Hi, you can view some info (not really relevant, IMO) about this post on the first post here: https://www.virtualmin.com/node/11477
You can throw at me technical stuff, don't worry.
Basically, my problem is I couldn't get postfix to send my emails via smtp when it was for a mail like "mymail@gmail.com", stating it was invalid relaying.
Here's a sample log line:
Sep 16 15:56:35 stock postfix/smtpd[26216]: NOQUEUE: reject: RCPT from XXX: 554 5.7.1 <mymail@gmail.com>: Relay access denied; from=<user@domain.tld> to=<mymail@gmail.com> proto=ESMTP helo=<[XXX]>
The user exists and can be authenticated (though I never really got a password request for it), but I don't believe that's happening.
I tried activating SASL, but it would always get:
Sep 16 15:55:16 stock postfix/smtpd[25653]: warning: xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms
Sep 16 15:55:16 stock postfix/smtpd[25653]: fatal: no SASL authentication mechanisms
And I couldn't get out of there... if you can help me, I'd love it.
Anyway, I can only send emails through smtp now because I've got postfix as open-relay.
Here's my main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = XXX
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = XXX
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_maps = hash:/etc/postfix/virtual
mailbox_command = /usr/bin/procmail
smtpd_recipient_restrictions = permit_mynetworks permit_inet_interfaces reject_unknown_reverse_client_hostname permit_sasl_authenticated check_client_access hash:/etc/postfix/rbl_override permit defer_if_permit
As you can see, I have these two to allow "anything": permit defer_if_permit
I'm using Dovecot + Postfix on Debian 5.
Let me know if you need anything else.
Thank you for your help.
This typically occurs whenever the desktop client isn't setup to authenticate for Outgoing Email -- which many don't do by default.
I'd look in the setting for your client, and verify that it's set to authenticate for all Outgoing Email.
-Eric
Hi Eric,
Thank you so much for your availability.
Unfortunately, I have it set to authenticate, and with the right user/server settings (I'm using thunderbird, so it's kind of common to not associate a correct smtp server with pop account).
Any other suggestion?
Sep 16 15:55:16 stock postfix/smtpd[25653]: fatal: no SASL authentication mechanisms
Okay, the above issue appears to be the relevant one here.
What distro/version are you using, and how had you performed the Virtualmin installation?
Also, had you used a fresh install of your distro?
You may want to verify that saslauthd is running... if you run "ps auxw | grep saslauth" -- do you see any processes listed?
-Eric
Hey Eric,
Currently I haven't got enabled SASL auth because it'll crash the email service, but if you're here with me I can afford to let it go down for about an hour or so.
I'm using Debian 5 (lenny).
I used a fresh install. I downloaded the webmin .deb and installed everything except apache from webmin/virtualmin, so virtualmin was installed through webmin (I thought that would be better than the install script).
I have saslauth installed and running.
The weird thing is that I get that error when I enable SASL on Webmin/Postfix, even though saslauth is running. I don't think postfix knows how to get to saslauth or how saslauth is running (what's it accepting, etc.).
Okay -- so, it sounds like you may have installed things the hard way :-)
The easy way is with the install.sh, which installs all the dependencies for you, as well as configuring everything such that it should all work right out of the box.
However, from the sound of it, you have some live things running on there now, so I suspect you'd prefer not to start over ;-)
My guess, though, is that you're either missing some dependencies, or that one of them isn't configured quite right.
First, what is the output of this command:
dpkg -l 'sasl' | grep ii
Second, what errors/warnings, if any, do you see in the email log after restarting both Postfix and Saslauthd?
-Eric
Hey Eric,
There's no errors or warnings if I enable sasl on postfix and restart it, by the time it restarts, only when I try to send an email through smtp. And the errors that occur are the ones I mentioned above in the first post.
dpkg -l 'sasl' | grep ii
Returns no package, neither does
dpkg -l 'sasl' | grep ii
which I believe is weird, right? I mean saslauthd is installed and running!
