fatal: no SASL authentication mechanisms

[James Lockie]

I need help with using dovecot sasl.
I get /var/spool/postfix/private/auth failed: No such file or directory but the file exists.

# ls -l /var/spool/postfix/private/auth
srw-rw-rw- 1 postfix postfix 0 Jan 17 21:58 /var/spool/postfix/private/auth


I've verified docotsasl works (I think):
# doveadm auth -a /var/spool/postfix/private/auth test_user
Password:
passdb: test_user auth succeeded
extra fields:
user=test_user


These are the relevant log entries:
/var/log/mail.err
postfix/smtpd[1704]: fatal: no SASL authentication mechanisms

/var/log/mail.log
postfix/smtpd[1519]: warning: SASL: Connect to /var/spool/postfix/private/auth failed: No such file or directory

/etc/postfix/master.cf
submission inet n - - - - smtpd -v
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING

/etc/postfix/main.cf
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_auth_enable = yes
#smtpd_sasl_security_options = noanonymous
#smtpd_sasl_local_domain =
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

[Viktor Dukhovni]

On Sat, Jan 17, 2015 at 10:51:30PM -0500, James Lockie wrote:

> /var/log/mail.log
> postfix/smtpd[1519]: warning: SASL: Connect to /var/spool/postfix/private/auth failed: No such file or directory
>
> /etc/postfix/master.cf
> submission inet n - - - - smtpd -v
> -o smtpd_tls_security_level=encrypt
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> -o milter_macro_daemon_name=ORIGINATING

Just another chroot victim,

--
Viktor.

[James Lockie]

Oh.
Is Postfix and/or Dovecot chrooted by default?
Can a message be output in the info log?

[li...@rhsoft.net]

Am 18.01.2015 um 05:40 schrieb James Lockie:
> On 01/17/15 22:55, Viktor Dukhovni wrote:
>> On Sat, Jan 17, 2015 at 10:51:30PM -0500, James Lockie wrote:
>>
>>> /var/log/mail.log
>>> postfix/smtpd[1519]: warning: SASL: Connect to /var/spool/postfix/private/auth failed: No such file or directory
>>>
>>> /etc/postfix/master.cf
>>> submission inet n - - - - smtpd -v
>>> -o smtpd_tls_security_level=encrypt
>>> -o smtpd_sasl_auth_enable=yes
>>> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>>> -o milter_macro_daemon_name=ORIGINATING
>> Just another chroot victim,
>>

> Is Postfix and/or Dovecot chrooted by default?

no, the default in master.cf is an explicit "n"

> Can a message be output in the info log?

better make a bugreport at your distribution
https://www.google.at/search?q=postfix+debian+chroot+problems

[Scott Kitterman]

Assuming this is Debian, there's no bug report needed. It's an intentional maintainer choice and not a bug.

Scott K

[Viktor Dukhovni]

On Sun, Jan 18, 2015 at 12:02:24AM -0500, Scott Kitterman wrote:

> >better make a bugreport at your distribution
> >https://www.google.at/search?q=postfix+debian+chroot+problems
>
> Assuming this is Debian, there's no bug report needed. It's an intentional maintainer choice and not a bug.

I think the "intentional maintainer choice" has long proved unwise.
So though not a bug, it is definitely misfeature. Since the default
chroot is far from seamless:

- Lost logs
- Milter socket problems
- SASL problems
- DNS resolution problems
- ...

If the level of integration were such that none of these issues
were to ever happen, I'd accept this as a valid maintainer choice.
Given that problems come up all the time, I rather see this is a
maintainer mistake that should finally be corrected.

Chroot is for experts willing and able to figure out what needs to
be done to get it working. As a default Debian/Ubuntu configuration
I think it just needlessly gives Postfix on these systems a bad
name.

--
Viktor.

[li...@rhsoft.net]

that's all true

but if each and every day a new user opens a fresh bugreport claiming
the defualts are broken and stupid over the time the "intentional
maintainer choice" may change

that won't happen by explain the same porblem on that list each week
______________________________________

honestly postfix is not completly innocent because the internal default
should be "no" for "-" instead "yes", i saw way too much people believe
it's disabled untill someone explained that this is only the case with
an explicit "n"

having it enabled builtin but with the shipped default config disabled
is not really the best way to explain people it's a bad idea enable it
until you know exactly what you are doing

[Edgar Pettijohn]

>> better make a bugreport at your distribution
>> https://www.google.at/search?q=postfix+debian+chroot+problems
> Assuming this is Debian, there's no bug report needed. It's an intentional maintainer choice and not a bug.
>

> Scott K
>
I think its default in a lot of distros. I know it is in openbsd and
I'm pretty sure freebsd also.

[James Lockie]

What would cause the "warning: SASL: Connect to /var/spool/postfix/private/auth failed: No such file or directory" to come back after working for a while?
I had to restart dovecot and postfix,
Is there any postfix debug tool like doveadm that I can run to test authentication?

[Patrick Ben Koetter]

* James Lockie <robert...@teksavvy.com>:

Sure, read the docs out there. There's plenty of them. Start at the Postfix
Website in the section about debugging.

p@rick



--
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

[Edgar Pettijohn]

On 01/18/15 08:55, James Lockie wrote:
> On 01/18/15 09:07, Edgar Pettijohn wrote:
>>>> better make a bugreport at your distribution
>>>> https://www.google.at/search?q=postfix+debian+chroot+problems
>>> Assuming this is Debian, there's no bug report needed. It's an intentional maintainer choice and not a bug.
>>>
>>> Scott K
>>>
>> I think its default in a lot of distros. I know it is in openbsd and I'm pretty sure freebsd also.
>>
> What would cause the "warning: SASL: Connect to /var/spool/postfix/private/auth failed: No such file or directory" to come back after working for a while?
> I had to restart dovecot and postfix,
> Is there any postfix debug tool like doveadm that I can run to test authentication?

I think what it comes down to is if you have turned off chroot or not.
If not you need to think about the following lines:

/etc/postfix/main.cf
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/auth

Because if you are chroot its really looking for
/var/spool/postfix/var/spool/postfix/private/auth which doesn't exist
most likely.

[James Lockie]

I turned off chroot, that is why it works for a while. :-(

[Benny Pedersen]

James Lockie skrev den 2015-01-18 05:40:
> On 01/17/15 22:55, Viktor Dukhovni wrote:
>> On Sat, Jan 17, 2015 at 10:51:30PM -0500, James Lockie wrote:
>>
>>> /var/log/mail.log

>>> postfix/smtpd[1519]: warning: SASL: Connect to

>>> /var/spool/postfix/private/auth failed: No such file or directory
>>>

>>> /etc/postfix/master.cf
>>> submission inet n - - - - smtpd -v
>>> -o smtpd_tls_security_level=encrypt
>>> -o smtpd_sasl_auth_enable=yes
>>> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>>> -o milter_macro_daemon_name=ORIGINATING
>> Just another chroot victim,
>>

> Oh.

> Is Postfix and/or Dovecot chrooted by default?

> Can a message be output in the info log?

you already see it in verbose logs ?

submission inet n - n - - smtpd
....

i have never seen a problem with dovecot

just dont use - as default wish list

[Benny Pedersen]

Edgar Pettijohn skrev den 2015-01-18 15:07:

> I think its default in a lot of distros. I know it is in openbsd and
> I'm pretty sure freebsd also.

its not so in gentoo, living on edge ? :=)