# Error on SASL SMTP authentication



## Mainz (Mar 28, 2016)

Hello Guys,

i*I* installed a new Mailserver using Dovecot, Postfix and a MySQL-Database for the Users and Domains and Mailboxes.

Now i*I*'m at the point to configure the secure SASL Authentication for SMTP.
I created a socket and told Postfix to use it but it wont work.

This is my main.cf
I used the normal main.cf configuration file and added the following to the bottom:


```
virtual_alias_maps = mysql:/usr/local/etc/postfix/valias.cf
virtual_mailbox_base = /srv/mail
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/vmailbox.cf
virtual_uid_maps = mysql:/usr/local/etc/postfix/vuidmaps.cf
virtual_gid_maps = static:125
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/vdomains.cf
smtpd_tls_cert_file = /certificates/postfix/postfix_cert.pem
smtpd_tls_key_file = /certificates/postfix/postfix_key.pem
smtpd_tls_security_level = may
smtpd_tls_auth_only= yes
smtpd_sasl_auth_enable= yes
smtpd_sasl_auth_path=/srv/postfix/private/auth
smtpd_sasl_type=dovecot
```

Here is my dovecot.conf


```
## Dovecot configuration file

protocols = imap
auth_mechanisms = plain login
ssl_cert = </certificates/cert.pem
ssl_key = </certificates/key.pem
disable_plaintext_auth = yes

passdb {
  driver = sql
  args = /usr/local/etc/dovecot/dovecot-sql.conf
}

userdb {
  driver = sql
  args = /usr/local/etc/dovecot/dovecot-sql.conf
}

service auth {
  unix_listener /srv/postfix/private/auth {
  mode = 0660
  user = postfix
  group = postfix
  }
}
```

When i restart my Postfix then i*I* get the following:


```
root@mailsrv:/srv # service postfix restart
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
postfix/postfix-script: stopping the Postfix mail system
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
postfix/postfix-script: starting the Postfix mail system
```

Then i*I* checked my Mail-Log and send a testmail and i*I* got the following:


```
root@mailsrv:/srv/mail/******* # tail -F /var/log/maillog

Mar 27 22:39:26 mailsrv postfix/smtpd[1166]: warning: SASL: Connect to smtpd fai   led: No such file or directory

Mar 27 22:39:26 mailsrv postfix/smtpd[1166]: fatal: no SASL authentication mecha  nisms

Mar 27 22:39:27 mailsrv postfix/master[1112]: warning: process /usr/local/libexe  c/postfix/smtpd pid 1166 exit status 1

Mar 27 22:39:27 mailsrv postfix/master[1112]: warning: /usr/local/libexec/postfi  x/smtpd: bad command startup -- throttling

Mar 27 22:40:27 mailsrv postfix/smtpd[1184]: error: open database /etc/aliases.d  b: No such file or directory

Mar 27 22:40:27 mailsrv postfix/smtpd[1184]: connect from dub004-omc3s31.hotmail   .com[157.55.2.40]

Mar 27 22:40:28 mailsrv postfix/smtpd[1184]: warning: SASL: Connect to smtpd fai  led: No such file or directory

Mar 27 22:40:28 mailsrv postfix/smtpd[1184]: fatal: no SASL authentication mecha  nisms

Mar 27 22:40:29 mailsrv postfix/master[1112]: warning: process /usr/local/libexe  c/postfix/smtpd pid 1184 exit status 1

Mar 27 22:40:29 mailsrv postfix/master[1112]: warning: /usr/local/libexec/postfi   x/smtpd: bad command startup -- throttling
```

EDIT: I checked /usr/local/libexec/postfix/smtpd and in the folder Postfix there is a file named smtpd but when I open it I get cryptic letters.

For me it looks like that SASL is not installed, but i*I* checked the port cyus-SASL and rechecked the config of Postfix and both are installed.

Did someone know where the problem is?


----------



## Mainz (Mar 28, 2016)

And here is my master.cf


```
submission inet n  -  n  -  -  smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
```

And when i*I *send an email i*I* get the following in my maillog


```
Mar 28 17:49:11 mailsrv postfix/qmgr[12673]: 0FDBE286B42: removed
Mar 28 17:49:11 mailsrv postfix/local[12780]: warning: hash:/etc/aliases is unavailable. open database /etc/aliases.db: No such file or directory
Mar 28 17:49:11 mailsrv postfix/local[12780]: warning: hash:/etc/aliases: lookup of 'root' failed
```

NOTICE: And i checked the following: Localy I can send mail to my mailboxes. I can send mails to extern providers but I cant recieve emails from extern for example outlook.com


When more logs or more files are required to show then just tell me please.

