It appears to know where the socket file is but is getting a permission denied error when trying to connect to the socket that needs to be fixed, looking at the owner and group of the socket could tell you why postfix is denied access to it
yes. multible timesā¦ 
i compare just this moment the postconf outputs Old vs new server
Thatās the problem.
I did notice that the compatibility later was set to 2. Hmm, is it that?
Compatibility level should be 3.6
Let me compare your config to mine.
ls -lah /var/spool/postfix/var/run/saslauthd/
total 976K
drwxāxā 2 root sasl 4.0K May 26 21:25 .
drw-rār-- 4 postfix root 4.0K Nov 4 2023 ā¦
-rw------- 1 root root 0 May 26 20:02 cache.flock
-rw------- 1 root root 963K May 26 20:02 cache.mmap
srwxrwxrwx 1 root root 0 May 26 20:02 mux
-rw------- 1 root root 0 May 26 20:02 mux.accept
-rw------- 1 root root 6 May 26 20:02 saslauthd.pid
main.cf
My main.cf modified with your information and my settings (this is a best guess and I am on ubuntu).
There did seems to be some issues in your config such as inet_interfaces = xxx.xxx.xxx.xxx which will not help.
I will add the other files here in a moment
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
smtpd_tls_security_level = may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = web.svchost.uk
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, marvin.mgc-server.eu, localhost.mgc-server.eu, , localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
sender_dependent_default_transport_maps = hash:/etc/postfix/dependent
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtp_dns_support_level = dnssec
smtp_host_lookup = dns
allow_percent_hack = no
resolve_dequoted_address = no
tls_server_sni_maps = hash:/etc/postfix/sni_map
milter_default_action = accept
smtpd_milters = inet:127.0.0.1:8891,local:/var/run/milter-greylist/milter-greylist.sock
non_smtpd_milters = inet:127.0.0.1:8891,local:/var/run/milter-greylist/milter-greylist.sock
message_size_limit = 50000000
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname
smtpd_helo_restrictions = reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_non_fqdn_recipient reject_unknown_recipient_domain
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_recipient_limit = 50
disable_vrfy_command = yes
smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_auth_only = yes
master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=may
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
# Choose one: enable submission for loopback clients only, or for any client.
#127.0.0.1:submission inet n - y - - smtpd
#submission inet n - y - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
# Choose one: enable smtps for loopback clients only, or for any client.
#127.0.0.1:smtps inet n - y - - smtpd
#smtps inet n - y - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
submission inet n - y - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=may
smtps inet n - y - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=may -o smtpd_tls_wrappermode=yes
smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
i changed it to 3.6 it is the same error
see above for config files
Your config files are not compatible with v3.6 Postfix., they are far too old. Were you running v2.x of Postfix. They have change a LOT of settings between the 2 versions.
I would also be cautious of just copying over config settings and hope they work. You need to merge them.
Worst case, setup an Ubuntu minimal server and try again, this time donāt copy over your settings files, just do them manually 
. I donāt know if you choose Debian on purpose, people say it is more secure because it has less stuff installed but a lot of stuff doesnt work either unelss you put a lot of time into it.
it looks very much like this chrooted postfix and saslauthd run into problems in Debian 7 Ā· Issue #58 Ā· webmin/webmin Ā· GitHub I know itās old but it is the same problem I get with Ubuntu 24.04
Seems that in /etc/postfix/sasl/smtpd.conf the option saslauthd_path is relative to the postfix chroot. It wonāt accept full paths
Points to that path in smtp.conf , he has come from 18.x ubuntu, so is that about 10 years?
But your solution is definitely worth a try especially if you have had this problem, but he needs to sort the configs out for definite.
Lets hope the new config files help.
Depends on how the migration was done ā¦ if it was virtualmin backups restored to a new server running virtualmin on a fresh os, I can not see anything that would interfere with any core postfix configuration but of course the migration may have been done differently
lot of changingsā¦
i changed everything, but it doesnāt work. Except, i have no errors or warnings in logfiles
Thunderbird complains that the Server donāt accept SMTP Connections or is not available.
Those config files were changed to match your system. They did not need to be edited. If you have it will cause issues.
I have not connected my clients locally to my server yet. I will check tommorow to see if there is an issue with my settings, you never know. If you are still getting email leave the new configs in place.
You should revisit the diagnostic notes on my page. It might now be a different issue.
Can you login to one of the email accounts and send an email by usermin?
Also check you can still get email.
@jimr1 do you know any software that can show you the SMTP handshaking for diagnostic purposes? Thanks
In Dashboard Postfix showed some errors. It wouldnāt start.
In the console it stated runningā¦
Now i have errors in Syslog again:
warning: connect to Milter service local:/var/run/milter-greylist/milter-greylist.sock: Permission denied
May 26 23:22:48 postfix/smtpd[4433]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
receiveing mail is not possible
usermin doesnāt work. it would send ov ipv6 which is deactivated in netconfiguration
Your options
Recheck virtualmin configuration
Have a look at @jimr1 solution
Put back all of the original configs that were created when you original install virtualmin on Debian 12
Create a new server and migrate data again, but this time donāt just copy all the old config files to the new server. My preference is Ubuntu server minimal.
yes, i will tomorow setup a vps( ) with freshly installed Debian 12.
Maybe this helps. And i will also test your cofigurations files, but with more sensivity of the detailsā¦
Hope get this error soon, my costumer will kill meā¦
Thank you both for supporting me so far!
Rather than using my config files, follow my guide just in case there are any issues
so, i set up a virtual machine running with debian 12. installed Virtualmin and configured a new virtual-server. Than i compared the mail relevant config-files (all postfix, all dovecot, sasl/smtpd.conf).
changed some details and put new files on my problem-server.
I rebooted the Server. No effect to sasl authentication failure.
I tried to send with usermin. worked halfā¦ Just intern mailserver accept that mails. and they are not dkim signed, thats one point(of maybe more issues) external mailserver donāt accept them.
i also figured out, that this works:
but this doesnāt work:
testsaslauthd -u xxxx -p xxxx
connect() : No such file or directory
What did you change, your postfix on your old server is V2.0, the new one is v3.6 = massive difference. I would of just started from scratch, used my guide to set everything up.
I donāt know what differences Debian to Ubuntu there are.
do this
ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd
before you run this
and see if that makes testsaslauthd happy
I took the new 3.6 files from my new created vps and changed just the ip adress entry.
In Dovecot files i changed/added the configerd Servers.
The files are nearly the same you send.