Hrm, just to be clear as it looks like the forum is mangling the code, the text "sasl" in the dpkg -l command above should be surrounded by asterisks (* characters).
When I run that command, I get this:
ii libsasl2-2 2.1.22.dfsg1-23+lenny1 Cyrus SASL - authentication abstraction libr
ii libsasl2-modules 2.1.22.dfsg1-23+lenny1 Cyrus SASL - pluggable authentication module
ii sasl2-bin 2.1.22.dfsg1-23+lenny1 Cyrus SASL - administration programs for SAS
Doh, my bad, I thought you wanted something specific, thus no *.
Here's what I get then:
ii libsasl2-2 2.1.22.dfsg1-23+lenny1 Cyrus SASL - authentication abstraction libr
ii sasl2-bin 2.1.22.dfsg1-23+lenny1 Cyrus SASL - administration programs for SAS
So it looks like I'm missing libsasl2-modules. I'm going to install it and let you know if something changes.
Ok. Now it asks me for a password for the correct user (no tld now :)), but I put the correct one and nothing happens (I think it's too quick to even do a server check). It just asks again and again. I doesn't return an error or anything.
This happens for TLS and no TLS.
I checked the logs, and it looks very normal:
Sep 16 23:13:01 stock postfix/smtpd[22601]: connect from XXX
Sep 16 23:13:02 stock postfix/smtpd[22601]: lost connection after RCPT from XXX
Sep 16 23:13:02 stock postfix/smtpd[22601]: disconnect from XXX
If I don't use SMTP auth, it throws me a Relay access denied error, but that's supposed to happen if SMTP auth is working fine :)
I'm also getting this but I don't think it's related at all so I'm not gonna focus on this just yet (though it does sound bad, and the server did go berserk for a few minutes):
Sep 16 22:21:08 stock postfix/trivial-rewrite[18691]: fatal: epoll_create: Too many open files
Sep 16 22:29:27 stock postfix/smtp[19163]: fatal: epoll_create: Too many open files
Sep 16 22:30:27 stock postfix/error[19197]: fatal: epoll_create: Too many open files
Sep 16 22:44:31 stock postfix/error[19971]: fatal: epoll_create: Too many open files
Sep 16 22:49:26 stock postfix/smtp[20241]: fatal: epoll_create: Too many open files
Sep 16 22:49:27 stock postfix/bounce[20242]: fatal: epoll_create: Too many open files
Sep 16 22:54:27 stock postfix/smtp[20542]: fatal: epoll_create: Too many open files
Sep 16 22:54:27 stock postfix/proxymap[20544]: fatal: epoll_create: Too many open files
Sep 16 22:54:30 stock postfix/error[20545]: fatal: epoll_create: Too many open files
Sep 16 22:55:31 stock postfix/error[20581]: fatal: epoll_create: Too many open files
Do you have any idea why thunderbird repeatedly requests me a password without even checking the server? It does look like a thunderbird error, but I hardly doubt it as it works perfectly fine for other servers, so there probably is something missing me. Can you post here your main.cf?
I'll see if I can dig up a fairly default main.cf, as mine is pretty customized and isn't likely to work well for you.
What distro/version are you using?
However, the "Too many open files" errors are troubling :-)
What does your /etc/security/limits.conf file have in it?
