Beautiful good day,
First of all, let me say this:
I have been using Webmin/Virtualmin/Usermin for many years and have always been very satisfied with it.
If we ever had a problem, we’d just quickly Google it and fix it right away.
This time, however, things are a bit different.
I recently upgraded from Debian 12 to Debian 13.
As always, I backed up all my data beforehand using Virtualmin’s Backup and Restore > Virtual Server Backup and then downloaded it.
After that, I wiped the server and reinstalled it with Debian 13 in a minimal configuration.
Then I installed VirtualMin by downloading and running the virtualmin-install.sh script.
After successful installation, I restored my data using Virtualmin Backup and Restore > Restore Virtual Servers.
That worked perfectly, and everything was fine.
However, I’ve now discovered that there’s a problem.
The error occurs when I try to send emails using, for example, Outlook.
I always get a message saying that the username or password is incorrect for the SMTP connection.
However, these are the same credentials I use for IMAP, and they work fine there.
Sending and receiving emails works perfectly fine in Usermin, but not through apps like Outlook or Android Mail.
After trying many things, I’ve decided to ask for help here in the forum, as I’m currently stuck.
The command systemctl status postfix always displays errors like:
Feb 05 12:05:21 holdenxxxx.startdedicated.de postfix/smtpd[1712803]: sql_select option missing
Feb 05 12:05:21 holdenxxxx.startdedicated.de postfix/smtpd[1712803]: auxpropfunc error no mechanism available
Feb 05 12:05:21 holdenxxxx.startdedicated.de postfix/smtpd[1712803]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
....
Feb 05 12:07:08 holdenxxxx.startdedicated.de postfix/smtpd[1714067]: NTLM server step 1
Feb 05 12:07:08 holdenxxxx.startdedicated.de postfix/smtpd[1714067]: client flags: ffff8207
Feb 05 12:07:08 holdenxxxx.startdedicated.de postfix/smtpd[1714067]: NTLM server step 2
Feb 05 12:07:08 holdenxxxx.startdedicated.de postfix/smtpd[1714067]: client user: marcel.v16
Feb 05 12:07:08 holdenxxxx.startdedicated.de postfix/smtpd[1714067]: warning: xxxxxxxxxx.dynamic.kabel-deutschland.de[31.16.xxx.xxx]: SASL NTLM authentication failed: authentication failure, sasl_username=marcel.xxx
Feb 05 12:07:08 holdenxxxx.startdedicated.de postfix/smtpd[1714067]: warning: SASL authentication failure: unable to canonify user and get auxprops
Feb 05 12:07:08 holdenxxxx.startdedicated.de postfix/smtpd[1714067]: warning: xxxxxxxxxx.dynamic.kabel-deutschland.de[31.16.xxx.xxx]: SASL DIGEST-MD5 authentication failed: authentication failure, sasl_username=marcel.xxx
Feb 05 12:07:08 holdenxxxx.startdedicated.de postfix/smtpd[1714067]: warning: xxxxxxxxxx.dynamic.kabel-deutschland.de[31.16.xxx.xxx]: SASL LOGIN authentication failed: authentication failure, sasl_username=marcel.xxx
The /etc/postfix/main.cf file contains:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = holdenxxxx.startdedicated.de
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = holdenxxxx.startdedicated.de, localhost.holdenxxxx.startdedicated.de, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
allow_percent_hack = no
smtpd_sasl_authenticated_header = yes
smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem
smtpd_tls_mandatory_ciphers = high
smtpd_tls_security_level = may
smtp_tls_security_level = dane
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
mynetworks_style = subnet
smtp_dns_support_level = dnssec
smtp_host_lookup = dns
tls_server_sni_maps = hash:/etc/postfix/sni_map
sender_dependent_default_transport_maps = hash:/etc/postfix/sender_dependent_default_transport_maps
message_size_limit = 512000000
smtpd_relay_restrictions = ${{$compatibility_level} <level {1} ? {} : {permit_mynetworks permit_sasl_authenticated defer_unauth_destination}}
inet_interfaces = all
resolve_dequoted_address = no
The /etc/postfix/master.cf file contains:
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=may
#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
submission inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes
The /etc/default/saslauthd file contains:
#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian.gz for details.
