I’m getting lots of errors with postfix after upgrading Ubuntu from 20.04 to 22.04:
Aug 16 18:51:24 fish postfix/submission/smtpd[4542]: connect from mail-pj1-f49.google.com[209.85.216.49]
Aug 16 18:51:24 fish postfix/submission/smtpd[4542]: warning: connect to Milter service inet:localhost:8891: Connection refused
Aug 16 18:51:24 fish postfix/submission/smtpd[4542]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Aug 16 18:51:24 fish postfix/submission/smtpd[4542]: warning: SASL authentication failure: Password verification failed
Aug 16 18:51:24 fish postfix/submission/smtpd[4542]: warning: mail-pj1-f49.google.com[209.85.216.49]: SASL PLAIN authentication failed: generic failure
Aug 16 18:51:24 fish postfix/submission/smtpd[4542]: warning: TLS library problem: error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:308:
Aug 16 18:51:24 fish postfix/submission/smtpd[4542]: lost connection after AUTH from mail-pj1-f49.google.com[209.85.216.49]
Now I just need to figure out why authentication is now failing whereas it was previously working:
Aug 16 19:51:51 fish postfix/smtpd[7723]: disconnect from mail-qt1-f182.google.com[209.85.160.182] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7
Aug 16 19:51:51 fish postfix/submission/smtpd[7733]: connect from mail-pf1-f177.google.com[209.85.210.177]
Aug 16 19:51:54 fish postfix/submission/smtpd[7733]: warning: SASL authentication failure: Password verification failed
Aug 16 19:51:54 fish postfix/submission/smtpd[7733]: warning: mail-pf1-f177.google.com[209.85.210.177]: SASL PLAIN authentication failed: authentication failure
Aug 16 19:51:54 fish postfix/submission/smtpd[7733]: warning: TLS library problem: error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:308:
Aug 16 19:51:54 fish postfix/submission/smtpd[7733]: lost connection after AUTH from mail-pf1-f177.google.com[209.85.210.177]
Aug 16 19:51:54 fish postfix/submission/smtpd[7733]: disconnect from mail-pf1-f177.google.com[209.85.210.177] ehlo=2 starttls=1 auth=0/1 commands=3/4
Maybe it has to do with the “TLS library problem” warning above.
Did this not exist in the /etc/default/saslauthd by default?
# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
I can see that PARAMS line might help but the OPTIONS is a duplicate from what I see on some 20.04.x instances.
I have commented out both & saslauthd still works just fine with the initial default OPTIONS line.
#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#
# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"
# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"
# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"
# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""
# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5
# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Example for non-chroot Postfix users: "-c -m /var/run/saslauthd"
#
# To know if your Postfix is running chroot, check /etc/postfix/master.cf.
# If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd"
# then your Postfix is running in a chroot.
# If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT
# running in a chroot.
OPTIONS="-c -m /var/run/saslauthd"