-Eric
Debian 5 (lenny)
Nothing there yet, I haven't come to that as I did a fresh install today, but many things are live in there and that's why another fresh install wasn't really thinkable :)
Debian 5 (lenny)
Nothing there yet, I haven't come to that as I did a fresh install today, but many things are live in there and that's why another fresh install wasn't really thinkable :)
Ok, after digging up some more on other logs, here's what I've got:
Sep 16 23:41:35 stock postfix/smtpd[24836]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 16 23:41:35 stock postfix/smtpd[24836]: warning: SASL authentication failure: Password verification failed
Sep 16 23:41:35 stock postfix/smtpd[24836]: warning: XXX: SASL PLAIN authentication failed: generic failure
Sep 16 23:41:35 stock postfix/smtpd[24836]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 16 23:41:35 stock postfix/smtpd[24836]: warning: XXX: SASL LOGIN authentication failed: generic failure
Sep 16 23:41:38 stock postfix/smtpd[24836]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 16 23:41:38 stock postfix/smtpd[24836]: warning: SASL authentication failure: Password verification failed
Sep 16 23:41:38 stock postfix/smtpd[24836]: warning: XXX: SASL PLAIN authentication failed: generic failure
Sep 16 23:41:38 stock postfix/smtpd[24836]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 16 23:41:38 stock postfix/smtpd[24836]: warning: XXX: SASL LOGIN authentication failed: generic failure
Sep 16 23:41:39 stock postfix/smtpd[24836]: disconnect from XXX
This indicates something is still not correct ( warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory ). I'm gonna look around for solutions for this, in the meanwhile, feel free to help ;)
Ok, after digging up some more on other logs, here's what I've got:
Sep 16 23:41:35 stock postfix/smtpd[24836]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 16 23:41:35 stock postfix/smtpd[24836]: warning: SASL authentication failure: Password verification failed
Sep 16 23:41:35 stock postfix/smtpd[24836]: warning: XXX: SASL PLAIN authentication failed: generic failure
Sep 16 23:41:35 stock postfix/smtpd[24836]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 16 23:41:35 stock postfix/smtpd[24836]: warning: XXX: SASL LOGIN authentication failed: generic failure
Sep 16 23:41:38 stock postfix/smtpd[24836]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 16 23:41:38 stock postfix/smtpd[24836]: warning: SASL authentication failure: Password verification failed
Sep 16 23:41:38 stock postfix/smtpd[24836]: warning: XXX: SASL PLAIN authentication failed: generic failure
Sep 16 23:41:38 stock postfix/smtpd[24836]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 16 23:41:38 stock postfix/smtpd[24836]: warning: XXX: SASL LOGIN authentication failed: generic failure
Sep 16 23:41:39 stock postfix/smtpd[24836]: disconnect from XXX
This indicates something is still not correct ( warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory ). I'm gonna look around for solutions for this, in the meanwhile, feel free to help ;)
It seems that creating a symlink should help:
ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd
But it didn't for me (and yes, I restarted saslauthd, postfix and dovecot).
Ok, finally it worked fine!!!
So here's what I did (it has to do with postfix being chroot'd):
First, I had to change in /etc/default/saslauthd OPTIONS var, because it wasn't set for postfix:
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
Then, I did this:
rm -r /var/run/saslauthd/
mkdir -p /var/spool/postfix/var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run
chgrp sasl /var/spool/postfix/var/run/saslauthd
adduser postfix sasl
restared postfix, saslauthd and dovecot and voilá!! It works :D
Now if I run into anymore problems in mail, I'll comeback and ask for help :D
In the meanwhile, Eric, I'd like to know a way to contact you 'cause I'd love to make a small donation as an appreciation for your time spent with me :)
Ok, finally it worked fine!!!
I'm glad you got it working! That's great news.
In the meanwhile, Eric, I'd like to know a way to contact you 'cause I'd love to make a small donation as an appreciation for your time spent with me :)
I appreciate your kind words -- however, there's no need to reimburse me... just say nice things about Virtualmin to people, that'd be plenty :-)
Thanks for the update!
-Eric
ok, so something must've happened because just a few minutes after I said it was working fine, it wasn't working and I can't figure out why.
I don't believe I changed anything and I know how dumb that sounds (yeah sure, you changed something and you don't remember)...
Anyway, now the error is different, I still get to have to repeatedly input the SMTP password (the user and password are 100% correct, I tested it with testsaslauth -u user@domain.tld -p password), .