I hope that someone can help me a bit


----------



## gkontos (Mar 28, 2016)

First create the aliases db by running `newaliases`.

Then change: smtpd_sasl_auth_path=/srv/postfix/private/auth to smtpd_sasl_auth_path=private/auth

Also, cyus-SASL is useless because you are using Dovecot which is the default in postfix-3.1


----------



## Mainz (Mar 28, 2016)

gkontos said:


> First create the aliases db by running `newaliases`.
> 
> Then change: smtpd_sasl_auth_path=/srv/postfix/private/auth to smtpd_sasl_auth_path=private/auth
> 
> Also, cyus-SASL is useless because you are using Dovecot which is the default in postfix-3.1



Thanks for your answer. Did i have to change the path in my dovecot.conf to?


```
service auth {
  unix_listener /srv/postfix/private/auth {
  mode = 0660
  user = postfix
  group = postfix
  }
}
```

I used the command `newaliases`and changed the path.Then I restarted postfix and got the same error.


```
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=private/auth
```

When I change the path in my dovecot.conf file to and then try to restart dovecot I get the following error:

```
root@mailsrv:/usr/local/etc/dovecot # service dovecot restart
Stopping dovecot.
Waiting for PIDS: 711.
Starting dovecot.
Error: bind(/var/run/dovecot/private/auth) failed: No such file or directory
Fatal: Failed to start listeners
/usr/local/etc/rc.d/dovecot: WARNING: failed to start dovecot
```

EDIT: One of the errors is gone after I type in `newaliases` but the other errors are still there


```
Mar 28 23:00:29 mailsrv postfix/smtpd[1248]: connect from dub004-omc1s32.hotmail  .com[157.55.0.231]
Mar 28 23:00:29 mailsrv postfix/smtpd[1249]: connect from dub004-omc1s26.hotmail  .com[157.55.0.225]
Mar 28 23:00:30 mailsrv postfix/smtpd[1248]: warning: SASL: Connect to smtpd fai  led: No such file or directory
Mar 28 23:00:30 mailsrv postfix/smtpd[1248]: fatal: no SASL authentication mecha  nisms
Mar 28 23:00:30 mailsrv postfix/smtpd[1249]: warning: SASL: Connect to smtpd fai  led: No such file or directory
Mar 28 23:00:30 mailsrv postfix/smtpd[1249]: fatal: no SASL authentication mecha  nisms
Mar 28 23:00:31 mailsrv postfix/master[984]: warning: process /usr/local/libexec  /postfix/smtpd pid 1248 exit status 1
Mar 28 23:00:31 mailsrv postfix/master[984]: warning: /usr/local/libexec/postfix  /smtpd: bad command startup -- throttling
Mar 28 23:00:31 mailsrv postfix/master[984]: warning: process /usr/local/libexec  /postfix/smtpd pid 1249 exit status 1
```

This Error to 

```
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=private/auth
```


----------



## Mainz (Mar 29, 2016)

Here is my `postconf -n` maybe it will help


```
root@mailsrv:/usr/local/etc/postfix # postconf -n
command_directory = /usr/local/sbin
compatibility_level = 2
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = /usr/local/share/doc/postfix
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
meta_directory = /usr/local/libexec/postfix
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
shlib_directory = /usr/local/lib/postfix
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /certificates/postfix/postfix_cert.pem
smtpd_tls_key_file = /certificates/postfix/postfix_key.pem
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/usr/local/etc/postfix/valias.cf
virtual_gid_maps = static:125
virtual_mailbox_base = /srv/mail
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/vdomains.cf
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/vmailbox.cf
virtual_uid_maps = mysql:/usr/local/etc/postfix/vuidmaps.cf
postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_path=/srv/postfix/private/auth
```

And thats what my /usr/local/etc/dovecot folder looks like

```
root@mailsrv:/usr/local/etc/dovecot # ls
README  dovecot-sql.conf  dovecot.conf  example-config[/quote]

Did I miss something here?
```


