Ubuntu 20.04 Postfix SMTP error authentication failure

| SYSTEM INFORMATION||
Ubuntu 20.04
Virtualmin Version 7.8.2

Hello

I am trying to send an email using roundcube but I have an SMTP error authentication failure.

The command postconf -n sends:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
compatibility_level = 2
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
milter_default_action = accept
milter_protocol = 6
mydestination = $myhostname, ip-158-69-125.net, localhost, ns522248.ovh.net, ns522248.ip-158-69-125.net
myhostname = ns522248.ip-158-69-125.net
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
non_smtpd_milters = local:opendkim/opendkim.sock,inet:127.0.0.1:8891
policyd-spf_time_limit = 3600
readme_directory = no
recipient_delimiter = +
sender_bcc_maps = hash:/etc/postfix/bcc
sender_dependent_default_transport_maps = hash:/etc/postfix/sender_dependent_default_transport_maps
smtp_dns_support_level = dnssec
smtp_host_lookup = dns
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_milters = local:opendkim/opendkim.sock,inet:127.0.0.1:8891
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_policy_service unix:private/policyd-spf
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated reject_unknown_sender_domain reject_unknown_reverse_client_hostname reject_unknown_client_hostname
smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem
smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_server_sni_maps = hash:/etc/postfix/sni_map
virtual_alias_maps = hash:/etc/postfix/virtual

I don’t see any problem there and I don’t know where to look for to solve this problem.
Than for your help

Pascal

That version is quite old. Current is 7.30.4.

Was Roundcube working prior? Did an update break it?

Yes it was working until I configure opendkim.

You really should have stated that up front. You need to provide the relevant logs that show the error. Maybe describe what you did to configure opendkim?

This might be a question for the opendkim folks though.

You need to look in the mail log (or the journal for the postfix and saslauthd units).

You always need to look at logs.

Thanks for your answer. I have fixed the opendkim problem, but I still cannot send email from my account using roundcube.
Here what I find in mail.log hen I try to send an email and get the authentication problem:

Jan 16 21:57:42 xxxxxxx postfix/submission/smtpd[1028180]: connect from localhost[127.0.0.1]
Jan 16 21:57:42 xxxxxxx postfix/submission/smtpd[1028180]: disconnect from localhost[127.0.0.1] ehlo=1 quit=1 commands=2
Jan 16 21:57:42 xxxxxxx postfix/smtpd[1028094]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
Jan 16 21:57:42 xxxxxxx postfix/smtpd[1028094]: warning: unknown[154.216.18.50]: SASL LOGIN authentication failed: generic failure

And in the syslog:

> Jan 16 22:12:08 xxxxxxx postfix/submission/smtpd[1032441]: connect from localhost[127.0.0.1]
> Jan 16 22:12:08 xxxxxxx postfix/submission/smtpd[1032441]: disconnect from localhost[127.0.0.1] ehlo=1 quit=1 commands=2

Again command postconf -n :

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
compatibility_level = 2
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
milter_default_action = accept
milter_protocol = 6
mydestination = $myhostname, ip-158-69-125.net, localhost, ns522248.ovh.net, ns522248.ip-158-69-125.net
myhostname = ns522248.ip-158-69-125.net
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
non_smtpd_milters = local:opendkim/opendkim.sock,inet:127.0.0.1:8891
policyd-spf_time_limit = 3600
readme_directory = no
recipient_delimiter = +
sender_bcc_maps = hash:/etc/postfix/bcc
sender_dependent_default_transport_maps = hash:/etc/postfix/sender_dependent_default_transport_maps
smtp_dns_support_level = dnssec
smtp_host_lookup = dns
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_policy_service unix:private/policyd-spf
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated reject_unknown_sender_domain reject_unknown_reverse_client_hostname reject_unknown_client_hostname
smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem
smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_server_sni_maps = hash:/etc/postfix/sni_map
virtual_alias_maps = hash:/etc/postfix/virtual

So, what’s going on with saslauthd? Check the status and try restarting it to see if anything interesting shows up in the mail log about it.

not only Virtualmin out of date but probably Roundcube.

even the OS is getting tired
there becomes a point in time when :man_shrugging: and one wonders how much attention is being paid to such a system.

After restart saslauthd command journalctl -xeu saslauthd.service gives:

-- A start job for unit saslauthd.service has begun execution.
-- 
-- The job identifier is 3217174.
ene 17 08:02:02 ns522248 saslauthd[1194801]:  * Starting SASL Authentication Daemon saslauthd
ene 17 08:02:02 ns522248 saslauthd[1194834]:                 : master pid is: 1194834
ene 17 08:02:02 ns522248 saslauthd[1194834]:                 : listening on socket: /var/spool/postfix/var/run/saslauthd/mux
ene 17 08:02:02 xxxxxxx saslauthd[1194801]:    ...done.
ene 17 08:02:02 xxxxxxx systemd[1]: Started LSB: saslauthd startup script.
-- Subject: A start job for unit saslauthd.service has finished successfully
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- A start job for unit saslauthd.service has finished successfully.
-- 
-- The job identifier is 3217174.
~
````Preformatted text`

and in the mail/log I have :
Jan 17 08:02:21 xxxxxx postfix/smtps/smtpd[1182971]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied

And when I try to send an email from Thunderbird , in the mail.log I have:

Jan 17 08:15:45 xxxxxx postfix/submission/smtpd[1198648]: connect from unknown[191.156.237.50]
Jan 17 08:15:46 xxxxxx postfix/submission/smtpd[1198648]: TLS SNI mail.eventic.biz from unknown[191.156.237.50] not matched, using default chain
Jan 17 08:15:46 xxxxxx postfix/submission/smtpd[1198648]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
Jan 17 08:15:46 xxxxxx postfix/submission/smtpd[1198648]: warning: SASL authentication failure: Password verification failed
Jan 17 08:15:46 xxxxxx postfix/submission/smtpd[1198648]: warning: unknown[191.156.237.50]: SASL PLAIN authentication failed: generic failure
Jan 17 08:15:47 xxxxxx postfix/submission/smtpd[1198648]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
Jan 17 08:15:47 xxxxxx postfix/submission/smtpd[1198648]: warning: unknown[191.156.237.50]: SASL LOGIN authentication failed: generic failure