Saslauthd fails to start on Debian 13 (Trixie) causing SMTP authentication failure: Wrong PID path in service file

Morning,

I updated some VPSes to Trixie yesterday. By and large, all working fine, though SMTP authentication fails due to the “saslauthd” service not starting.

When doing “systemctl status saslauthd” it looks like systemd is waiting for a PID file to exist, but is not being produced by the service any more:

Aug 17 09:42:03 host.example.com systemd[1]: Starting saslauthd.service - SASL Authentication Daemon...
Aug 17 09:42:03 host.example.com (aslauthd)[2690758]: saslauthd.service: Referenced but unset environment variable evaluates to an empty string: MECH_OPTIONS
Aug 17 09:42:03 host.example.com saslauthd[2690763]:                 : master pid is: 2690763
Aug 17 09:42:03 host.example.com systemd[1]: saslauthd.service: Can't open PID file '/run/saslauthd/saslauthd.pid' (yet?) after start: No such file or directory
Aug 17 09:42:03 host.example.com saslauthd[2690763]:                 : listening on socket: /var/spool/postfix/var/run/saslauthd/mux

SystemD will just wait for this to never happen, eventually timing out the service and terminating it. As a workaround you can echo the process ID shown from the master pid line:

echo 2690763 > /run/saslauthd/saslauthd.pid

Once doing that the SASL service instantly works as normal, with SMTP authentication working:

Aug 17 09:42:30 host.example.com systemd[1]: Started saslauthd.service - SASL Authentication Daemon.

Obviously this would need to be done again any time the SASL service is started, including after a system reboot.

When searching for the service’s PID elsewhere I found it at path “/var/spool/postfix/var/run/saslauthd/saslauthd.pid”. Linking “/run/saslauthd/saslauthd.pid” to this doesn’t work as the link file is removed when the service starts, therefore it seems necessary to modify the systemd service file to point the PID file elsewhere.

To resolve this long term:

sed -e 's/PIDFile=\/var\/run\/saslauthd\/saslauthd\.pid/PIDFile=\/var\/spool\/postfix\/var\/run\/saslauthd\/saslauthd.pid/' -i /usr/lib/systemd/system/saslauthd.service
systemctl daemon-reload
systemctl restart saslauthd

Almost certainly not a Virtualmin specific issue, may just be useful to know.

Yeah, this is a packaging bug. If you upgraded your system from an earlier Debian version, it may be that there are config file changes and since your configuration was preexisting maybe it didn’t get replaced with a newer version of the configuration. If this is a freshly installed OS, it’s just a regular packaging bug.

That said, it appears Ilia has already seen this problem on Ubuntu 24.04 and worked around it in our postinstall configuration (Virtualmin-Config/lib/Virtualmin/Config/Plugin/SASL.pm at 8bf6859d4acc12c6b7e6ab02a142171cb441ee8d · virtualmin/Virtualmin-Config · GitHub). So, I guess we could make it apply on Debian 13, too (though 13 is not yet supported and you shouldn’t expect it to work without issues).

I don’t like doing this kind of thing, stacking workarounds on top of packaging issues, but sometimes we can’t avoid it if the package is simply broken. In this case, the package is seemingly wrong for the default chrooted Postfix configuration, if I’m understanding it. (It’s questionable to chroot Postfix, and historically not encouraged by Wietse.)

I did more testing and fixing for Dovecot and Postfix on Debian 13 to make sure they work correctly. There were quite a lot of changes in Dovecot 2.4, but those are in the process of being fixed too.

We don’t officially support Debian 13 yet, but we definitely will, along with Alma/Rocky 10 in Virtualmin 8.