Home > Mail, Network, Syserv, Unix > Problems & Fixes for Saslauthd and Postfix (with MySQL) setups

Problems & Fixes for Saslauthd and Postfix (with MySQL) setups

March 22nd, 2009 admin Leave a comment Go to comments

Yesterday I ran into a couple of problems using Postfix with virtual users managed through MySQL and SASL auth managed with saslauthd

Problems

  1. SASL PLAIN authentication failed
  2. pam_mysql – SELECT returned no result
  3. Postfix forward: unknown user

More...Problem #1

The first problem was that postfix couldn’t connect to saslauthd through the socket. This was caused by Postfix being chrooted and the saslauthd socket residing outside this chroot environment. This can be fixed by a “–bind”/”nullfs” mount to map the directory with the saslauthd socket into the chroot. The corresponding error message that can be found in the logfiles is:

postfix/smtpd: warning: SASL PLAIN authentication failed

postfix/smtpd: warning: SASL authentication failure: cannot connect to saslauthd server: Connection refused

FIX #1

The fix is as  above described to map the saslauthd directory into the chroot environment by using a bind mount:

mount –bind /var/run/saslauthd/ /var/spool/postfix/var/run/saslauthd/

Also see reference [1]

Problem #2

After fixing this I tested the saslauth and noticed I couldn’t auth. Logfile told me the following(auth.log):

Nov 13 11:55:09 mx saslauthd[1222]: pam_mysql – SELECT returned no result

Nov 13 11:55:09 mx saslauthd[1222]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module

Nov 13 11:55:09 mx saslauthd[1222]: do_auth         : auth failure: [user=alamar] [service=smtp] [realm=julian-seifert.de] [mech=pam] [reason=PAM auth error]

I did enter the correct username@hostname and password so why was the SELECT-query result empty?  To find this out I activated “query logging” in my “my.cnf” on the mysqld host. I  found out that instead of the username I submitted “username@hostname” the “@hostname” part got cut off. My first thought was “Oh I have to change the SQL query in sasl/smtpd.conf”, I tried this but it didn’t matter what I entered there it never changed a thing – the query always only contained the username without the hostpart. After hours of reading,googleing and punching my head against various things I finally found the solution. In “/etc/default/saslauthd” the “OPTIONS” setting has to contain “-r” to transmit the realm as part of the username.

FIX #2

edit /etc/default/saslauthd:

OPTIONS=”-c -r”

Problem #3

Suddenly postfix didn’t recognize entries from the forwarding SQL-table.

mail.log: Nov 22 02:31:23 mx postfix/virtual[9316]: 7B37171C0C5: to=<spam@julian-seifert.de>, relay=virtual, delay=0.56, delays=0.55/0/0/0.01, dsn=5.1.1, status=bounced (unknown user: “spam@julian-seifert.de”)

After hours of looking through SQL logfiles & postfix logs I remembered I commented out a line in postfix’s master.cf (I wanted to test something with amavisd) and forgot to comment it in again.Why this caused the “unknown user”-error I’m not sure and honestly I don’t want to know ;)

FIX #3

Change in master.cf from:

#amavis unix – - – - 2 smtp
#        -o smtp_data_done_timeout=1200
#        -o smtp_send_xforward_command=yes

to

amavis unix – - – - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes

After a postfix restart everything worked fine again. Strange I know but what isn’t… ;)

I will continue to add Problems and fixes as I encounter and hopefully solve them.

References:

[1]  http://blog.stefan-macke.com/2006/01/23/postfix_saslauthd_connection_refused/

Categories: Mail, Network, Syserv, Unix Tags:
  1. No comments yet.
  1. No trackbacks yet.
You must be logged in to post a comment.