Now the error “SMTP Error (454): Authentication failed.” is gone from roundcube, instead I can see a “Message sent successfully” , but the email message does not reach its destination.
I’ll try to investigate in the email log… thanks a lot for your help"
Please give us the results of systemctl status saslauthd
root@host2:~# systemctl status saslauthd
● saslauthd.service - LSB: saslauthd startup script
Loaded: loaded (/etc/init.d/saslauthd; generated)
Active: active (running) since Fri 2024-06-14 17:20:02 CEST; 14min ago
Docs: man:systemd-sysv-generator(8)
Process: 109996 ExecStart=/etc/init.d/saslauthd start (code=exited, status=0/SUCCESS)
Tasks: 5 (limit: 4557)
Memory: 4.7M
CPU: 284ms
CGroup: /system.slice/saslauthd.service
├─110017 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
├─110027 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
├─110028 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
├─110029 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
└─110030 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
Jun 14 17:33:31 host2.idgrafica.com saslauthd[110030]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
Jun 14 17:33:31 host2.idgrafica.com saslauthd[110030]: : auth failure: [user=massmail@idgrafica.com] [service=smtp] [realm=idgrafica.com] [mech=pam] [reason=PAM auth error]
Jun 14 17:33:46 host2.idgrafica.com saslauthd[110017]: pam_unix(smtp:auth): check pass; user unknown
Jun 14 17:33:46 host2.idgrafica.com saslauthd[110017]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jun 14 17:33:47 host2.idgrafica.com saslauthd[110017]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
Jun 14 17:33:47 host2.idgrafica.com saslauthd[110017]: : auth failure: [user=logon@idgrafica.com] [service=smtp] [realm=idgrafica.com] [mech=pam] [reason=PAM auth error]
Jun 14 17:34:00 host2.idgrafica.com saslauthd[110027]: pam_unix(smtp:auth): check pass; user unknown
Jun 14 17:34:00 host2.idgrafica.com saslauthd[110027]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jun 14 17:34:02 host2.idgrafica.com saslauthd[110027]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
Jun 14 17:34:02 host2.idgrafica.com saslauthd[110027]: : auth failure: [user=ap3@idgrafica.com] [service=smtp] [realm=idgrafica.com] [mech=pam] [reason=PAM auth error]
root@host2:~#
Do any of these users belong to you?
no, they don’t exist
Ok than just bots getting failed, which tells us sasl is doing it’s thing.
As you mentioned above, check your mail.log to see what further happened to the mail you sent…
All the email i sent for test now
are in the “Mail Queue” I’ll try to force with postqueue -c /etc/postfix -f .
You need to check the mail.log and see why it ended up in queue.
From the logs, it appears that emails are being queued due to authentication failures
Jun 14 17:53:16 host2 postfix/smtpd[114016]: warning: unknown[79.110.62.14]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:53:16 host2 postfix/qmgr[113505]: 302DC9F5DF: removed
Jun 14 17:53:16 host2 postfix/local[119522]: 302DC9F5DF: to=<root@host2.idgrafica.com>, orig_to=<root>, relay=local, delay=0.56, delays=0.13/0/0/0.43, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Jun 14 17:53:16 host2 postfix/qmgr[113505]: 302DC9F5DF: from=<root@host2.idgrafica.com>, size=679, nrcpt=1 (queue active)
Jun 14 17:53:16 host2 opendkim[888]: 302DC9F5DF: DKIM-Signature field added (s=202306, d=host2.idgrafica.com)
Jun 14 17:53:16 host2 postfix/cleanup[119517]: 302DC9F5DF: message-id=<20240614155316.302DC9F5DF@host2.idgrafica.com>
Jun 14 17:53:16 host2 postfix/pickup[113504]: 302DC9F5DF: uid=0 from=<root>
Jun 14 17:53:14 host2 postfix/smtpd[114016]: connect from unknown[79.110.62.14]
Jun 14 17:53:12 host2 postfix/qmgr[113505]: 46D0D9F5DF: removed
