postfix/smtpd: fatal: no SASL authentication
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
postfix (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
I'm trying to setup a combination IMAP/SMTP server using Dovecot and Postfix on a 20.04 system. After attempting to setup SASL authentication for postfix, the system fails with a postfix/smtpd: fatal: no SASL authentication mechanisms whenever any SMTP connection is attempted (either via a program like Thunderbird or telnet localhost 25). I'm trying to use the guide at https:/
My configuration:
root@kangaroo:~# apt list --installed | egrep 'postfix|
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
dovecot-
dovecot-
libauthen-
libsasl2-
libsasl2-
libsasl2-
libsasl2-
postfix/
sasl2-bin/focal,now 2.1.27+dfsg-2 amd64 [installed]
root@kangaroo:~# dovecot -n
# 2.3.7.2 (3c910f64b): /etc/dovecot/
# Pigeonhole version 0.5.7.2 ()
# OS: Linux 5.10.0-1038-oem x86_64 Ubuntu 20.04.2 LTS
# Hostname: kangaroo.unclet.net
auth_debug = yes
auth_debug_
auth_mechanisms = plain login
mail_location = mbox:~/
mail_privileged
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = " imap"
service auth {
unix_listener /var/spool/
group = postfix
mode = 0660
user = postfix
}
}
ssl_cert = </etc/dovecot/
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
root@kangaroo:~# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_
compatibility_level = 2
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mydestination = kangaroo.
myhostname = kangaroo.unclet.net
mynetworks = 127.0.0.0/8 [::ffff:
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_
smtp_tls_
smtp_tls_
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient
smtpd_relay_
smtpd_sasl_
smtpd_sasl_
smtpd_sasl_path = private/auth
smtpd_sasl_
smtpd_sasl_
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/ssl/
smtpd_tls_key_file = /etc/ssl/
smtpd_tls_loglevel = 4
smtpd_tls_
smtpd_tls_
root@kangaroo:~# postconf -M
smtp inet n - n - - smtpd -v
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp -o syslog_
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/
uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/
bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/
scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/
mailman unix - n n - - pipe flags=FR user=list argv=/usr/
root@kangaroo:~# systemctl is-active dovecot
active
root@kangaroo:~# systemctl is-active postfix
active
taft@kangaroo:~$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.
This is what I see in /var/log/mail.log:
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo dovecot: auth: Debug: Loading modules from directory: /usr/lib/
Aug 17 04:07:21 kangaroo dovecot: auth: Debug: Module loaded: /usr/lib/
Aug 17 04:07:21 kangaroo dovecot: auth: Debug: Read auth token secret from /var/run/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo dovecot: auth: Debug: auth client connected (pid=0)
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:21 kangaroo postfix/
Aug 17 04:07:22 kangaroo postfix/
Aug 17 04:07:22 kangaroo postfix/
Although this step was not in the install guide I've referenced, I've tried adding sasl2-bin and editing /etc/default/
root@kangaroo:~# grep -v ^\# /etc/default/
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/run/saslauthd"
root@kangaroo:~# systemctl is-active saslauthd
active
With postfix using "smtpd_sasl_type = dovecot", you shouldn't need sasl2-bin.
I think your test with telnet on port 25 will not work because you have "smtpd_ sasl_security_ options = noanonymous, noplaintext" which disables "plaintext" type of auth and both LOGIN and PLAIN are in the clear.
It's generally advised to enable SASL/authenticated relaying only on TCP/465 and/or TCP/587 where you can (and should) require TLS encryption. Once you use one of those port with mandatory encryption, you can set "smtpd_ sasl_tls_ security_ options = noanonymous" (note the "tls" in the name).
For more information, please refer to those:
https:/ /doc.dovecot. org/configurati on_manual/ howto/postfix_ and_dovecot_ sasl/ www.postfix. org/SASL_ README. html#smtpd_ sasl_security_ options
http://
HTH,
Simon