thanks. I"m close to getting this whole thing working but I wanna be sure I get this stuff right.

------------------

What they're referring to is, make sure that the postfix user is in the same group that has permission to access SASL. This, plus the fact that Debian wants the SASL config in /etc/postfix/sasl, caused me no end of grief...

I used 'adduser postfix sasl' to add the user 'postfix' (the default user that runs the Postfix daemons) to the group 'sasl' (which is the group that is granted permission to access the SASL services, root being the user that owns it). That, plus linking /etc/postfix/sasl/smtpd.conf (from it's default location) cleared things up.

This also assumes you've followed through the docs and how-to and everything actually pretends to work :-)

Alright to add to this thread:

Here's the definitive way to correct saslauthd problems on Debian and Ubuntu (almost certainly):

<b>Fix the chroot issue</b>

mkdir -p /var/spool/postfix/var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd

vi /etc/default/saslauthd

Make it look like this (uncomment START=yes, and add PARAMS=...):

# This needs to be uncommented before saslauthd will be run automatically
START=yes

PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

MECHANISMS="pam"

<b>Fix the stupid default auth methods</b>

echo "pwcheck_method: saslauthd"] /etc/postfix/sasl/smtpd.conf
echo "mech_list: PLAIN LOGIN"]> /etc/postfix/sasl/smtpd.conf

<b>Restart the services</b>

invoke-rc.d saslauthd restart
invoke-rc.d postfix restart

<b>Get the permissions right on the saslauthd directory</b>

chmod 755 /var/spool/postfix/var/run/saslauthd

&lt;b&gt;Test it (what you type is <i>emphasized</i>&lt;/b&gt;

<i>telnet localhost 25</i>
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]]'.
220 domain.tld ESMTP Postfix (Ubuntu)
<i>EHLO localhost</i>
250-domain.ltd
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
<i>QUIT</i>

If you get the AUTH LOGIN PLAIN bit, then all is well. Anything else, and something is wrong.

This will be fixed in the next version of install.sh, and I'll write a small standalone &quot;fix-the-stupid-debian-defaults&quot; script for folks who've already installed and post a link to this thread. ;-)

Does this work for centos install as well?

Does this work for centos install as well?

Hey Geoff,

CentOS ought to be working out of the box. ;-)

If it isn't, then we'll need to track down what went wrong. These exact steps definitely will not work on CentOS (it's much easier on CentOS, as postfix doesn't run chrooted). It's definitely not going to be the same problems the Debian/Ubuntu folks are running into.

Start a fresh thread and include the maillog entries from a failed login attempt, or drop me an email with your box details and I'll drop in and beat some sense into it. (CentOS is very well-understood at this point...any problems will be easy and quick to fix once we've identified them.)

Alright to add to this thread:

Here's the definitive way to correct saslauthd problems on Debian and Ubuntu (almost certainly):

&lt;b&gt;Fix the chroot issue&lt;/b&gt;

mkdir -p /var/spool/postfix/var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd

vi /etc/default/saslauthd

Make it look like this (uncomment START=yes, and add PARAMS=...):

# This needs to be uncommented before saslauthd will be run automatically
START=yes

PARAMS=&quot;-m /var/spool/postfix/var/run/saslauthd -r&quot;

# You must specify the authentication mechanisms you wish to use.
# This defaults to &quot;pam&quot; for PAM support, but may also include
# &quot;shadow&quot; or &quot;sasldb&quot;, like this:
# MECHANISMS=&quot;pam shadow&quot;

MECHANISMS=&quot;pam&quot;

&lt;b&gt;Fix the stupid default auth methods&lt;/b&gt;

echo &quot;pwcheck_method: saslauthd&quot;] /etc/postfix/sasl/smtpd.conf
echo &quot;mech_list: PLAIN LOGIN&quot;]&gt; /etc/postfix/sasl/smtpd.conf

&lt;b&gt;Restart the services&lt;/b&gt;

invoke-rc.d saslauthd restart
invoke-rc.d postfix restart

&lt;b&gt;Get the permissions right on the saslauthd directory&lt;/b&gt;

chmod 755 /var/spool/postfix/var/run/saslauthd

&lt;b&gt;Test it (what you type is <i>emphasized</i>&lt;/b&gt;

<i>telnet localhost 25</i>
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]]'.
220 domain.tld ESMTP Postfix (Ubuntu)
<i>EHLO localhost</i>
250-domain.ltd
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
<i>QUIT</i>

If you get the AUTH LOGIN PLAIN bit, then all is well. Anything else, and something is wrong.

This will be fixed in the next version of install.sh, and I'll write a small standalone &quot;fix-the-stupid-debian-defaults&quot; script for folks who've already installed and post a link to this thread. ;-)

Hi Joe,
the script mentioned to fix the problems on debian seems not to be in the installation scripts. I initially installed Virtualmin Pro in January initially on Debian and the bug seems still to be existent.

regards Dirk

Alright to add to this thread:

Here's the definitive way to correct saslauthd problems on Debian and Ubuntu (almost certainly):

&lt;b&gt;Fix the chroot issue&lt;/b&gt;

mkdir -p /var/spool/postfix/var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd

vi /etc/default/saslauthd

Make it look like this (uncomment START=yes, and add PARAMS=...):

# This needs to be uncommented before saslauthd will be run automatically
START=yes

PARAMS=&quot;-m /var/spool/postfix/var/run/saslauthd -r&quot;

# You must specify the authentication mechanisms you wish to use.
# This defaults to &quot;pam&quot; for PAM support, but may also include
# &quot;shadow&quot; or &quot;sasldb&quot;, like this:
# MECHANISMS=&quot;pam shadow&quot;

MECHANISMS=&quot;pam&quot;

&lt;b&gt;Fix the stupid default auth methods&lt;/b&gt;

echo &quot;pwcheck_method: saslauthd&quot;] /etc/postfix/sasl/smtpd.conf
echo &quot;mech_list: PLAIN LOGIN&quot;]&gt; /etc/postfix/sasl/smtpd.conf

&lt;b&gt;Restart the services&lt;/b&gt;

invoke-rc.d saslauthd restart
invoke-rc.d postfix restart

&lt;b&gt;Get the permissions right on the saslauthd directory&lt;/b&gt;

chmod 755 /var/spool/postfix/var/run/saslauthd

&lt;b&gt;Test it (what you type is <i>emphasized</i>&lt;/b&gt;

<i>telnet localhost 25</i>
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]]'.
220 domain.tld ESMTP Postfix (Ubuntu)
<i>EHLO localhost</i>
250-domain.ltd
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
<i>QUIT</i>

If you get the AUTH LOGIN PLAIN bit, then all is well. Anything else, and something is wrong.

This will be fixed in the next version of install.sh, and I'll write a small standalone &quot;fix-the-stupid-debian-defaults&quot; script for folks who've already installed and post a link to this thread. ;-)

Hi Joe,
the script mentioned to fix the problems on debian seems not to be in the installation scripts. I initially installed Virtualmin Pro in January initially on Debian and the bug seems still to be existent.

regards Dirk

Hey Dirk,

It should finally be fixed in the installer.

And there's now a mail-setup.pl script in the http://software.virtualmin.com/lib directory that should setup Postfix, Dovecot, and saslauthd on any platform that Virtualmin Professional is supported on, as long as all packages are installed.