Jun 14 17:53:12 host2 postfix/local[119522]: 46D0D9F5DF: to=<root@host2.idgrafica.com>, orig_to=<root>, relay=local, delay=0.4, delays=0.11/0/0/0.29, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Jun 14 17:53:12 host2 postfix/qmgr[113505]: 46D0D9F5DF: from=<root@host2.idgrafica.com>, size=1172, nrcpt=1 (queue active)
Jun 14 17:53:12 host2 opendkim[888]: 46D0D9F5DF: DKIM-Signature field added (s=202306, d=host2.idgrafica.com)
Jun 14 17:53:12 host2 postfix/cleanup[119517]: 46D0D9F5DF: message-id=<20240614155312.46D0D9F5DF@host2.idgrafica.com>
Jun 14 17:53:12 host2 postfix/pickup[113504]: 46D0D9F5DF: uid=0 from=<root>
Jun 14 17:53:12 host2 postfix/smtpd[113509]: connect from unknown[80.94.95.209]
Jun 14 17:53:04 host2 postfix/smtpd[114016]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:53:04 host2 postfix/smtpd[114016]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:52:59 host2 postfix/master[113503]: warning: /usr/lib/postfix/sbin/smtp: bad command startup -- throttling
Jun 14 17:52:59 host2 postfix/master[113503]: warning: process /usr/lib/postfix/sbin/smtp pid 119644 exit status 1
Jun 14 17:52:58 host2 postfix/smtp[119644]: fatal: specify a password table via the `smtp_sasl_password_maps' configuration parameter
Jun 14 17:52:57 host2 postfix/smtpd[114016]: connect from unknown[80.94.95.209]
Jun 14 17:52:49 host2 postfix/smtpd[113509]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:52:49 host2 postfix/smtpd[113509]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:52:42 host2 postfix/qmgr[113505]: 6CFA29F5DF: removed
Jun 14 17:52:42 host2 postfix/local[119522]: 6CFA29F5DF: to=<root@host2.idgrafica.com>, orig_to=<root>, relay=local, delay=0.46, delays=0.18/0.01/0/0.27, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Jun 14 17:52:42 host2 postfix/qmgr[113505]: 6CFA29F5DF: from=<root@host2.idgrafica.com>, size=1157, nrcpt=1 (queue active)
Jun 14 17:52:42 host2 opendkim[888]: 6CFA29F5DF: DKIM-Signature field added (s=202306, d=host2.idgrafica.com)
Jun 14 17:52:42 host2 postfix/cleanup[119517]: 6CFA29F5DF: message-id=<20240614155242.6CFA29F5DF@host2.idgrafica.com>
Jun 14 17:52:42 host2 postfix/pickup[113504]: 6CFA29F5DF: uid=0 from=<root>
Jun 14 17:52:42 host2 postfix/smtpd[113509]: connect from unknown[80.94.95.209]
Jun 14 17:52:35 host2 postfix/smtpd[114016]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:52:34 host2 postfix/smtpd[114016]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:52:27 host2 postfix/smtpd[114016]: connect from unknown[80.94.95.209]
Jun 14 17:52:20 host2 postfix/smtpd[113509]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:52:20 host2 postfix/smtpd[113509]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:52:12 host2 postfix/smtpd[113509]: connect from unknown[80.94.95.209]
Jun 14 17:52:03 host2 postfix/smtpd[114016]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:52:03 host2 postfix/smtpd[114016]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:51:58 host2 postfix/master[113503]: warning: /usr/lib/postfix/sbin/smtp: bad command startup -- throttling
Jun 14 17:51:58 host2 postfix/master[113503]: warning: process /usr/lib/postfix/sbin/smtp pid 119447 exit status 1
Jun 14 17:51:57 host2 postfix/smtpd[114016]: connect from unknown[80.94.95.209]
Jun 14 17:51:57 host2 postfix/smtp[119447]: fatal: specify a password table via the `smtp_sasl_password_maps' configuration parameter
Jun 14 17:51:49 host2 postfix/smtpd[113509]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:51:48 host2 postfix/smtpd[113509]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:51:42 host2 postfix/smtpd[113509]: connect from unknown[80.94.95.209]
Jun 14 17:51:37 host2 postfix/smtpd[114016]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:51:36 host2 postfix/smtpd[114016]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:51:27 host2 postfix/smtpd[114016]: connect from unknown[80.94.95.209]
