Hello all,

I’m giving another go to Virtualmin 6 installer, and I can’t send emails.
I have a virtualmin 5 running on another box.

Here is what I did:

Installed Virtualmin 6 on a new server last friday, using the installer from virtualmin.com.
Installation was smooth, no problems.
After Virtualmin initial configuration, all services working, including ClamAV that was not working last time I tried.
I don’t use the default port for SMTP in postfix, so I changed the port 25 to 5525 on /etc/postfix/master.cf (5525 inet n – n – – smtpd)
After that I made a backup of a virtual server on the box that was installed with Virtualmin 5. (it also uses port 5525 for SMTP)
Restored the backup on the new server.
Configured an existing email account from backuped domain using Thunderbird pointing to old server. All Ok, I could read and send emails, no problem.
Than I changed the email account configuration to point to the new server. I could read all emails and folders, but I could not send emails. Thunderbird keeps asking to enter the password.

On the log I can see:
Sep 20 17:00:35 xxx.xxx.com.br saslauthd[773]: pam_unix(smtp:auth): check pass; user unknown
Sep 20 17:00:35 xxx.xxx.com.br saslauthd[773]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Sep 20 17:00:37 xxx.xxx.com.br saslauthd[773]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module
Sep 20 17:00:37 xxx.xxx.com.br saslauthd[773]: do_auth : auth failure: [user=contabilidade] [service=smtp] [realm=xxx.mg.gov.br] [mech=pam] [reason=PAM auth error]


After some failures , I’ve tried:
virtualmin config-system --include SASL

Also tried
[root@linux07 ~]# yum install cyrus-sasl-plain
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile

• base: ftp.unicamp.br
• epel: mirror.cedia.org.ec
• extras: ftp.unicamp.br
• updates: ftp.unicamp.br
  Package cyrus-sasl-plain-2.1.26-21.el7.x86_64 already installed and latest version
  Nothing to do
  

But it still does not work.

I’ve configured Roundcube on the new server, and it can send emails.
But Thunderbird and Postbox can’t send emails.

Please help,
Rogerio

Hello Eric,

You said to check the login, and it is right.

IMAP / POP3 / FTP login contabilidade@frutal.mg.gov.br

Sep 21 17:56:33 linux07.intercode.com.br saslauthd[771]: do_auth : auth failure: [user=contabilidade] [service=smtp] [realm=frutal.mg.gov.br] [mech=pam] [reason=PAM auth error]

The users were restored from another Virtualmin Server.

What else could I do?
Thanks

Check for the PAM in the control panel, there should be a section part to look and check, first you have to be sure that that part is working ok for your server.

Also mail and error logs on server !

Tried to give a new /refresh/reset pass on that new server for that users?

Firewall changed port also?

Checked with webmail to send from that new server yep roundcube then no errors in maillog en procmail log but you see the mail proccesed on that server?

You are also sure not connecting FTP / Mail to the old server?

And already everything pointing to new and checked with https://mxtoolbox.com/

MX mail ip for that domain is mailpmf.intercode.com.br 200.170.192.106

Domain frutal.mg.gov.br ip is 200.170.192.109

Hello Jfro,
I can see PAM Authentication on Webmim->System.
There I have configurations for lots of services… including smtp and smtp.postifx. I don’t know if the configurations are correct (I’ve never touched them).
How do I test if it is working?

I don’t have anything on mail logs, but saslauthd gives me:

It says PAM failed just now, it is another test to send an email I just did, with the account contabilidade@frutal.mg.gov.br.

On the log above, it says [service=smtp] … shouldn’t it be smtp.postfix?
It also says “check pass; user unknown” , but the account existis and the password is correct.

Thanks

Hello all,

I’ve new info. I know why the login does not work: on saslauthd logs I have:

Sep 20 17:00:37 xxx.xxx.com.br saslauthd[773]: do_auth : auth failure: [user=contabilidade] [service=smtp] [realm=xxx.mg.gov.br] [mech=pam] [reason=PAM auth error]

But user should be:

[user=contabilidade@xxx.mg.gov.br]

saslauthd is not concatenating the user and domain to log in.

I’ve tested wih testsaslauthd: without the admin part login fails. Including the domain part login works.

So how do I make saslauthd to concatenate the user and domain to login?

Thanks

You don’t. You give it the full username (which is in whatever format you configured). SASL/SMTP do not have any idea what domain you connected on…there’s nothing in the protocol to get the rest of the username from.

If you’ve chosen usernames in the format user@domain.tld, that’s exactly what you use to login to the mail server. If you look at the Edit Users page for the domain, there’s a field labeled IMAP/POP3/FTP login. That’s the username you use for all of those services. In the case of user@domain.tld format, you can also user user-domain.tld, because some services do not support @ in the username.

In a system with only one domain, there are options to work around that, but in a shared system, the only way to do it is to enter the full user name.

Usermin works around it by trying to add the domain in the URL…it can do that because HTTP does include the domain information. So, if you like webmail, you can login with just the username in Usermin, as long as the domain in the URL is the one in which the user exists.

Hello Joe,

But that’s exactly what I do. The domain I’m testing have been in use on other servers for years, along with another domains, using the format user@domain.tld.
I’ve correctly configured the mail client to use the full email as the username. I did that on Thunderbird (Windows), Mail (Windows), Mail (OSX) and Postbox (OSX). None of them work.
And in the log I get the error and the [user=] does not contain the domain.

On my main server, I’ve changed my password just to check the error message , and it does contain the domain on [user=].

So, on my new server installed with Installer V6, the domain part is being lost somewhere.

