{"id":711,"date":"2017-03-23T14:15:51","date_gmt":"2017-03-23T12:15:51","guid":{"rendered":"https:\/\/helia.ee\/koolitus\/?page_id=711"},"modified":"2017-03-23T14:15:51","modified_gmt":"2017-03-23T12:15:51","slug":"debian-8-dovecotpostfix-mail-server-sasl-connect-to-privateauth-failed","status":"publish","type":"page","link":"https:\/\/helia.ee\/koolitus\/?page_id=711","title":{"rendered":"Debian 8 – Dovecot\/Postfix mail server SASL: Connect to private\/auth failed"},"content":{"rendered":"
\n
\n
<\/div>\n\n\n\n
\n
up vote<\/a> 1<\/span> down vote<\/a> favorite<\/a><\/p>\n
<\/div>\n<\/div>\n<\/td>\n
\n
\n
\n

Trying to get this mail sever up has eaten up a good chunk of 2 days and I’ve made some headway but this specific error has persisted throughout. I’m using a Debian server with Postfix + Dovecot + Postgres. If I try to send an email from my gmail account to an email account on the server, the following errors get logged in \/var\/log\/mail.log<\/strong><\/p>\n

Jun  5 10:57:32 6r6n-6vh7 postfix\/smtpd[748]: connect from mail-oi0-f45.google.com[209.85.218.45]\r\nJun  5 10:57:32 6r6n-6vh7 postfix\/smtpd[748]: warning: SASL: Connect to private\/auth failed: Connection refused\r\nJun  5 10:57:32 6r6n-6vh7 postfix\/smtpd[748]: fatal: no SASL authentication mechanisms\r\nJun  5 10:57:33 6r6n-6vh7 postfix\/master[32593]: warning: process \/usr\/lib\/postfix\/smtpd pid 748 exit status 1\r\nJun  5 10:57:33 6r6n-6vh7 postfix\/master[32593]: warning: \/usr\/lib\/postfix\/smtpd: bad command startup -- throttling\r\n<\/code><\/pre>\n
So the culprit seems to be postfix\/smtpd[748]: warning: SASL: Connect to private\/auth failed: Connection refused<\/strong><\/p>\n
Any ideas on what could be causing it? I’ve generated the .pem files and placed them in the appropriate folders but it seems like authentication is still failing. Included below are some config files I’ve modified over the course of setting this up. To save you guys from the avalanche of text, I’m posting mostly partial config files that don’t include any defaults I didn’t change.<\/p>\n
Postfix Configs<\/h2>\n
\/etc\/postfix\/main.cf (whole file)<\/h2>\n
myhostname = mail.myserver.net\r\nmyorigin = <\/var\/mail\/vhosts\r\nalias_maps = hash:\/etc\/aliases\r\nalias_database = hash:\/etc\/aliases\r\nmydestination = mail.myserver.net, myserver.net,localhost,localhost.localdomain\r\nrelayhost = \r\nmynetworks = 127.0.0.0\/8 [::ffff:127.0.0.0]\/104 [::1]\/128\r\nmailbox_size_limit = 0\r\nrecepient_delimiter = +\r\ninet_interfaces = all\r\n\r\nsmtpd_tls_cert_file = \/etc\/ssl\/certs\/mailcert.pem\r\nsmtpd_tls_key_file = \/etc\/ssl\/private\/mail.key\r\nsmtpd_use_tls = yes\r\nsmtpd_tls_session_cache_database = btree:${data_directory}\/smtpd_scache\r\nsmtp_tls_session_cache_database = btree:${data_directory}\/smtp_scache\r\nsmtpd_tls_security_level=may\r\nsmtpd_tls_protocols = !SSLv2, !SSLv3\r\nsmtpd_tls_auth_only = yes\r\nlocal_recipient_maps = proxy:unix:passwd.byname $alias_maps\r\n\r\nbiff = no\r\nappend_dot_mydomain = no\r\nreadme_directory = no\r\n\r\nsmtpd_sasl_type = dovecot\r\nsmtpd_sasl_path = private\/auth\r\nsmtpd_sasl_auth_enable = yes\r\n\r\nsmtpd_recipient_restrictions =\r\n        permit_sasl_authenticated,\r\n        permit_mynetworks,\r\n        reject_unauth_destination\r\n\r\n#Handing off local delivery to Dovecot's LMTP, and telling it where to store mail\r\nvirtual_transport = lmtp:unix:private\/dovecot-lmtp\r\n\r\n#Virtual domains, users, and aliases\r\nvirtual_mailbox_domains = pgsql:\/etc\/postfix\/pgsql-virtual-mailbox-domains.cf\r\nvirtual_mailbox_maps = pgsql:\/etc\/postfix\/pgsql-virtual-mailbox-maps.cf\r\nvirtual_alias_maps = pgsql:\/etc\/postfix\/pgsql-virtual-alias-maps.cf\r\n<\/code><\/pre>\n
\/etc\/postfix\/master.cf (partial)<\/h2>\n