Jun 14 17:51:18 host2 postfix/smtpd[113509]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:51:18 host2 postfix/smtpd[113509]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:51:12 host2 postfix/smtpd[113509]: connect from unknown[80.94.95.209]
Jun 14 17:51:04 host2 postfix/smtpd[114016]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:51:04 host2 postfix/smtpd[114016]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:50:57 host2 postfix/master[113503]: warning: /usr/lib/postfix/sbin/smtp: bad command startup -- throttling
Jun 14 17:50:57 host2 postfix/master[113503]: warning: process /usr/lib/postfix/sbin/smtp pid 119133 exit status 1
Jun 14 17:50:57 host2 postfix/smtpd[114016]: connect from unknown[80.94.95.209]
Jun 14 17:50:56 host2 postfix/smtp[119133]: fatal: specify a password table via the `smtp_sasl_password_maps' configuration parameter
Jun 14 17:50:50 host2 postfix/smtpd[113509]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:50:50 host2 postfix/smtpd[113509]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:50:42 host2 postfix/smtpd[113509]: connect from unknown[80.94.95.209]
Jun 14 17:50:40 host2 dovecot: pop3(alessio@easymixology.it)<119023><7kLQk9sajLjRVd0J>: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jun 14 17:50:40 host2 dovecot: pop3-login: Login: user=<alessio@easymixology.it>, method=PLAIN, rip=209.85.221.9, lip=80.211.123.244, mpid=119023, TLS, session=<7kLQk9sajLjRVd0J>
Jun 14 17:50:34 host2 postfix/smtpd[114016]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:50:33 host2 postfix/smtpd[114016]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:50:27 host2 postfix/smtpd[114016]: connect from unknown[80.94.95.209]
Jun 14 17:50:18 host2 postfix/smtpd[113509]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:50:17 host2 postfix/smtpd[113509]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:50:12 host2 postfix/smtpd[113509]: connect from unknown[80.94.95.209]
Jun 14 17:50:04 host2 postfix/smtpd[114016]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:50:04 host2 postfix/smtpd[114016]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:49:57 host2 postfix/smtpd[114016]: connect from unknown[80.94.95.209]
Jun 14 17:49:56 host2 postfix/master[113503]: warning: /usr/lib/postfix/sbin/smtp: bad command startup -- throttling
Jun 14 17:49:56 host2 postfix/master[113503]: warning: process /usr/lib/postfix/sbin/smtp pid 118892 exit status 1
Jun 14 17:49:56 host2 postfix/smtpd[113509]: disconnect from unknown[178.215.236.34] ehlo=1 auth=0/1 quit=1 commands=2/3
Jun 14 17:49:56 host2 postfix/smtpd[113509]: warning: unknown[178.215.236.34]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:49:55 host2 postfix/smtp[118892]: fatal: specify a password table via the `smtp_sasl_password_maps' configuration parameter
Jun 14 17:49:53 host2 postfix/smtpd[113509]: connect from unknown[178.215.236.34]
Jun 14 17:49:48 host2 postfix/smtpd[114016]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:49:48 host2 postfix/smtpd[114016]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:49:42 host2 postfix/smtpd[114016]: connect from unknown[80.94.95.209]
Jun 14 17:49:37 host2 postfix/smtpd[113509]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:49:35 host2 postfix/smtpd[113509]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:49:26 host2 postfix/smtpd[113509]: connect from unknown[80.94.95.209]
Jun 14 17:49:18 host2 postfix/smtpd[114016]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:49:17 host2 postfix/smtpd[114016]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:49:12 host2 postfix/smtpd[114016]: connect from unknown[80.94.95.209]
Jun 14 17:49:03 host2 postfix/smtpd[113509]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:49:02 host2 postfix/smtpd[113509]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:48:57 host2 postfix/smtpd[113509]: connect from unknown[80.94.95.209]
Jun 14 17:48:55 host2 postfix/master[113503]: warning: /usr/lib/postfix/sbin/smtp: bad command startup -- throttling
