-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi together, After a painful almost trial error configuration (for explanations and critics see my previous posts) I'm constantly running into a permission error of `saslauthd`. The issue is of the same nature as the issues and enhancement requested I posted before: unclear logging messages! Example: If
Sep 27 05:20:46 richtercloud postfix/smtpd[14253]: warning: SASL
authentication failure: cannot connect to saslauthd server: Permission
denied
would be logged as
Sep 27 05:20:46 richtercloud postfix/smtpd[14253]: warning: SASL
authentication failure: cannot connect to saslauthd server: Access (rx)
on <file|directory> /absolute/path/to/file/directory caused error
"Permission denied"
no user could ever have trouble with resolving this issue. It might be
an `saslauthd` issue, but even in this cause invokation of `saslauthd`
has to be wrapped or invokations traced or anything, but I can't imagine
anyone not been troubled by such messages. Don't get me wrong, this is
very very very common to handle errors like that and produce such log
entries, but that doesn't make it any good!
Concretely I'm trying to resolve the permission error of `saslauthd`
manifesting itself with
Sep 27 05:20:40 richtercloud postfix/master[14232]: daemon started
- -- version 2.9.6, configuration /etc/postfix
Sep 27 05:20:44 richtercloud postfix/smtpd[14253]: connect from
aclient[192.168.178.23]
Sep 27 05:20:44 richtercloud postfix/smtpd[14253]: warning: SASL
authentication failure: cannot connect to saslauthd server: Permission
denied
Sep 27 05:20:44 richtercloud postfix/smtpd[14253]: warning: SASL
authentication failure: Password verification failed
Sep 27 05:20:44 richtercloud postfix/smtpd[14253]: warning:
aclient[192.168.178.23]: SASL PLAIN authentication failed: generic failure
Sep 27 05:20:44 richtercloud postfix/smtpd[14253]: warning: SASL
authentication failure: cannot connect to saslauthd server: Permission
denied
Sep 27 05:20:44 richtercloud postfix/smtpd[14253]: warning:
aclient[192.168.178.23]: SASL LOGIN authentication failed: generic failure
Sep 27 05:20:45 richtercloud postfix/smtpd[14253]: warning: SASL
authentication failure: cannot connect to saslauthd server: Permission
denied
Sep 27 05:20:45 richtercloud postfix/smtpd[14253]: warning: SASL
authentication failure: Password verification failed
Sep 27 05:20:45 richtercloud postfix/smtpd[14253]: warning:
aclient[192.168.178.23]: SASL PLAIN authentication failed: generic failure
Sep 27 05:20:45 richtercloud postfix/smtpd[14253]: warning: SASL
authentication failure: cannot connect to saslauthd server: Permission
denied
Sep 27 05:20:45 richtercloud postfix/smtpd[14253]: warning:
aclient[192.168.178.23]: SASL LOGIN authentication failed: generic failure
Sep 27 05:20:46 richtercloud postfix/smtpd[14253]: warning: SASL
authentication failure: cannot connect to saslauthd server: Permission
denied
Sep 27 05:20:46 richtercloud postfix/smtpd[14253]: warning: SASL
authentication failure: Password verification failed
Sep 27 05:20:46 richtercloud postfix/smtpd[14253]: warning:
aclient[192.168.178.23]: SASL PLAIN authentication failed: generic failure
Sep 27 05:20:46 richtercloud postfix/smtpd[14253]: warning: SASL
authentication failure: cannot connect to saslauthd server: Permission
denied
Sep 27 05:20:46 richtercloud postfix/smtpd[14253]: warning:
aclient[192.168.178.23]: SASL LOGIN authentication failed: generic failure
Sep 27 05:20:48 richtercloud postfix/smtpd[14253]: warning: SASL
authentication failure: cannot connect to saslauthd server: Permission
denied
Sep 27 05:20:48 richtercloud postfix/smtpd[14253]: warning: SASL
authentication failure: Password verification failed
Sep 27 05:20:48 richtercloud postfix/smtpd[14253]: warning:
aclient[192.168.178.23]: SASL PLAIN authentication failed: generic failure
Sep 27 05:20:48 richtercloud postfix/smtpd[14253]: warning: SASL
authentication failure: cannot connect to saslauthd server: Permission
denied
Sep 27 05:20:48 richtercloud postfix/smtpd[14253]: warning:
aclient[192.168.178.23]: SASL LOGIN authentication failed: generic failure
Sep 27 05:22:33 richtercloud postfix/smtpd[14253]: lost connection
after AUTH from aclient[192.168.178.23]
Sep 27 05:22:33 richtercloud postfix/smtpd[14253]: disconnect from
aclient[192.168.178.23]
in `/var/log/mail.log`. I tried:
* turn chroot on and off in `master.cf`
* adjust `saslauthd_path` in `sasl/smtpd.conf` accordingly
* set up `dpkg-statoverride` like on
http://www.howtoforge.com/ubuntu-postfix-saslauthd-sasl-authentication-failure-cannot-connect-to-saslauthd-server-permission-denied
* `adduser postfix sasl`
* `chmod -R +x /var/spool/postfix/var/run/saslauthd/`
* `chgrp -R sasl /var/spool/postfix/var/run/saslauthd`
* `mount --bind /var/spool/postfix/var/run/saslauthd /var/run/saslauthd`
* `testsaslauthd -u <user> -p <password>` prints `0: OK "Success."`
in a lot of possible combinations - after ~30 I was able to send two
mails, then tried ~60 more, but ability to send mail is lost. I assume
it's some multicausal non-generically reproducable hard- and software
related issue or really just the permissions on the unknown file.