----------



## Mainz (Mar 29, 2016)

When I delete the line 
	
	



```
smtpd_sasl_auth_path=/srv/postfix/private/auth
```
then I can start postfix without getting the error unused_parameter and get the following error:

```
Mar 29 09:54:09 mailsrv postfix/smtpd[1576]: lost connection after CONNECT from nz92l248.bb11352.ctm.net[113.52.92.248]
Mar 29 09:54:09 mailsrv postfix/smtpd[1576]: disconnect from nz92l248.bb11352.ctm.net[113.52.92.248] commands=0/0
Mar 29 09:54:09 mailsrv postfix/smtpd[1577]: connect from mail-he1eur01on0113.outbound.protection.outlook.com[104.47.0.113]
Mar 29 09:54:09 mailsrv postfix/smtpd[1578]: connect from dub004-omc1s32.hotmail.com[157.55.0.231]
Mar 29 09:54:09 mailsrv postfix/smtpd[1575]: connect from mail-db3on0127.outbound.protection.outlook.com[157.55.234.127]
Mar 29 09:54:18 mailsrv postfix/anvil[1490]: statistics: max connection rate 1/60s for (smtp:157.55.234.112) at Mar 29 09:44:18
Mar 29 09:54:18 mailsrv postfix/anvil[1490]: statistics: max connection count 1 for (smtp:157.55.234.112) at Mar 29 09:44:18
Mar 29 09:54:18 mailsrv postfix/anvil[1490]: statistics: max cache size 6 at Mar 29 09:47:23
Mar 29 09:54:19 mailsrv postfix/smtpd[1577]: fatal: no SASL authentication mechanisms
Mar 29 09:54:19 mailsrv postfix/smtpd[1578]: fatal: no SASL authentication mechanisms
Mar 29 09:54:19 mailsrv postfix/smtpd[1575]: fatal: no SASL authentication mechanisms
Mar 29 09:54:20 mailsrv postfix/master[1484]: warning: process /usr/local/libexec/postfix/smtpd pid 1578 exit status 1
Mar 29 09:54:20 mailsrv postfix/master[1484]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
Mar 29 09:54:20 mailsrv postfix/master[1484]: warning: process /usr/local/libexec/postfix/smtpd pid 1577 exit status 1
Mar 29 09:54:20 mailsrv postfix/smtpd[1576]: connect from dub004-omc1s32.hotmail.com[157.55.0.231]
Mar 29 09:54:20 mailsrv postfix/master[1484]: warning: process /usr/local/libexec/postfix/smtpd pid 1575 exit status 1
Mar 29 09:54:31 mailsrv postfix/smtpd[1576]: fatal: no SASL authentication mechanisms
Mar 29 09:54:32 mailsrv postfix/master[1484]: warning: process /usr/local/libexec/postfix/smtpd pid 1576 exit status 1
Mar 29 09:54:46 mailsrv dovecot: imap-login: Warning: Auth process not responding, delayed sending initial response (greeting): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, session=<qRnNVysvQ7dQk7HE>
Mar 29 09:54:57 mailsrv dovecot: master: Error: service(auth): command startup failed, throttling for 60 secs
Mar 29 09:54:57 mailsrv dovecot: auth: Fatal: sql /usr/local/etc/dovecot/dovecot-sql.conf: Error in configuration file /usr/local/etc/dovecot/dovecot-sql.conf line 6: Expecting '='
Mar 29 09:54:57 mailsrv dovecot: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 21 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, session=<qRnNVysvQ7dQk7HE>
Mar 29 09:55:07 mailsrv dovecot: imap-login: Warning: Auth process not responding, delayed sending initial response (greeting): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, session=<BdoGWSsvRrdQk7HE>
```

Here is my dovecot-sql.conf


```
driver = mysql
connect = host=127.0.0.1 dbname=mail user=mail password=*********
default_pass_scheme = PLAIN-MD5

password_query = SELECT mailbox AS username,
domains.domain, password
FROM mailboxes JOIN domains
ON domains.uid = mailboxes.domain
WHERE address = '%n' AND domains.domain = '%d'

user_query = SELECT CONCAT('maildir:/srv/mail/',domains.domain,'/',mailboxes.address)
as mail,mailboxes.id as uid,125 as gid
FROM mailboxes
JOIN domains ON domains.uid = mailboxes.domain
```


```
smtpd_sasl_path = /srv/postfix/private/auth
smtpd_sasl_auth_path=/srv/postfix/private/auth
```
Is this the same? When I use the 
	
	



```
smtpd_sasl_path = /srv/postfix/private/auth
```
 I get no error but when I use 
	
	



```
smtpd_sasl_auth_path=/srv/postfix/private/auth
```
 I get the unused_parameter error.