#
# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"
# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"
# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"
# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""
# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5
# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Example for non-chroot Postfix users: "-c -m /var/run/saslauthd"
#
# To know if your Postfix is running chroot, check /etc/postfix/master.cf.
# If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd"
# then your Postfix is running in a chroot.
# If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT
# running in a chroot.
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
START=yes
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
My System:
|SYSTEM INFORMATION | |
|---|---|
| System-Hostname | holdenxxxx.startdedicated.de (62.138.xxx.xxx) |
| Betriebssystem | Debian Linux 13 |
| Authentic Theme-Version | 26.22 |
| Systemzeit | Donnerstag, 5. Februar 2026 12:29 |
| Kernel und CPU | Linux 6.12.63+deb13-amd64 auf x86_64 |
| Prozessorinformationen | Intel(R) Xeon(R) CPU E3-1280 v6 @ 3.90GHz, 8 Kerne |
| CPU-Temperaturen | Kern 1: 35 °C Kern 2: 36 °C Kern 3: 34 °C Kern 4: 35 °C |
| Festplatten-Temperaturen | sda: 34 °C sdb: 35 °C |
| Systemlaufzeit | 1 Tage, 17 Stunden, 43 Minuten |
| Laufende Prozesse | 307 |
| CPU-Auslastung (Durchschnittswerte) | 1.30 (1 Min) 0.98 (5 Min) 0.90 (15 Min) |
| Physischer Arbeitsspeicher | 6.64 GiB verwendet / 25.63 GiB zwischengespeichert / 62.75 GiB gesamt |
| Virtueller Speicher | 0 Byte verwendet / 7.62 GiB gesamt |
| Lokaler Speicherplatz | 720.26 GiB verwendet / 4.7 TiB frei / 5.4 TiB gesamt |
| Paketaktualisierungen | Alle installierten Pakete sind aktuell |
|SOFTWARE VERSIONS | |
|---|---|
| Webmin-Version | 2.621 |
| Usermin-Version | 2.521 |
| Virtualmin-Version | 8.0.0 GPL |
| Perl-Version | 5.040001 |
| Pfad zu Perl | /usr/bin/perl |
| Python-Version | 3.13.5 |
| Pfad zu Python | /bin/python3.13 |
| BIND-Version | 9.20.18 |
| Postfix-Version | 3.10.5 |
| Mail-Injektionsbefehl | /usr/lib/sendmail -t |
| Apache-Version | 2.4.66 |
| PHP-Versionen | 5.6.40, 7.0.33, 7.1.33, 7.2.34, 7.3.33, 7.4.33, 8.0.30, 8.1.34, 8.2.30, 8.3.30, 8.4.17, 8.5.2 |
| Webalizer-Version | 2.23-08 |
| Logrotate-Version | 3.22.0 |
| MariaDB-Version | 11.8.3 |
| PostgreSQL-Version | 17.7 |
| ProFTPD-Version | 1.38 |
| SpamAssassin-Version | 4.0.1 |
| ClamAV-Version | 1.4.3 |
|VIRTUALMIN COUNTS | |
|---|---|
| Virtuelle Server | 21 |
| DNS-Domains | 21 |
| Virtuelle Webseiten | 15 |
| SSL-Webseiten | 10 |
| Mail-Domains | 6 |
| Datenbanken | 13 |
| Mail/FTP-Benutzer:innen | 52 |
| Mail-Aliasnamen | 28 |
I’d really rather not have to rebuild the server, as uploading the backup alone takes over 50 hours due to my very slow internet connection.
It would be great if someone could help me with this.
Many thanks,
Marcel