postfix/smtpd warning SASL authentication problem

Report bugs and workarounds
Post Reply
micoots
Posts: 12
Joined: 28 Apr 2014 07:06

postfix/smtpd warning SASL authentication problem

Post by micoots »

Hi,

We see alot of these messages in the maillog:

Jun 4 10:33:42 server postfix/smtpd[20149]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Jun 4 10:33:42 server postfix/smtpd[20149]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory

They are warnings so not too much of a concern, since the authentication is assumed to be working (if the user actually authenticates) but it would be good to "fix" this if we can.

Have searched the web and there's not much there to "fix" this problem, and this explains a little about the warning:

[*]http://www.tummy.com/software/vpostmast ... l_warnings

If anyone has a fix please advise. Thanks.

Michael.
micoots
Posts: 12
Joined: 28 Apr 2014 07:06

Re: postfix/smtpd warning SASL authentication problem

Post by micoots »

Hi,

I don't have a GitHub account so just posting an update here.

A little more research and I was able to "get rid of" this problem by:

# cat /usr/lib64/sasl2/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5

changed to:

# cat /usr/lib64/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

and:

# service saslauthd restart ; service postfix restart

This stopped those warnings altogether.

Another solution proposed by this:

http://lists.kolab.org/pipermail/users/ ... 15626.html

was to simply run:

# saslpasswd2 sasldb2

and a password after the prompt which would create the /etc/sasldb2 file. I did not do this solution so not sure what the result would have been.

The creation of /etc/sasldb2 may be better? as it would cater for no config changes to /usr/lib64/sasl2/smtpd.conf but am unsure what impact that would have so I would rather disable some AUTH methods.

What's your opinion?
buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: postfix/smtpd warning SASL authentication problem

Post by buzzzo »

Note to dev: Is SASL really used in EFA ? i don't think.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: postfix/smtpd warning SASL authentication problem

Post by shawniverson »

SASL isn't being used currently, but I wonder if some users may be interested?
User avatar
darky83
Site Admin
Posts: 540
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: postfix/smtpd warning SASL authentication problem

Post by darky83 »

actually I added this to efa as it was included in esva and I know some users wanted to use it for relay authentication.

But should we keep it? if there is no need/request/whatever for it it might be better to disable it all..
Version eFa 4.x now available!
buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: postfix/smtpd warning SASL authentication problem

Post by buzzzo »

I would suggest to enable a sasl service to let postfix do smtp-auth against a pop3/imap service of corporate internal mail server.
After all all mails coming tru efa are delivered to a final smtp server.
And even exchange has imap/pop services.
User avatar
darky83
Site Admin
Posts: 540
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: postfix/smtpd warning SASL authentication problem

Post by darky83 »

For the 3.0.0.5 update I will just add a dummy file with a randomly generated password if the file doesn't exist yet.
Version eFa 4.x now available!
dbrunt
Posts: 64
Joined: 28 Nov 2015 00:09

Re: postfix/smtpd warning SASL authentication problem

Post by dbrunt »

Hackers are at work...

Code: Select all

Oct  9 23:22:33 efa postfix/smtpd[15261]: warning: unknown[1.250.238.180]: SASL LOGIN authentication failed: authentication failure
Oct  9 23:22:34 efa postfix/smtpd[15261]: lost connection after AUTH from unknown[1.250.238.180]
Is this the best way to disable SASL authentication?
/etc/postfix/main.cf:

Code: Select all

smtpd_sasl_auth_enable = no
Post Reply