Mail server running but impossible to connect to it!

Hi

I’m in process to setup a new virtualmin to replace an old existing one. The old one is running Virtualmin 7.7 Pro on Ubuntu 20 and new one Virtualmin 7.20.2 Pro on Debian 12.
Both are setup with Postfix, Dovecot, Procmail and Spamassassin.
I have compared settings of old and new server and they are identical. Also the new server passes the Virtualmin check without errors or warnings.
When I telnet old server on smtp port I get the welcome banner of ESMTP Postfix. On new server it connect but no banner and whatever SMTP commands I try nothing happens.
What should I check ?
If I look for postfix in system logs it’s filled with that:

Nov 29 06:16:26 nameofmyserver postfix/master[632296]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup – throttling
Nov 29 06:16:26 nameofmyserver postfix/master[632296]: warning: process /usr/lib/postfix/sbin/smtpd pid 1601487 exit status 1

I did the test as suggested in Virtualmin doc but I get a strange error:

testsaslauthd -u info -p mypass -s imap
connect() : No such file or directory

All indications I could find on Internet about that problem didn’t fix it :frowning:

Thanks

Vincèn

Have you tried what is described in this thread?

Thanks for the link but not better, clearly communication between dovecot and saslauth is not working:
Connect to Dovecot auth socket 'private/auth' failed: No such file or directory
and postfix has still same error when starting :frowning:

Dovecot does not authenticate via saslauthd, unless you have altered the configuration. That is an unrelated issue. (And, to be more clear, private/auth is not saslauthd.)

Thanks for clarification as I had read that dovecot and sasl might be linked. I’m then at lost on what to do or check to fix that problem of mail server not working :frowning:
Should I delete/reinstall postfix ?

Why ? The error will be in some configuration file and not the binaries, so you may find that on delete/reinstall the configuration files are still there. It would be better to find out what is wrong rather than applying the ‘Microsoft user’ silver bullet by wasting time reinstalling

This is always a terrible instinct. It can only ever break things further.

And, even worse, in this case, it’s not even a problem with Postfix! saslauthd is not in the postfix package. saslauthd is in its own package. But, you shouldn’t go deleting that either.

Is saslauthd running? If it isn’t, why isn’t it? Look at the status of the service, and look at the journal entries for that unit while you try to restart it for clues about why it isn’t running.

If it is running…I dunno. I can’t imagine you’d have the errors you have is saslauthd is running.

Yeah sorry I should have been more precise and was thinking to reinitialise config files of these programs and rerun the virtualmin check ??

according at both Virtualmin → Dasbboard and systems service it’s well running. It doesn’t report anything suspect when it starts:

● saslauthd.service - LSB: saslauthd startup script
     Loaded: loaded (/etc/init.d/saslauthd; generated)
     Active: active (running) since Fri 2024-11-29 17:52:51 CET; 6 days ago
       Docs: man:systemd-sysv-generator(8)
      Tasks: 5 (limit: 76913)
     Memory: 1.9M
        CPU: 52ms
     CGroup: /system.slice/saslauthd.service
             ├─1948938 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -r -n 5
             ├─1948939 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -r -n 5
             ├─1948940 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -r -n 5
             ├─1948941 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -r -n 5
             └─1948942 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -r -n 5

Notice: journal has been rotated since unit was started, output may be incomplete.

but when I restart it it’s lot less nice :frowning:

● saslauthd.service - LSB: saslauthd startup script
     Loaded: loaded (/etc/init.d/saslauthd; generated)
     Active: active (running) since Fri 2024-12-06 15:46:33 CET; 5s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 4021837 ExecStart=/etc/init.d/saslauthd start (code=exited, status=0/SUCCESS)
      Tasks: 5 (limit: 76913)
     Memory: 3.3M
        CPU: 50ms
     CGroup: /system.slice/saslauthd.service
             ├─4021860 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -r -n 5
             ├─4021861 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -r -n 5
             ├─4021862 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -r -n 5
             ├─4021863 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -r -n 5
             └─4021864 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -r -n 5

Dec 06 15:46:32 pro-5.domedia.net systemd[1]: Starting saslauthd.service - LSB: saslauthd startup script...
Dec 06 15:46:32 pro-5.domedia.net saslauthd[4021837]: /etc/init.d/saslauthd: 65: /etc/default/saslauthd: -m: not found
Dec 06 15:46:32 pro-5.domedia.net saslauthd[4021845]: /etc/init.d/saslauthd: 66: /etc/default/saslauthd: /var/run/saslauthd: Permission denied
Dec 06 15:46:33 pro-5.domedia.net saslauthd[4021860]:                 : master pid is: 4021860
Dec 06 15:46:33 pro-5.domedia.net saslauthd[4021860]:                 : listening on socket: /var/run/saslauthd/mux
Dec 06 15:46:33 pro-5.domedia.net systemd[1]: Started saslauthd.service - LSB: saslauthd startup script.
Dec 06 15:46:33 pro-5.domedia.net saslauthd[4021837]: Starting SASL Authentication Daemon: saslauthd.

