Postfix saslauthd smtp authentication relay access denied problem

Discussion in 'Server Operation' started by rajshardel, Jul 18, 2012.

  1. rajshardel

    rajshardel New Member

    We have Centos 6 os , webmin, Linux Apache, myssql, Postfix, Dovecot, squirrelmail installed.

    We cannot receive mail in webmin from gmail when we insert saslauthd enable lines in webmin postfix config and cannot send or receive mail from outlook which hangs. But when we remove saslauthd enable from webmin postfix config file we can send mail to gmail or to internal users from webmin but we get relay access denied error from outlook to gmail.

    outlook accepts incoming outgoing server with pop setting and smtp setting but rejects settings although my hostname is and MX mail server DNS record is and A record is

    My smtp port 25 is open and also pop port 110 amd IMAP 143 and IMAPS 993 and POP3S 995

    Postfix , Dovecot, saslauthd restart show OK at terminal. But Clearly there is a problem in saslauthpd configuration and relay access denied as otherwise I can send and receive mail from gmail.

    At teminal we get

    [root@jobseasily ~]# telnet 25
    telnet: connect to address Connection refused
    telnet: Unable to connect to remote host: Connection refused
    [root@jobseasily ~]# telnet localhost 25
    Connected to localhost.localdomain (
    Escape character is '^]'.
    Connection closed by foreign host.
    [root@jobseasily ~]# /etc/init.d/postfix restart
    Shutting down postfix: [ OK ]
    Starting postfix: ^[[A [ OK ]
    [root@jobseasily ~]# /etc/init.d/dovecot restart
    Stopping Dovecot Imap: [ OK ]
    Starting Dovecot Imap: [ OK ]
    [root@jobseasily ~]# /etc/init.d/saslauthd restart
    Stopping saslauthd: [ OK ]
    Starting saslauthd: [ OK ]
    [root@jobseasily ~]#


    saslauthd started with great difficulty as we did not have /etc/default/saslauthd and apt-get install libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql packages could not be found. We created /etc/default/saslauthd file and inserted the following:

    PARAMS="-m ${PWDIR}"
    OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"


    We could not adduser postfix sasl from terminal so we entered postfix user in group sasl from webmin and now saslauthd process has started


    #postfic configuration

    myhostname =
    mydomain =
    myorigin = $mydomain
    inet_interfaces = all
    mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, /etc/postfix/virtual/domains
    virtual_maps = hash:/etc/postfix/virtual/addresses
    mynetworks =,
    relay_domains =
    home_mailbox = Maildir/
    mail_owner = postfix
    daemon_directory = /usr/libexec/postfix
    command_directory = /usr/sbin
    queue_directory = /var/spool/postfix
    config_directory = /usr/etc/postfix
    smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination permit_inet_interfaces
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    smtpd_sasl_local_domain =
    broken_sasl_auth_clients = yes
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth

    #Dovecot conf file

    base_dir = /var/run/dovecot/
    protocols = imap imaps pop3 pop3s
    protocol imap {
    listen = *
    ssl_listen = *

    protocol pop3 {
    listen = *
    listen = [::]
    disable_plaintext_auth = no
    ssl_disable = yes
    mail_location = maildir:~/Maildir
    protocol imap {
    protocol pop3 {
    pop3_uidl_format = %08Xu%08Xv
    protocol lda {
    postmaster_address =
    auth default {
    mechanisms = plain login
    passdb pam {
    userdb passwd {
    socket listen {
    client {
    path = /var/spool/postfix/private/auth
    mode = 0660
    user = postfix
    group = postfix


    Mail logs are as below:

    Jul 18 06:26:41 jobseasily postfix/qmgr[559]: 759C76A3F4: from=<>, size=592, nrcpt=1 (queue active)
    Jul 18 06:26:42 jobseasily postfix/smtp[1022]: connect to[]: Connection refused (port 25)
    Jul 18 06:26:42 jobseasily postfix/smtp[1022]: 759C76A3F4: to=<>, orig_to=<rajshardel@gmailcom>, relay=none, delay=306035, delays=306034/0.02/1.1/0, dsn=4.4.1, status=deferred (connect to[]: Connection refused)
    Jul 18 07:16:41 jobseasily postfix/qmgr[559]: 8ED7E6A3A4: from=<>, size=579, nrcpt=1 (queue active)
    Jul 18 07:16:41 jobseasily postfix/smtp[1580]: connect to[]: Connection refused (port 25)
    Jul 18 07:16:41 jobseasily postfix/smtp[1580]: 8ED7E6A3A4: to=<>, relay=none, delay=320038, delays=320037/0.02/0.6/0, dsn=4.4.1, status=deferred (connect to[]: Connection refused)
    Jul 18 07:33:21 jobseasily postfix/qmgr[559]: 759C76A3F4: from=<>, size=592, nrcpt=1 (queue active)
    Jul 18 07:33:22 jobseasily postfix/smtp[1784]: connect to[]: Connection refused (port 25)
    Jul 18 07:33:22 jobseasily postfix/smtp[1784]: 759C76A3F4: to=<>, orig_to=<rajshardel@gmailcom>, relay=none, delay=310035, delays=310034/0.02/0.74/0, dsn=4.4.1, status=deferred (connect to[]: Connection refused)

    output of netstat -tap?

    [root@jobseasily ~]# netstat -tap?
    usage: netstat [-veenNcCF] [<Af>] -r netstat {-V|--version|-h|--help}
    netstat [-vnNcaeol] [<Socket> ...]
    netstat { [-veenNac] -I[<Iface>] | [-veenNac] -i | [-cnNe] -M | -s } [delay]

    -r, --route display routing table
    -I, --interfaces=[<Iface>] display interface table for <Iface>
    -i, --interfaces display interface table
    -g, --groups display multicast group memberships
    -s, --statistics display networking statistics (like SNMP)
    -M, --masquerade display masqueraded connections

    -v, --verbose be verbose
    -n, --numeric don't resolve names
    --numeric-hosts don't resolve host names
    --numeric-ports don't resolve port names
    --numeric-users don't resolve user names
    -N, --symbolic resolve hardware names
    -e, --extend display other/more information
    -p, --programs display PID/Program name for sockets
    -c, --continuous continuous listing

    -l, --listening display listening server sockets
    -a, --all, --listening display all sockets (default: connected)
    -o, --timers display timers
    -F, --fib display Forwarding Information Base (default)
    -C, --cache display routing cache instead of FIB
    -T, --notrim stop trimming long addresses
    -Z, --context display SELinux security context for sockets

    <Iface>: Name of interface to monitor/list.
    <Socket>={-t|--tcp} {-u|--udp} {-S|--sctp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom
    <AF>=Use '-A <af>' or '--<af>'; default: inet
    List of possible address families (which support routing):
    inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)
    netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP)
    x25 (CCITT X.25)
    [root@jobseasily ~]#


    Can someone help


Share This Page