Jun 14 17:48:55 host2 postfix/master[113503]: warning: process /usr/lib/postfix/sbin/smtp pid 118457 exit status 1
Jun 14 17:48:54 host2 postfix/smtp[118457]: fatal: specify a password table via the `smtp_sasl_password_maps' configuration parameter
Jun 14 17:48:49 host2 postfix/smtpd[114016]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:48:49 host2 postfix/smtpd[114016]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:48:42 host2 postfix/smtpd[114016]: connect from unknown[80.94.95.209]
Jun 14 17:48:34 host2 postfix/smtpd[113509]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:48:33 host2 postfix/smtpd[113509]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Jun 14 17:48:27 host2 postfix/smtpd[113509]: connect from unknown[80.94.95.209]
Jun 14 17:48:19 host2 postfix/smtpd[114016]: disconnect from unknown[80.94.95.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 14 17:48:18 host2 postfix/smtpd[114016]: warning: unknown[80.94.95.209]: SASL LOGIN authentication failed: authentication failure
Are you sure you have sasl enabled for postfix?
Look at the config for /etc/postfix/main.cf
See if you have this line:
smtpd_sasl_auth_enable = yes
It look enabled:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = host2.idgrafica.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, host2.idgrafica.com, localhost.idgrafica.com, , localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
sender_dependent_default_transport_maps = hash:/etc/postfix/dependent
home_mailbox = Maildir/
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtp_dns_support_level = dnssec
smtp_host_lookup = dns
allow_percent_hack = no
resolve_dequoted_address = no
tls_server_sni_maps = hash:/etc/postfix/sni_map
milter_default_action = accept
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
debug_peer_list = pointnet.it
smtp_sasl_auth_enable = yes
smtpd_sasl_auth_enable = yes
If your system has /var/log/mail.info, in a terminal, I’d do
tail -f /var/log/mail.info
Then force delivery of an email in the queue.
CTRL C to stop once you have output. That gives you a small segment of log to search.
If you have journalctl. Well,
Looks good,
I don’t see any actual log you just showed us about any email being sent out from you server. Just boggus IPs trying to log in and getting failed…
You need to look further deeper in your logs for steps your email was taking before ending up in queue…
Remove this line and reload postfix… May be the culprit?
root@main:/etc/postfix# grep -i sasl main.cf
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
permit_sasl_authenticatedIt is not the correct configuration for saslauthd with virtual users (as Virtualmin creates/manages).
I’m doing some further testing, but, But after removing smtp_sasl_auth_enable = yes it seems resolved; the queue is clear.
Thank you very much, everyone!
The question is how was all this misconfiguration added to your installation? You say it has worked for ages then stopped, which indicates the configuration was changed by someone. It maybe worth doing a security review on your server if you didn’t make those changes somebody else did
I don’t know why it’s common, but it is common, for folks to uninstall stuff and then reinstall it as a way to try to fix problems…that could possibly explain the saslauthd config file problem. I’m not sure about the Postfix config problem, as smtp_sasl_auth_enable is not on by default and it is not configured by the Virtualmin installer, so there is no automated method I know of for it to be enabled. So, that one seems to have been an intentional change by someone.
Yes, it also occurred to me that the VPS might have been compromised. Last night, I started transferring the sites to another VPS, and I think I will delete this one. Thanks to everyone for the help and suggestions you have given me.