SASL authentication failure - OPTIONS defined twice

Xcdice · December 1, 2020, 11:14am

Hi

I don’t know if this has been addressed before, or it’s just my server that does it.

I have setup the latest Virtualmin on a fresh Debian 10.6.0

After the setup, everything except email was working. In the mail log I got the following error:

Nov 30 22:23:32 vps1 postfix/smtpd[2278]: connect from unknown[X.X.X.X] Nov 30 22:23:33 vps1 postfix/smtpd[2278]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory Nov 30 22:23:33 vps1 postfix/smtpd[2278]: warning: unknown[X.X.X.X]: SASL LOGIN authentication failed: generic failure Nov 30 22:23:33 vps1 postfix/smtpd[2278]: lost connection after AUTH from unknown[X.X.X.X] Nov 30 22:23:33 vps1 postfix/smtpd[2278]: disconnect from unknown[X.X.X.X] ehlo=1 auth=0/1 commands=1/2

Running service saslauthd status gave me:

root@vps1:/tmp# service saslauthd status
● saslauthd.service - LSB: saslauthd startup script
Loaded: loaded (/etc/init.d/saslauthd; generated)
Active: active (exited) since Mon 2020-11-30 21:32:26 CET; 57min ago
Docs: man:systemd-sysv-generator(8)
Tasks: 0 (limit: 2359)
Memory: 0B
CGroup: /system.slice/saslauthd.service

nov 30 21:32:26 vps1 systemd[1]: Starting LSB: saslauthd startup script...
nov 30 21:32:26 vps1 saslauthd[3705]: To enable saslauthd, edit /etc/default/saslauthd and set START=yes ... (warning). nov 30 21:32:26 vps1 systemd[1]: Started LSB: saslauthd startup script.

The strange thing is that when I looked in the “/etc/default/saslauthd” the (OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r") was defined twice. Once in it’s “normal” location, and another time, in the bottom of the file.

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options. OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

And

OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"

After I commented one of them out, and restarted saslauthd, everything was running correctly, except my hostname was replaced with a (SPACE) so I had to add it manually to the postfix conf.

root@vps1:/tmp# service saslauthd status
● saslauthd.service - LSB: saslauthd startup script
Loaded: loaded (/etc/init.d/saslauthd; generated)
Active: active (running) since Mon 2020-11-30 22:31:21 CET; 56s ago
Docs: man:systemd-sysv-generator(8)
Process: 5808 ExecStart=/etc/init.d/saslauthd start (code=exited, status=0/SUCCESS)
Tasks: 5 (limit: 2359)
Memory: 4.3M
CGroup: /system.slice/saslauthd.service
├─5830 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
├─5831 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
├─5832 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
├─5833 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
└─5834 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5

nov 30 22:31:21 vps1 systemd[1]: Starting LSB: saslauthd startup script...
nov 30 22:31:21 vps1 saslauthd[5830]: : master pid is: 5830
nov 30 22:31:21 vps1 saslauthd[5808]: Starting SASL Authentication Daemon: saslauthd. nov 30 22:31:21 vps1 systemd[1]: Started LSB: saslauthd startup script. nov 30 22:31:21 vps1 saslauthd[5830]: : listening on socket: /var/spool/postfix/var/run/saslauthd/mux

Joe · December 2, 2020, 2:30am

Is this somehow a very old install? Like from more than a year or two ago? There was a bug in the installer in the distant past where if it was run twice (or more) it would keep adding to the sasl config. But, pretty sure that was fixed ages ago.

Regardless, just remove the bogus config line and restart the mail services. It only gets modified at Virtualmin installation time, so there’s no reason why it’d change again…also, I thought it would only add one or the other (depending on OS and version), so it’s maybe weird you have OPTIONS and PARAMS, but it’s been a while since I looked at that code.

Xcdice · December 2, 2020, 4:43pm

Hi

Just to be sure, I made a fresh install twice, but with the same result

But now I know what I have to look out for

Joe · December 2, 2020, 10:24pm

You mean a fresh install done once on a fresh OS results in this config problem? Or you mean, you installed twice on the same OS installation and after two attempts you had this result? (I’m trying to figure out if this is a new bug or an old one that has somehow come back.)

Xcdice · December 2, 2020, 11:57pm

I wiped the server. Installed Debian fresh and then Virtualmin.

Just did the same twice, to be sure that’s not me doing anything wrong the first time I reinstalled the whole system

Xcdice · December 3, 2020, 9:00am

Here’s my entire /etc/default/saslauthd

Completely fresh install of Debian 10.6.0 and Virtualmin automated installation. This is even before running the initial setup in the user interface, so I have never been logged into Virtualmin/Usermin.

#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"

# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Example for non-chroot Postfix users: "-c -m /var/run/saslauthd"
#
# To know if your Postfix is running chroot, check /etc/postfix/master.cf.
# If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd"
# then your Postfix is running in a chroot.
# If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT
# running in a chroot.
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"