Can someone give me a hint or help me?


----------



## gkontos (Mar 29, 2016)

While looking at your `postconf -d`, it appears that smtpd_sasl_path is missing. Add it and you should be ok.


----------



## Mainz (Mar 29, 2016)

gkontos said:


> While looking at your `postconf -d`, it appears that smtpd_sasl_path is missing. Add it and you should be ok.


Much thanks for your Answer!


```
command_directory = /usr/local/sbin
compatibility_level = 2
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = /usr/local/share/doc/postfix
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
meta_directory = /usr/local/libexec/postfix
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
shlib_directory = /usr/local/lib/postfix
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /srv/postfix/private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /certificates/postfix/postfix_cert.pem
smtpd_tls_key_file = /certificates/postfix/postfix_key.pem
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/usr/local/etc/postfix/valias.cf
virtual_gid_maps = static:125
virtual_mailbox_base = /srv/mail
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/vdomains.cf
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/vmailbox.cf
virtual_uid_maps = mysql:/usr/local/etc/postfix/vuidmaps.cf
```

Thats my `postconf -n` now. What is with the command smtpd_sasl_auth_path did I need it?

And I still get the following error


```
Mar 29 11:01:08 mailsrv postfix/smtpd[9625]: fatal: no SASL authentication mechanisms
Mar 29 11:01:09 mailsrv postfix/master[9622]: warning: process /usr/local/libexec/postfix/smtpd pid 9625 exit status 1
Mar 29 11:01:09 mailsrv postfix/master[9622]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
Mar 29 11:01:10 mailsrv postfix/smtpd[9629]: fatal: no SASL authentication mechanisms
Mar 29 11:01:11 mailsrv postfix/master[9622]: warning: process /usr/local/libexec/postfix/smtpd pid 9629 exit status 1
Mar 29 11:01:17 mailsrv postfix/smtpd[9631]: fatal: no SASL authentication mechanisms
Mar 29 11:01:18 mailsrv postfix/master[9622]: warning: process /usr/local/libexec/postfix/smtpd pid 9631 exit status 1
```

Did you have an idea what can I do?


----------



## gkontos (Mar 29, 2016)

That's my `postconf`


```
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
```


----------



## obsigna (Mar 29, 2016)

For some reason you want Dovecot to provide authentication information for Postfix on the non-standard path /srv/postfix/private/auth, OK so far, even if this looks funny, it's your choice.

However, if you want this, than you need to make sure, that the directory /srv/postfix/private/ does exist before Dovecot starts up, AND that the user postfix got at least x permissions to the directory and read permissions to something inside of it. If the directory /srv/postfix/private/ does not exit, then Dovecot cannot create the local domain (unix) socket auth in it. Dovecot would listen on this unix socket for SASL authentication requests from Postfix. If the unix socket does not exist, OR Postfix is configured with the wrong path, OR Postfix does not have sufficient access permissions for the path, then you experience those errors in your error logs.

Checks:
`ls -ld /srv/postfix/private`

```
drwx------  2 postfix  wheel  512 29 Mär 07:40 /srv/postfix/private
```

`ls -l /srv/postfix/private`

```
total 0
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 anvil
srw-rw-rw-  1 postfix  postfix  0 29 Mär 07:40 auth
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 bounce
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 defer
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 discard
srw-rw----  1 postfix  postfix  0 29 Mär 07:40 dovecot-lmtp
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 error
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 lmtp
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 local
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 proxymap
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 proxywrite
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 relay
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 retry
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 rewrite
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 scache
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 smtp
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 tlsmgr
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 trace
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 verify
srw-rw-rw-  1 postfix  wheel    0 29 Mär 07:40 virtual
```


----------



## Mainz (Mar 29, 2016)

Now everything works. Thank you!


----------