I’ll have a look at it during the weekend to find out the issue but I think it’s linked at some modifications i did to try to fix the problem :see_no_evil:

So, what’d you change?

And, what’s in /etc/default/saslauthd?

I wonder if Debian 12 needs the same tweaks that Ubuntu 24 needed. @Ilia you made this change, but it’s specific to Ubuntu…is Debian 12 not doing the same thing? Ubuntu and Debian tend to follow each other on stuff like this.

The correct and default saslauthd socket directory for Debian 12 is /var/spool/postfix/var/run/saslauthd, not /var/run/saslauthd as OP reported. Unless something has changed recently, which I highly doubt.

1 Like

So I rolled back all my modifications and restarted services but it’s still not working properly for postfix.

here it is:

#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#

# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"

# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Example for non-chroot Postfix users: "-c -m /var/run/saslauthd"
#
# To know if your Postfix is running chroot, check /etc/postfix/master.cf.
# If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd"
# then your Postfix is running in a chroot.
# If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT
# running in a chroot.
#OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
START=yes
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"

It’s what I have now back in config :slight_smile: and looks to start properly:

● saslauthd.service - LSB: saslauthd startup script
     Loaded: loaded (/etc/init.d/saslauthd; generated)
     Active: active (running) since Sun 2024-12-08 20:20:13 CET; 4s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 2581652 ExecStart=/etc/init.d/saslauthd start (code=exited, status=0/SUCCESS)
      Tasks: 5 (limit: 76913)
     Memory: 3.1M
        CPU: 52ms
     CGroup: /system.slice/saslauthd.service
             ├─2581673 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
             ├─2581674 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
             ├─2581675 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
             ├─2581676 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
             └─2581677 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5

Dec 08 20:20:13 pro-5.domedia.net systemd[1]: Starting saslauthd.service - LSB: saslauthd startup script...
Dec 08 20:20:13 pro-5.domedia.net saslauthd[2581673]:                 : master pid is: 2581673
Dec 08 20:20:13 pro-5.domedia.net saslauthd[2581673]:                 : listening on socket: /var/spool/postfix/var/run/saslauthd/mux
Dec 08 20:20:13 pro-5.domedia.net saslauthd[2581652]: Starting SASL Authentication Daemon: saslauthd.
Dec 08 20:20:13 pro-5.domedia.net systemd[1]: Started saslauthd.service - LSB: saslauthd startup script.

but postfix still has an issue:

Dec 08 20:20:44 XXXXXXXX postfix/master[895371]: warning: process /usr/lib/postfix/sbin/smtpd pid 2581814 exit status 1
Dec 08 20:20:44 XXXXXXXX postfix/master[895371]: warning: process /usr/lib/postfix/sbin/smtpd pid 2581813 exit status 1
Dec 08 20:20:44 XXXXXXXX postfix/master[895371]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
Dec 08 20:20:44 XXXXXXXX postfix/master[895371]: warning: process /usr/lib/postfix/sbin/smtpd pid 2581811 exit status 1
Dec 08 20:20:13 XXXXXXXX saslauthd[2581673]:                 : listening on socket: /var/spool/postfix/var/run/saslauthd/mux

I think you may have accidentally misedited your /etc/postfix/master.cf file. Here’s what the default master.cf config file looks like for me on Debian 12:

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
smtp	   inet	 n	     -	     y	     -	     -	     smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=may
#smtp      inet  n       -       y       -       1       postscreen
#smtpd     pass  -       -       y       -       -       smtpd
#dnsblog   unix  -       -       y       -       0       dnsblog
#tlsproxy  unix  -       -       y       -       0       tlsproxy
# Choose one: enable submission for loopback clients only, or for any client.
#127.0.0.1:submission inet n -   y       -       -       smtpd
#submission inet n       -       y       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_tls_auth_only=yes
#  -o smtpd_reject_unlisted_recipient=no
#     Instead of specifying complex smtpd_<xxx>_restrictions here,
#     specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
#     here, and specify mua_<xxx>_restrictions in main.cf (where
#     "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
#  -o smtpd_client_restrictions=
#  -o smtpd_helo_restrictions=
#  -o smtpd_sender_restrictions=
#  -o smtpd_relay_restrictions=
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
# Choose one: enable submissions for loopback clients only, or for any client.
#127.0.0.1:submissions inet n  -       y       -       -       smtpd
#submissions     inet  n       -       y       -       -       smtpd
#  -o syslog_name=postfix/submissions
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#     Instead of specifying complex smtpd_<xxx>_restrictions here,
#     specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
#     here, and specify mua_<xxx>_restrictions in main.cf (where
#     "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
#  -o smtpd_client_restrictions=
#  -o smtpd_helo_restrictions=
#  -o smtpd_sender_restrictions=
#  -o smtpd_relay_restrictions=
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       y       -       -       qmqpd
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
        -o syslog_name=postfix/$service_name
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
submission	inet	n	-	y	-	-	smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=may
smtps	inet	n	-	y	-	-	smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=may -o smtpd_tls_wrappermode=yes

Thanks @Ilia so I changed my master.cf by your version but still the same plus an issue with Dovecot now :frowning:

Dec 09 11:21:51 XXXXX postfix/master[3359806]: warning: process /usr/lib/postfix/sbin/smtpd pid 3361679 exit status 1
Dec 09 11:21:51 XXXXX postfix/master[3359806]: warning: process /usr/lib/postfix/sbin/smtpd pid 3361680 exit status 1
Dec 09 11:21:51 XXXXX postfix/master[3359806]: warning: process /usr/lib/postfix/sbin/smtpd pid 3361681 exit status 1
Dec 09 11:21:51 XXXXX postfix/smtpd[3361701]: connect from unknown[87.120.93.11]
Dec 09 11:21:51 XXXXX postfix/smtpd[3361701]: warning: SASL: Connect to Dovecot auth socket 'private/auth' failed: No such file or directory
Dec 09 11:21:51 XXXXX postfix/smtpd[3361701]: fatal: no SASL authentication mechanisms

something else I should check ?

Does your /etc/postfix/main.cf config file have the smtpd_sasl_auth_enable option set to yes. Also, is the saslauthd service running, and has it been restarted?

yes for the option in main.cf and yes also for services restarted (sasl, postfix et dovecot). Logs still quite the same but when an incoming smtp connection shows up it gives a different error:

Dec 09 18:38:13 xxxxxxxxx postfix/smtpd[3787415]: warning: xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms
Dec 09 18:38:13 xxxxxxxxx postfix/smtpd[3787415]: fatal: no SASL authentication mechanisms
Dec 09 18:38:13 xxxxxxxxx postfix/master[3717160]: warning: process /usr/lib/postfix/sbin/smtpd pid 3787357 exit status 1
Dec 09 18:38:13 xxxxxxxxx postfix/master[3717160]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
Dec 09 18:38:13 xxxxxxxxx postfix/master[3717160]: warning: process /usr/lib/postfix/sbin/smtpd pid 3787359 exit status 1
Dec 09 18:38:13 xxxxxxxxx postfix/master[3717160]: warning: process /usr/lib/postfix/sbin/smtpd pid 3787360 exit status 1
Dec 09 18:38:13 xxxxxxxxx postfix/master[3717160]: warning: process /usr/lib/postfix/sbin/smtpd pid 3787364 exit status 1

I think you should contact the server administrator and ask them about the changes they recently made and why.

All this seems quite diverge from the default Virtualmin configuration for Postfix.

Well I’m the server administrator and I’m trying to understand what happens there. Is there a way I could reinitialise postfix/sasl/dovecot config files ? would be perhaps the best solution no ?
on install a Debian 12 in a VM and check differences of config files once installed Virtualmin in it ?

maybe this will be of use

http://www.postfix.org/SASL_README.html

1 Like

Thanks @shoulders for the link, after quite a few trial and errors I succeeded to get the whole thing nearly fully working. The server accepts incoming emails properly and able to send emails outside properly. If I use roundcube on the same server I can login in a maibolx and send/receive emails without any problems.
Only remaining issue is login with regular email apps. Each time I try to log with KMail to send an email through smtp or check Inbox through IMAP, it fails.
All I get in logs is:
warning: unknown[XXXXXXX]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=xxxxxx
Is it an issue with sasl config or other stuffs to check ?

Thanks

Vincèn

Found out the issue. I deactivated the forced option to disallow credentials in clear in Dovecot. I enforce SSL connection for smtp and imap/pop3 so I guess it’s safe right ?