Here's what I get on the logs:
Sep 17 08:48:52 r25074 postfix/smtpd[29567]: connect from XXX
Sep 17 08:48:58 r25074 postfix/smtpd[29567]: warning: SASL authentication failure: Password verification failed
Sep 17 08:48:58 r25074 postfix/smtpd[29567]: warning: XXX: SASL LOGIN authentication failed: authentication failure
Sep 17 08:49:10 r25074 postfix/smtpd[29567]: warning: SASL authentication failure: Password verification failed
Sep 17 08:49:10 r25074 postfix/smtpd[29567]: warning: XXX: SASL PLAIN authentication failed: authentication failure
Sep 17 08:49:12 r25074 postfix/smtpd[29567]: warning: XXX: SASL LOGIN authentication failed: authentication failure
Sep 17 08:49:13 r25074 postfix/smtpd[29567]: disconnect from XXX
So it does look like a simple wrong password thing... at least POP is working correctly:
Sep 17 08:49:18 r25074 dovecot: pop3-login: Login: user=<user@domain.tld>, method=PLAIN, rip=XXX, lip=XXX
Sep 17 08:49:18 r25074 dovecot: POP3(user@domain.tld): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Just to verify things are working as expected, what is the output of this command:
ps auxw | grep saslauthd
I want to make sure the -r option is in there.
Also, if you restart saslauthd, do you see any errors or warnings in the log files?
-Eric
-r option isn't there, why? Should it be?
root 5568 0.0 0.1 53044 900 ? Ss 13:25 0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -n 5
root 5595 0.0 0.1 53044 632 ? S 13:25 0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -n 5
root 5597 0.0 0.1 53044 512 ? S 13:25 0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -n 5
root 5598 0.0 0.1 53044 512 ? S 13:25 0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -n 5
root 5599 0.0 0.1 53044 512 ? S 13:25 0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -n 5
root 10760 0.0 0.1 5612 672 pts/0 D+ 14:38 0:00 grep saslauthd
I read that -r does this:
Combine the realm with the login before passing to authentication mechanism
Ex. login: "foo" realm: "bar" will get passed as login: "foo@bar"
The realm name is passed untouched.
I thought I was passing the login together with the @domain.tld part, or is that ignored? Should I try with -r? (I can't right now, I'm having some trouble cleaning up bad emails on queue, 'cause of the open relay, but the users are happy and only in about 4hours can I make some more tests)
Well, I'm a little puzzled, as your post above suggests -r should be there, based on the OPTIONS line in /etc/default/saslauthd:
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
However, in that file, I'd just double-check that the -r option is being passed in.
Using users with an "@" in their name requires some workarounds (it's not the default, and that's all explained in the help text for the "Format for usernames that include domain" Option where you'd set that in the Server Templates).
One of the workarounds is that you have to make sure the -r parameter is being passed into saslauthd.
-Eric
Ok, I read that Help but didn't see that in there, maybe I didn't pay that much attention to it. I mostly saw variables.
Anyway, I put the -r in there (it was missing) and later on I'll check if that fixes it.
But, for what you're telling me, it should work fine. I'll update you.
I have another topic I'm having trouble with, can you see private topics? If not, I can make it public.
Ok, I read that Help but didn't see that in there, maybe I didn't pay that much attention to it. I mostly saw variables.
No worries, there's a ton of things to have to remember when getting a new server setup :-) I was only suggesting that if you wanted a deeper explanation, you could peek in there.
Hrm, but upon closer inspection, it doesn't actually mention -r in there anymore.
I suspect Jamie since set it up to automatically add that in (as your line above suggests it once was), but I think something may have gone awry in all this troubleshooting :-)
Anyhow, that's neither here nor there -- with the -r, it should do the trick for you :-)
I have another topic I'm having trouble with, can you see private topics? If not, I can make it public.
Yup! I saw it... there's a bazillion forum posts and bug tracker issues this morning that I'm trying to get caught up on, but I'll work my way over to that here shortly :-)
Thanks!
-Eric
Seems this is solved.
The emails are looking like they're taking too much time to get out of the queue, but it doesn't seem related to the topic, so I'm marking this as solved if tomorrow brings no problems :)