Problems with Postfix and SASL
Thomas Luft
thomas at die-lufts.org
Thu Nov 19 13:10:28 CET 2015
Hi there,
I did not change anything at my system but since three days I can't send
mails with postfix. IMAP works fine, but sending mails just does not
work. So far I found this error in the mail.log:
Nov 19 13:03:01 kolab postfix/smtpd[3310]: fatal: SASL per-process
initialization failed
Nov 19 13:03:02 kolab postfix/master[3272]: warning: process
/usr/lib/postfix/smtpd pid 3310 exit status 1
Nov 19 13:03:02 kolab postfix/master[3272]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
Nov 19 13:03:59 kolab postfix/submission/smtpd[3327]: warning: SASL
per-process initialization failed: generic failure
Nov 19 13:03:59 kolab postfix/submission/smtpd[3327]: fatal: SASL
per-process initialization failed
Nov 19 13:04:00 kolab postfix/master[3272]: warning: process
/usr/lib/postfix/smtpd pid 3327 exit status 1
Nov 19 13:04:00 kolab postfix/master[3272]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
Nov 19 13:04:02 kolab postfix/smtpd[3330]: warning: SASL per-process
initialization failed: generic failure
Nov 19 13:04:02 kolab postfix/smtpd[3330]: fatal: SASL per-process
initialization failed
Nov 19 13:04:03 kolab postfix/master[3272]: warning: process
/usr/lib/postfix/smtpd pid 3330 exit status 1
Nov 19 13:04:03 kolab postfix/master[3272]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
I already searched the internet and tried to change the rights to
/var/spool/postfix/etc (I think postfix runs chrooted) but I had no
success at all.
My /etc/postfix/main.cf looks like this:
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/myssl/public/domain.pem
smtpd_tls_key_file=/etc/myssl/private/privkey.pem
smtpd_tls_CAfile = /etc/myssl/public/cacert.crt
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = kolab.postapotheke.biz
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = ldap:/etc/postfix/ldap/mydestination.cf
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
relay_domains =
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
message_size_limit = 40960000
recipient_delimiter = +
inet_interfaces = all
smtpd_tls_auth_only = yes
transport_maps = ldap:/etc/postfix/ldap/transport_maps.cf,
hash:/etc/postfix/transport
content_filter = smtp-amavis:[127.0.0.1]:10024
smtpd_sender_login_maps = $local_recipient_maps
local_recipient_maps = ldap:/etc/postfix/ldap/local_recipient_maps.cf
virtual_alias_maps = $alias_maps,
ldap:/etc/postfix/ldap/virtual_alias_maps.cf,
ldap:/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf,
ldap:/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf,
ldap:/etc/postfix/ldap/mailenabled_distgroups.cf,
ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf
submission_sender_restrictions = reject_non_fqdn_sender,
check_policy_service
unix:private/submission_policy,
permit_mynetworks,
permit_sasl_authenticated,
reject
submission_recipient_restrictions = check_policy_service
unix:private/submission_policy,
permit_sasl_authenticated,
reject
smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client bl.spamcop.net,
reject_unauth_pipelining,
reject_invalid_helo_hostname,
reject_unauth_destination,
check_policy_service
unix:private/recipient_policy_incoming,
permit
smtp_tls_security_level = may
submission_data_restrictions = check_policy_service
unix:private/submission_policy
smtpd_tls_security_level = may
smtpd_sasl_auth_enable = yes
# Don't talk to mail systems that don't know their own hostname
smtpd_helo_restrictions = permit_sasl_authenticated,
reject_unknown_helo_hostname
smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit_mynetworks,
permit_sasl_authenticated,
check_policy_service
unix:private/sender_policy_incoming
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_recipient,
reject_invalid_helo_hostname,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_unauth_pipelining,
reject_rbl_client zen.spamhaus.org,
check_policy_service
unix:private/recipient_policy_incoming,
permit
The /etc/postfix/master.cf looks like this:
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
# Do not forget to execute "postfix reload" after editing this file.
#
==============================================================================
# service type private unpriv chroot wakeup maxproc
command
# (yes) (yes) (yes) (never) (100)
+ args
#
==============================================================================
smtp inet n - n - -
smtpd
#smtp inet n - n - 1
postscreen
#smtpd pass - - n - -
smtpd
#dnsblog unix - - n - 0
dnsblog
#tlsproxy unix - - n - 0
tlsproxy
submission inet n - n - -
smtpd
-o cleanup_service_name=cleanup_submission
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_authenticated_header=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_data_restrictions=$submission_data_restrictions
-o smtpd_recipient_restrictions=$submission_recipient_restrictions
-o smtpd_sender_restrictions=$submission_sender_restrictions
#smtps inet n - n - -
smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - -
qmqpd
pickup fifo n - n 60 1
pickup
cleanup unix n - n - 0
cleanup
-o header_checks=regexp:/etc/postfix/header_checks.inbound
-o mime_header_checks=regexp:/etc/postfix/header_checks.inbound
cleanup_internal unix n - n - 0
cleanup
-o header_checks=regexp:/etc/postfix/header_checks.internal
-o mime_header_checks=regexp:/etc/postfix/header_checks.internal
cleanup_submission unix n - n - 0
cleanup
-o header_checks=regexp:/etc/postfix/header_checks.submission
-o mime_header_checks=regexp:/etc/postfix/header_checks.submission
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1
oqmgr
tlsmgr unix - - n 1000? 1
tlsmgr
rewrite unix - - n - -
trivial-rewrite
bounce unix - - n - 0
bounce
defer unix - - n - 0
bounce
trace unix - - n - 0
bounce
verify unix - - n - 1
verify
flush unix n - n 1000? 0
flush
proxymap unix - - n - -
proxymap
proxywrite unix - - n - 1
proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - -
showq
error unix - - n - -
error
retry unix - - n - -
error
discard unix - - n - -
discard
local unix - n n - -
local
virtual unix - n n - -
virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1
anvil
scache unix - - n - 1
scache
# Filter email through Amavisd
smtp-amavis unix - - n - 3 smtp
-o smtp_data_done_timeout=1800
-o disable_dns_lookups=yes
-o smtp_send_xforward_command=yes
-o max_use=20
-o smtp_bind_address=127.0.0.1
# Listener to re-inject email from Amavisd into Postfix
127.0.0.1:10025 inet n - n - 100
smtpd
-o cleanup_service_name=cleanup_internal
-o content_filter=smtp-wallace:[127.0.0.1]:10026
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
# Filter email through Wallace
smtp-wallace unix - - n - 3 smtp
-o smtp_data_done_timeout=1800
-o disable_dns_lookups=yes
-o smtp_send_xforward_command=yes
-o max_use=20
# Listener to re-inject email from Wallace into Postfix
127.0.0.1:10027 inet n - n - 100
smtpd
-o cleanup_service_name=cleanup_internal
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
recipient_policy unix - n n - -
spawn
user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy
--verify-recipient
recipient_policy_incoming unix - n n - -
spawn
user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy
--verify-recipient --allow-unauthenticated
sender_policy unix - n n - -
spawn
user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy
--verify-sender
sender_policy_incoming unix - n n - -
spawn
user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy
--verify-sender --allow-unauthenticated
submission_policy unix - n n - -
spawn
user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy
--verify-sender --verify-recipient
I really have no idea where to start my search and how to fix this
problem. Everything else works (roundcubemail, imap access) but sending
and delivering mail does not.
I really appreciate your help, kind regards
Thomas
More information about the users
mailing list