I did a little Googling and found out that saslauthd has a flag -r that does exactly that:
-r’ Combine the realm with the login (with an ‘@’ sign in between). e.g. login: “foo” realm: “bar” will get passed as login: “foo@bar”. Note that the realm will still be passed, which may lead to unexpected behavior.

On my /etc/sysconfig/saslauthd, I have a line like:

# Additional flags to pass to saslauthd on the command line. See saslauthd(8)

for the list of accepted flags.

FLAGS="-r"

But I thought maybe this flag is not being used…

What else can I do to solve this?

Thank you
Rogerio

What’s your distribution and version? Sounds kinda bug-like, though I haven’t heard any other reports about this problem.

Hello Joe, here’s the info:

I installed the CentOS 7.4 minimal install, then Virtualmin V6.

System hostname linux07.intercode.com.br (200.170.216.253)
Operating system CentOS Linux 7.4.1708
Webmin version 1.852
Usermin version 1.720
Virtualmin version 6.00
Theme version Authentic Theme 18.49-9
Firewall version ConfigServer Security & Firewall 10.25
Time on system Tuesday, October 3, 2017 5:16 PM
Kernel and CPU Linux 3.10.0-693.2.2.el7.x86_64 on x86_64
Processor information Intel® Xeon® CPU E31240 @ 3.30GHz, 8 cores
Drive temperatures sda: 38°C
sdb: 36°C
System uptime 18 days, 4 hours, 09 minutes
Running processes 215
CPU load averages 0.00 (1 min) 0.02 (5 mins) 0.05 (15 mins)
Real memory 14.87 GB total / 2.61 GB used
Virtual memory 7.57 GB total / 6.08 MB used
Local disk space 4.54 TB total / 4.24 TB free / 306.04 GB used

Thank you
Rogerio

When did you install? The minimal install for a couple of weeks did not include a lot of mail stuff. It’s been changed, at user request, but if you installed back then, you’ll need to do a few things to make it work. (Though it really seems like it has already been done. The -r flag is something we add, I think, so if you’ve got it, it probably means the SASL config plugin was run.)

Can you check your virtualmin-install.log for the word SASL, just to be sure?

It was installed on September 15th.

It seems the plugin was run on installation, and I even run “virtualmin config-system --include SASL” manually a few days later.

[root@linux07 ~]# cat virtualmin-install.log | grep SASL
[2017/09/15 12:40:08] [INFO] - Configuring SASL
[2017/09/20 16:39:44] [INFO] - Configuring SASL
[root@linux07 ~]#

Is there a way to fix it?

Thanks

saslauthd is clearly not being started with the -r option, so that’s what we need to fix. I’m confused why it wasn’t fixed by the installer (and I guess that’s something I need to double check we’re getting right).

On my systems:

Whereas yours has no -r. But, I see maybe you added the -r after your posted the status. Can you check again to seee what the status of saslauthd is to see if it has that flag?

Hi Joe,

No, it doesn’t have the -r flag:

[root@linux07 ~]# systemctl status saslauthd.service
● saslauthd.service - SASL authentication daemon.
Loaded: loaded (/usr/lib/systemd/system/saslauthd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2017-09-15 13:05:15 -03; 2 weeks 4 days ago
Main PID: 771 (saslauthd)
CGroup: /system.slice/saslauthd.service
├─771 /usr/sbin/saslauthd -m /run/saslauthd -a pam
├─772 /usr/sbin/saslauthd -m /run/saslauthd -a pam
├─773 /usr/sbin/saslauthd -m /run/saslauthd -a pam
├─774 /usr/sbin/saslauthd -m /run/saslauthd -a pam
└─775 /usr/sbin/saslauthd -m /run/saslauthd -a pam

Oct 03 21:41:30 linux07.intercode.com.br saslauthd[772]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authenti… module
Oct 03 21:41:30 linux07.intercode.com.br saslauthd[772]: do_auth : auth failure: [user=meioambiente] [service=smtp] [realm=frutal.mg… error]
Oct 03 22:07:18 linux07.intercode.com.br saslauthd[773]: pam_unix(smtp:auth): check pass; user unknown
Oct 03 22:07:18 linux07.intercode.com.br saslauthd[773]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Oct 03 22:07:20 linux07.intercode.com.br saslauthd[773]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authenti… module
Oct 03 22:07:20 linux07.intercode.com.br saslauthd[773]: do_auth : auth failure: [user=meioambiente] [service=smtp] [realm=frutal.mg… error]
Oct 03 22:33:09 linux07.intercode.com.br saslauthd[772]: pam_unix(smtp:auth): check pass; user unknown
Oct 03 22:33:09 linux07.intercode.com.br saslauthd[772]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Oct 03 22:33:11 linux07.intercode.com.br saslauthd[772]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authenti… module
Oct 03 22:33:11 linux07.intercode.com.br saslauthd[772]: do_auth : auth failure: [user=meioambiente] [service=smtp] [realm=frutal.mg… error]
Hint: Some lines were ellipsized, use -l to show in full.
[root@linux07 ~]#

Thanks

Hello Joe,

I have revisited this problem, and I have some news.
I’ve rechecked all the config files and to my surprise on the file /etc/sysconfig/saslauthd , the flags option was empty.
So I’ve manually added the “-r” option and now authentication works.

After that, I’ve run “virtualmin config-system --include SASL” again a couple of times to see if any problems arise, and for each run it included an additional -r to the flags option, like this “-r - r -r”. You may want to take a look at that.

I´ve manually removed the extra -r , leaving only one, and now it is working.

I´ll do some more tests and let you know if I have further problems.

Thanks
Rogerio