I recently migrated a small LEMP setup to a new VPS from ubuntu 22.04 to rocky linux 9. Everything went relatively smoothly but I am getting hard times to make postfix sasl authentication to work.
I am getting the following error in postfix logs
postfix/smtpd[73083]: warning: SASL authentication problem: SASL error opening password file. Have you performed the migration from db2 using cyrusbdb2current??
cloud2 postfix/smtpd[73083]: warning: SASL authentication failure: Could not open /etc/sasl2/sasldb2
Things I have tried so far:
Copied the sasldb2 file from the old server, adjusted permission to postfix user, cyrusbdb2current does not do anything (no new file is produced).
saslauthd.service works with no errors
Any ideas what else to try or perhaps start a new sasldb2 from scratch?
Why would you have a sasldb2 file on either system? That’s not how Virtualmin configures sasl authentication (and is incompatible with how Virtualmin creates/manages users).
You shouldn’t do any of this, either. You’re changing stuff that shouldn’t be changed. The problem is expecting sasldb2 to be where users come from.
I guess you copied your old sasl configuration that pointed to that file over from a non-Virtualmin server to the new Virtualmin server, replacing Virtualmin’s configuration. That won’t work. Virtualmin needs you to use system users for mail.
In fact the old installation was a “set and forget” ubuntu virtualmin install I did years ago and can’t recall doing anything fancy on it. It just worked and I only had to do the regular updates on the system.
For the new one I just followed the official documentation for server migration.
Any ideas on how setup postfix ans sasl from scratch to use the correct Virtualmin configuration?
I’m very confused then, as we’ve never used sasldb2 and Virtualmin has never supported sasldb2 directly.
Did that file actually have users in it? If so, how did they get there (Virtualmin didn’t put them there, without some changes)?
My advice here would be to figure out what you actually have to migrate. If you have real system users with passwords (the kind Virtualmin can manage and defaults to managing), you shouldn’t be trying to bring over the sasldb2 stuff (wherever it came from) and you should not reconfigure the new system to use sasldb2.
Install Virtualmin on a freshly installed, supported, OS and then don’t replace the configuration with one that’s trying to use the sasldb plugin or users in sasldb2. (That’s not the default in your OS, nor is it what Virtualmin configures, so it had to have been configured some other way.)
Presumably, you’ve gotten /etc/sasl2/smptd.conf from somewhere, and that has the sasldb configuration. Wherever you got that from, you probably shouldn’t have (if you want Virtualmin to manage your email users).
I’m still baffled how your old system had that file and that configuration if you were using Virtualmin.
Nevermind I figured it out. Just reinstalled the postfix and cyrus-sasl packages and ran “virtualmin-config-system --include SASL Postfix”. The only thing I have to add to make it work was the /etc/sasl2/smtpd.conf file. Postfix now works without sasldb2.
Thanks for shedding some light on how things work on Virtualmin with postfix and sasl.