Cannot connect to saslauthd server: Permission denied

[migm]

Hi all,

I saw the other thread on this (chmod 777 .... and so on) and that did not work. I am still getting this error. Here's my postfix configuration (main.cfg). Please let me know what other information I can provide: there's obviously a permissions problems here but I thought saslauthd ran as root.

Code:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = tcc1.ath.cx
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = tcc1.ath.cx, ubuntu, localhost.localdomain, localhost
relayhost = [smtp.att.yahoo.com]:587
mynetworks = 0.0.0.0/0
mailbox_size_limit = 0
recipient_delimiter = +
home_mailbox = Maildir/
mailbox_command = procmail -a "$EXTENSION"

smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
inet_interfaces = all
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

Thanks in advance for any and all help!
Cheers,
Migm

[falko]

Please run

Code:

adduser postfix sasl
/etc/init.d/postfix restart

[migm]

Quote:

Originally Posted by falko

Please run

Code:

adduser postfix sasl
/etc/init.d/postfix restart

Thanks for your help. I had already tried this still getting the following

Code:

Apr 26 10:55:19 tcc1 postfix/smtpd[21126]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
Apr 26 10:55:19 tcc1 postfix/smtpd[21126]: warning: SASL authentication failure: Password verification failed
Apr 26 10:55:19 tcc1 postfix/smtpd[21126]: warning: maxlaptop.local[192.168.1.2]: SASL PLAIN authentication failed: generic failure

passwd file

Code:

postfix:x:110:120::/var/spool/postfix:/bin/false

groups file

Code:

sasl:x:1001:postfix

[migm]

Well, i got it to work, but I am not confident that my methodology was very secure.

I ran smtpd with strace debugging turned on and saw the reason that things weren't working was that postfix was searching for my saslauthd file in /var/run/saslauthd. The only mention of the /var/run directory i saw was in the saslauthd init.d file, which i changed to reflect the /var/spool/postfix/var/run/saslauthd directory. That didn't work, so I ended up copying and linking all the files necessary from the /spool directory into the /var/run/saslauthd directory. I can't imagine this is terribly secure?

Where is postfix pulling this /var/run directory from, anyway? If i can change that, I'd rather delete what I've done and do it the correct way.

Thanks!

migm

[falko]

Postfix is running chrooted, so /var/run translates to /var/spool/postfix/var/run.

[migm]

Quote:

Originally Posted by falko

Postfix is running chrooted, so /var/run translates to /var/spool/postfix/var/run.

My postfix was actually not chrooted in the master.cfg

[bvidinli]

i found a basic solution described here: http://www.ehcp.net/?q=node/149#comment-668

[anony]

"Cannot connect to saslauthd server: Permission denied" was caused by permission errors for me. Changed /var/run/saslauthd permissions, chmod a+rx and things worked.

Postfix was not chroot'd and there was no group for saslauthd to add Postfix.

[zzattack]

Quote:

Originally Posted by falko

Please run

Code:

adduser postfix sasl
/etc/init.d/postfix restart

Thanks, this worked for me

[adig]

For those that all of the above doesn't solve the problem... check your password!

If it has a '#' sign all that is after the # gets ignored in "/etc/pam.d
/smtp" and therefore you will have these nice errors in /var/log/auth.log :

pam_mysql - required option "db" is not set
DEBUG: auth_pam: pam_authenticate failed: Error in service module

Source: here.