submission inet n       -       -       -       -       smtpd\r\n  -o syslog_name=postfix\/submission\r\n  -o smtpd_tls_security_level=encrypt\r\n  -o smtpd_sasl_auth_enable=yes\r\n  -o smtpd_client_restrictions=permit_sasl_authenticated,reject\r\n  -o milter_macro_daemon_name=ORIGINATING\r\nsmtps     inet  n       -       -       -       -       smtpd\r\n  -o syslog_name=postfix\/smtps\r\n  -o smtpd_tls_wrappermode=yes\r\n  -o smtpd_sasl_auth_enable=yes\r\n  -o smtpd_client_restrictions=permit_sasl_authenticated,reject\r\n  -o milter_macro_daemon_name=ORIGINATING\r\n<\/code><\/pre>\n
Dovecot Configs<\/h2>\n
\/etc\/dovecot\/dovecot.conf (partial)<\/h2>\n
mail_location = maildir:\/var\/mail\/vhosts\/%d\/%n\r\nmail_privileged_group = mail\r\n<\/code><\/pre>\n
\/etc\/dovecot\/conf.d\/10-auth.conf (partial)<\/h2>\n
disable_plaintext_auth = yes\r\nauth_mechanisms = plain login<\/strong>\r\n!include auth-sql.conf.ext\r\n<\/code><\/pre>\n
\/etc\/dovecot\/conf.d\/auth-sql.conf.ext (partial)<\/h2>\n
userdb {\r\n  driver = static\r\n  args = uid=vmail gid=vmail home=\/var\/mail\/vhosts\/%d\/%n\r\n}\r\npassdb {\r\n  driver = sql\r\n\r\n  # Path for SQL configuration file, see example-config\/dovecot-sql.conf.ext\r\n  args = \/etc\/dovecot\/dovecot-sql.conf.ext\r\n}\r\n<\/code><\/pre>\n
\/etc\/dovecot\/dovecot-sql.conf.ext (partial)<\/h2>\n
driver = pgsql\r\nconnect = host=localhost dbname=XXX user=YYY password=ZZZ\r\ndefault_pass_scheme = SHA512\r\npassword_query = SELECT \\\r\n  CONCAT(username,'@',domain) as user, \\\r\n  password, \\\r\n  'vmail' AS userdb_uid, \\\r\n  'vmail' AS userdb_gid, \\\r\n  '\/var\/mail\/vhosts\/%d\/%u' as userdb_home \\\r\n  FROM virtual_users \\\r\n  WHERE concat(username,'@',domain) = '%u';\r\nuser_query = SELECT username, \\\r\n  CONCAT('maildir:\/var\/mail\/vhosts\/%d\/',username,'@',domain) as mail, \\\r\n  '\/var\/mail\/vhosts\/%d\/%u' as home, \\\r\n  'vmail' as uid, \\\r\n  'vmail' as gid \\\r\n  FROM virtual_users \\\r\n  WHERE concat(username,'@',domain) = '%u';\r\n<\/code><\/pre>\n
\/etc\/dovecot\/conf.d\/10-master.conf (partial)<\/h2>\n
service imap-login {\r\n  inet_listener imap {\r\n    #port = 143\r\n  }\r\n  inet_listener imaps {\r\n    port = 993\r\n    ssl = yes\r\n  }<\/strong>\r\n}\r\nservice pop3-login {\r\n  inet_listener pop3 {\r\n    #port = 110\r\n  }\r\n  inet_listener pop3s {\r\n    port = 995\r\n    ssl = yes\r\n  }\r\n}\r\nservice lmtp {\r\n  unix_listener \/var\/spool\/postfix\/private\/dovecot-lmtp {\r\n    mode = 0600\r\n    user = postfix\r\n    group = postfix\r\n  }\r\n}\r\nservice auth {\r\n  unix_listener auth-userdb {\r\n    mode = 0600\r\n    user = vmail\r\n    #group = \r\n  }\r\n  unix_listener auth-master {\r\n    mode = 0660\r\n    user = vmail(minu konfis peab olema kasutaja postfix)\r\n    group = vmail(minu konfis peab olema kasutaja postfix)<\/strong><\/code><\/pre>\n
}<\/strong> # Postfix smtp-auth unix_listener \/var\/spool\/postfix\/private\/auth { mode = 0666 user=postfix group=postfix } # Auth process is run as this user. user = dovecot } service auth-worker { user = vmail } <\/code><\/pre>\n
\/etc\/dovecot\/conf.d\/10-ssl.conf (partial)<\/h2>\n
ssl = required\r\nssl_cert = <\/etc\/dovecot\/dovecot.pem\r\nssl_key = <\/etc\/dovecot\/private\/dovecot.pem<\/strong>\r\nlog_path = \/var\/log\/dovecot.log\r\nverbose_ssl = yes\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
up vote 1 down vote favorite Trying to get this mail sever up has eaten up a good chunk of 2 days and I’ve made some headway but this specific error has persisted throughout. I’m using a Debian server with Postfix + Dovecot + Postgres. If I try to send an email from my gmail […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":621,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-711","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/711","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=711"}],"version-history":[{"count":1,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/711\/revisions"}],"predecessor-version":[{"id":712,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/711\/revisions\/712"}],"up":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/621"}],"wp:attachment":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=711"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}