Can't send emails : SMTP Error (454): Authentication failed

Virtualmin
1
SYSTEM INFORMATION
OS type and version Ubuntu Linux 22.04.4
Webmin version 2.111
Virtualmin version 7.10.0

Hi, since this morning I can only receive emails, I cannot send them. If I go to Roundcube and try to send an email, I get a message like “SMTP Error (454): Authentication failed.” In the log, I have this error:


Jun 14 11:03:29 host2 postfix/smtpd[54156]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: generic failure
Jun 14 11:03:29 host2 postfix/smtpd[54156]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

I tried to restart the vps , but the error persist.

Can you please help?

2

There is this message in the Virtualmin forum:

3

Hi,

I tried the commands you suggested, however, the directory /var/spool/postfix/var/run/saslauthd remains empty. I’ve attempted restarting the saslauthd service several times with no success. Do you have any other ideas or suggestions I could try?

Thank you for your help!

Best regards,

4

what is the output from
systemctl status saslauthd
?
you should see something like

image
image1088×237 31.4 KB

5

I see active ( exited) status

root@host2:~# systemctl status saslauthd
● saslauthd.service - LSB: saslauthd startup script
     Loaded: loaded (/etc/init.d/saslauthd; generated)
     Active: active (exited) since Fri 2024-06-14 12:01:41 CEST; 50min ago
       Docs: man:systemd-sysv-generator(8)
        CPU: 9ms

Jun 14 12:01:41 host2.idgrafica.com systemd[1]: Starting LSB: saslauthd startup script...
Jun 14 12:01:41 host2.idgrafica.com saslauthd[70234]:  * To enable saslauthd, edit /etc/default/saslauthd and set START=yes
Jun 14 12:01:41 host2.idgrafica.com systemd[1]: Started LSB: saslauthd startup script.
root@host2:~#

P.S. here is my /etc/default/saslauthd

#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#

# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"

# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Example for non-chroot Postfix users: "-c -m /var/run/saslauthd"
#
# To know if your Postfix is running chroot, check /etc/postfix/master.cf.
# If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd"
# then your Postfix is running in a chroot.
# If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT
# running in a chroot.
OPTIONS="-c -m /var/run/saslauthd"
START=yes
6

mine looks like this

# running in a chroot.
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"

yours looks like this

There is a difference there, perhaps look in /var/run/saslauthd and see if the socket is there, have you altered anything in postfix’s configuration recently or had some updates ?

7

my /var/spool/postfix/var/run/saslauthd is empty
instead in /var/run/saslauthd there are this files

root@host2:/var/run/saslauthd# ls -l
total 968
-rw------- 1 root root      0 Jun 14 12:25 cache.flock
-rw------- 1 root root 986112 Jun 14 12:25 cache.mmap
srwxrwxrwx 1 root root      0 Jun 14 12:25 mux
-rw------- 1 root root      0 Jun 14 12:25 mux.accept
-rw------- 1 root root      6 Jun 14 12:25 saslauthd.pid
root@host2:/var/run/saslauthd#
8

So change your config file to the correct value and restart saslauthd

1 Like
9

Sorry I don’t understand, in my my /etc/default/saslauthd i have:
OPTIONS=“-c -m /var/run/saslauthd”
START=yes

is it the correct value?

10

Did you install sasl manually? or did you let Virtualmin do this for you?
The path should be leading from /var/spool/postfix

But, if this setup had worked in the past and just stopped working? What changes have you made to your server?

Edit: The path should be /var/spool/postfix/var/run/saslauthd in order for postfix to see it in a chroot environment… I believe that Virtualmin install sets it up this way. I am sure someone will correct me if I am wrong.

11

Assuming postfix is chroot. Hence i asked if any changes to postfix were made but yep as i said earlier edit the config file to reflect the correct path and restart the service

1 Like
12

Yep, I had to double check myself…

13

I would guess look at the settings from my configuration they are totally different to yours

14

I installed Ubuntu on the VPS and after that, I installed Virtualmin. I let Virtualmin do everything. It has worked for months."

I do regular updates, but i didn’t change anithing…

15

Well you can easily tell if your postfix is chrooted or not just by looking at your /etc/postfix/master.cf

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================

If you have a y or n for chroot (y means yes)
Look at the first 2 lines for smtp and smtpd and see if they have a y in the chroot column

If you have an n in that column than your path is correct. If you have a y? you will need to change the path in /etc/default/saslauthd to

OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
START=yes
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"

Restart saslauthd and postfix

It should create the directory and run from there…

16

Here is my /etc/postfix/master.cf

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================

It looks like my path is correct

17

Sorry, look for this line: start with smpt and smtpd and check the column for n or y

I was using the above for reference on what column to look at on the config lines for connection.

smtp      inet  n       -       y  
way down check submission as well
submission	inet	n	-	y	-	-	smtpd

I can’t reference my config because I have a custom setup, but it would be the 3rd column after inet

Some default settings may even have a dash ( - ) instead of n

18 
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
smtp    inet    n       -       y       -       -       smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=may

Ok I found it, I try to change my /etc/default/saslauthd with:

OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
START=yes
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
19

Yep that’s it!.. Don’t forget to restart both saslauthd and postfix after changing the path.

Please give us the results of systemctl status saslauthd

1 Like
20

Thank god for that :wink: