I was trying to set up my postfix email server and got the following errors when using the command "auth login" in the telnet session with my postfix service:
535 5.7.8 Error: authentication failed: generic failure
warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
I've followed the link below to set up the service.
How To Install and Configure Postfix on Ubuntu 16.04
I've created 2 users, "postmaster" and "yida" in my computer. "postmaster" could not receive any email using the s-nail mail but could send to "yida", while "yida" could send and receive email but only to and from local user, like "postmaster".
The mail log has the following problem:
postfix/smtp[3386]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c11::1a]:25: Network is unreachable
This happens when I tried to send email to my own gmail account.
The interesting thing was that I gave up in the authentication and continued to type "mail from" command in my testing telnet session and the server gave me an "OK" response. Looks like Postfix was not requiring authentication.
Please see below the related files:
/etc/postfix/master.cf
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
#submission inet n - y - - smtpd
-o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
/etc/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = server.sample.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, sample.com, server.sample.com, localhost.sample.com, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/
virtual_alias_maps = hash:/etc/postfix/virtual
# SASL SUPPORT FOR CLIENTS
#
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail clients.
smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_relay_domains
compatibility_level = 2
/etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
/etc/s-nail.rc
#@ s-nail.rc
#@ Configuration file for S-nail(1) v14.8.6
# S-nail(1): v14.8.6 / 2015-12-28
## The standard POSIX 2008/Cor 1-2013 mandates the following initial settings:
# (Keep in sync: ./main.c:_startup(), ./nail.rc, ./nail.1:"Initial settings"!)
# [a] noallnet, noappend, asksub, noaskbcc, noaskcc, noautoprint,
# [b-e] nobang, nocmd, nocrt, nodebug, nodot, escape="~",
# [f-i] noflipr, nofolder, header, nohold, noignore, noignoreeof,
# [j-o] nokeep, nokeepsave, nometoo, nooutfolder,
# [p-r] nopage, prompt="? ", noquiet, norecord,
# [s] save, nosendwait, noshowto, nosign, noSign,
# [t-z] toplines="5"
# Notes:
# - no*onehop* doesn't exist in this implementation.
# (To pass options through to an MTA, either add them after a "--" separator
# on the command line or by setting the *sendmail-arguments* variable.)
# - *prompt* is "\\& " by default, which will act POSIX-compliant
# unless the user would set *bsdcompat*
## The remaining content adjusts the standard-imposed default settings.
# Note that some of the following flags are specific to S-nail(1) and may thus
# not work with other Mail(1) / mailx(1) programs.
# Entries are marked [OPTION] if their availability is compile-time dependent
## Variables
# If threaded mode is activated, automatically collapse thread
set autocollapse
# Enter threaded mode automatically
#set autosort=thread
# Append rather than prepend when writing to mbox automatically.
# This has no effect unless *hold* is unset (it is set below)
set append
# Ask for a message subject.
set ask
# *bsdannounce* prints a header summary on folder change and thus complements
# *header* on a per-folder basis (it is meaningless unless *header* is set)
set bsdannounce
# Uncomment this in order to get coloured output in $PAGER.
# (Coloured output is only used if $TERM is either found in *colour-terms*
# or includes the string "color")
#set colour-pager
# Assume a CRT-like terminal and invoke a $PAGER
set crt
# Define date display in header summary
#set datefield="%R %m-%d" datefield-markout-older=" %g-%m-%d"
# When composing messages a line consisting of `.' finalizes a message
set dot
# Immediately start $EDITOR (or $VISUAL) when composing a message
#set editalong
# Startup into interactive mode even if the (given) mailbox is empty
#set emptystart
# When replying to or forwarding a message the comment and name parts of email
# addresses are removed unless this variable is set.
#set fullnames
# [OPTION] Add more entries to the history as is done by default
set history-gabby
# Do not forward to mbox by default since this is likely to be
# irritating for most users today; also see *keepsave*
set hold
# Quote the original message in replies by "> " as usual on the Internet
set indentprefix="> "
# Mark messages that have been answered
set markanswered
# Try to circumvent false or missing MIME Content-Type descriptions
# (Can be set to values for extended behaviour, please see the manual.)
set mime-counter-evidence
# Control loading of mime.types(5) file: the value may be a combination of the
# letters "s" and "u": if "u" is seen ~/.mime.types will be loaded if possible;
# "s" adds /etc/mime.types, if available; setting this without any value uses
# only a set of builtin mimetypes; the default behaviour equals "us".
# An extended syntax that allows loading of other, specified files is available
# if the value contains an equal sign "=", see the manual for more
#set mimetypes-load-control
# Do not remove empty mail folders.
# This may be relevant for privacy since other users could otherwise create
# them with different permissions
set keep
# Do not move `save'd or `write'n message to mbox by default since this is
# likely to be irritating for most users today; also see *hold*
set keepsave
# When writing mailbox files we strip Content-Length: and Lines: header fields
# from edited / changed messages, because S-nail doesn't deal with these
# (non-standard) fields -- and since other MUAs may rely on their content, if
# present, it seems more useful to strip them than to keep them, now that they
# became invalid; set this to include them nonetheless
#set keep-content-length
# A nice prompt for ISO 6429/ECMA-48 terminals
#set prompt="\033[31m?\?[\$ \@]\& \033[0m"
# Automatically quote the text of the message that is responded to
set quote
# On group replies, specify only the sender of the original mail in To: and
# mention it's other recipients in the secondary Cc: instead of placing them
# all together in To:
set recipients-in-cc
# When responding to a message, try to answer in the same character set
#set reply-in-same-charset
# [OPTION] Outgoing messages are sent in UTF-8 if possible, otherwise LATIN1.
# Note: it is highly advisable to read the section "Character sets" of the
# manual in order to understand all the possibilities that exist to fine-tune
# charset usage (variables also of interest: *ttycharset*, *charset-8bit*,
# *sendcharsets-else-ttycharset*; and of course we inherit the $LC_CTYPE /
# $LC_ALL / $LANG environment variables and react upon them)
set sendcharsets=utf-8,iso-8859-1
# When sending a message wait until the MTA (including the builtin SMTP one)
# exits before accepting further commands. Only with this variable set errors
# reported by the MTA will be recognizable!
#set sendwait
# Display real sender names in header summaries instead of only addresses
set showname
# Show recipients of messages sent by the user himself in header summaries
set showto
## Commands
# Only include these selected header fields when forwarding messages
fwdretain subject date from to
# Only include the selected header fields when printing messages
retain date from to cc subject message-id mail-followup-to reply-to
## Some pipe-TYPE/SUBTYPE entries
# HTML as text, inline display via lynx(1)
#if $features !@ HTML-FILTER
# set pipe-text/html="lynx -stdin -dump -force_html"
#endif
# PDF display, asynchronous display via xpdf(1)
#set pipe-application/pdf="@&set -C;\
# : > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\
# trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" \
# EXIT INT QUIT PIPE TERM;\
# set +C;\
# cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\
# xpdf \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\""
# s-it-mode
#Added according to docs found in internet.
set emptystart
set folder=Maildir
set record=+sent
/etc/default/saslauthd
#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#
# Should saslauthd run automatically on startup? (default: no)
START=yes
# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"
# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"
# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="shadow"
# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""
# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5
# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Example for non-chroot Postfix users: "-c -m /var/run/saslauthd"
#
# To know if your Postfix is running chroot, check /etc/postfix/master.cf.
# If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd"
# then your Postfix is running in a chroot.
# If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT
# running in a chroot.
OPTIONS="-c -m /var/run/saslauthd"
I would like to achieve two things: 1. Make the "auth login" work correctly. 2. Make both user be able to send email to out side, like to my gmail account. Thanks for the help in advance.
This is a hint that IPv6 is attempted, but not available. It looks like your computer believes it has IPv6-connectivity, while it in reality does not have it. You should probably try to disable IPv6 completely:
Add the following lines to
/etc/sysctl.conf
:and reboot. This will disable IPv6, forcing you to use IPv4. Then try sending the e-mail again.
Furthermore, postfix will accept mail without authentication, but if the destination is not one of the domains it is configured for, it will reject it, as it does not allow relaying e-mail in your configuration. This is important! An open relay will instantly be turned into a spam source...
This is configured with the line
Regarding the authentication failure, this is probably because the login method
auth login
is not a valid sasl authentication mechanism for your configuration. You're probably looking forauth plain
. Try login from a e-mail client like thunderbird, which supports most authentication protocols.