Any help is appreciated. I also don't mind to test a SCM commit with the
logging issue fixed (it should tell me right away what my problem is).
- -Kalle
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUJlCZAAoJEGadKJ8eJ7ZGM+kIAL4HXFpTM4VAsT5QR6o+Ewgs
HAuNQh0Yskp8gdgO1yI+UfpdI812u6AI+Tho5ADUInHMnZkQkihp33WtOA64095y
fba7ZuTNJ3pBRiVm0MM64GMwsjPkYm1WQCUjLEPDQse8BUCf51z+sjaXm7PI5gOT
umgsMwIQt9dp68yratNNCOUOztj0COV+fijdiCDseT1bmtgVHqeOMFr+YbXRPUz5
6BBHUkku1ipD+ur8StUlRVvv0hd5Xe9tp0uZRL1WJaOIJCdvo9H2cGkFMyVUwGIN
rqw99J2DF3PITiACd/UCePt//Jd6fUx5nGHK3q8B46Dj5jtUz3e8qF+Y7lJzj0k=
=I30s
-----END PGP SIGNATURE-----
# saslfinger -s
saslfinger - postfix Cyrus sasl configuration Sat Sep 27 05:33:00 UTC 2014
version: 1.0.4
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.9.6
System: Debian GNU/Linux 7 \n \l
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/arm-linux-gnueabihf/libsasl2.so.2 (0x2aafb000)
-- active SMTP AUTH and TLS parameters for smtpd --
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
-- listing of /usr/lib/sasl2 --
total 32
drwxr-xr-x 2 root root 4096 Sep 27 02:55 .
drwxr-xr-x 81 root root 20480 Sep 27 00:35 ..
-rw-r--r-- 1 root root 4 Sep 27 02:55 berkeley_db.active
-rw-r--r-- 1 root root 4 Jun 9 2013 berkeley_db.txt
-- listing of /opt/lib/sasl2 --
total 388
drwxr-xr-x 2 root root 4096 Sep 17 04:19 .
drwxrwxr-x 25 richter richter 20480 Sep 3 11:31 ..
-rwxr-xr-x 1 root root 12032 Feb 14 2012 libanonymous.so
-rwxr-xr-x 1 root root 12032 Feb 14 2012 libanonymous.so.2
-rwxr-xr-x 1 root root 12032 Feb 14 2012 libanonymous.so.2.0.23
-rwxr-xr-x 1 root root 14292 Feb 14 2012 libcrammd5.so
-rwxr-xr-x 1 root root 14292 Feb 14 2012 libcrammd5.so.2
-rwxr-xr-x 1 root root 14292 Feb 14 2012 libcrammd5.so.2.0.23
-rwxr-xr-x 1 root root 40248 Feb 14 2012 libdigestmd5.so
-rwxr-xr-x 1 root root 40248 Feb 14 2012 libdigestmd5.so.2
-rwxr-xr-x 1 root root 40248 Feb 14 2012 libdigestmd5.so.2.0.23
-rwxr-xr-x 1 root root 12700 Feb 14 2012 liblogin.so
-rwxr-xr-x 1 root root 12700 Feb 14 2012 liblogin.so.2
-rwxr-xr-x 1 root root 12700 Feb 14 2012 liblogin.so.2.0.23
-rwxr-xr-x 1 root root 12836 Feb 14 2012 libplain.so
-rwxr-xr-x 1 root root 12836 Feb 14 2012 libplain.so.2
-rwxr-xr-x 1 root root 12836 Feb 14 2012 libplain.so.2.0.23
-rwxr-xr-x 1 root root 16920 Feb 14 2012 libsasldb.so
-rwxr-xr-x 1 root root 16920 Feb 14 2012 libsasldb.so.2
-rwxr-xr-x 1 root root 16920 Feb 14 2012 libsasldb.so.2.0.23
-rw-r--r-- 1 root root 49 Feb 23 2012 smtpd.conf
-- listing of /etc/postfix/sasl --
total 12
drwxr-xr-x 2 root sasl 4096 Sep 27 02:53 .
drwxr-xr-x 3 root sasl 4096 Sep 27 02:37 ..
-rw-r--r-- 1 root sasl 105 Sep 27 04:48 smtpd.conf
-- content of /opt/lib/sasl2/smtpd.conf --
pwcheck_method: saslauthd
mech_list: LOGIN PLAIN
-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
autotransition: true
saslauthd_path: /var/run/saslauthd
-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
autotransition: true
saslauthd_path: /var/run/saslauthd
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - - - - smtpd
smtpd pass - - n - - smtpd
submission inet n - n - - smtpd
smtps inet n - n - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
-- mechanisms on localhost --
-- end of saslfinger output --
saslfinger.out.sig
Description: PGP signature
