Re: Sarge - postfix/saslauthd issues

Thu, 29 Sep 2005 08:25:43 -0700 

On Sat, Jul 09, 2005 at 05:36:49AM -0500, BJ Dierkes wrote:

PROBLEM 1:
The first problem is is that Postfix can't connect to the saslauthd socket. The reason appears to be because it is running in a chroot environment (by default) and the socket is outside of the jail by default. 

These what the vars in the "/etc/init.d/saslauthd" script looks like:

NAME=saslauthd
DAEMON="/usr/sbin/${NAME}"
DESC="SASL Authentication Daemon"
DEFAULTS=/etc/default/saslauthd
PWDIR=/var/run/saslauthd
PIDFILE="/var/run/${NAME}/saslauthd.pid"


The saslauthd socket is created as "$PWDIR/mux".  However, Postfix  
looks for it as "/var/spool/postfix/var/run/saslauthd/mux".



Errors without /var/spool/postfix/var/run/saslauthd/mux (/var/log/ 
mail.log):



postfix/smtpd[7663]: warning: SASL authentication failure: cannot  
connect to saslauthd server: No such file or directory
postfix/smtpd[7663]: warning: SASL authentication failure: Password  
verification failed

postfix/smtpd[7663]: warning: SASL PLAIN authentication failed



To fix it I removed "/var/run/saslauthd", and then recreated it as a  
soft link to "/var/spool/postfix/var/run/saslauthd" (make sure that  
postfix or whatever the postfix user is, is a part of the sasl group).



This fixes the problem for me, but Is there anything I'm missing?  I  
really didn't find anything in the documentation for saslauthd that  
led to this.  Just want to make sure I didn't waste hours of my life  
for no reason.  ;)


This is the method I originally used, though I tied it in with
dpkg-statoverride and some other things. I agree that it is an annoying
and somewhat hidden problem. The solution I tried and stuck with after
my second postfix installation was to create a bind mount between
/var/run/saslauthd and the directory inside the postfix chroot. I
created the directory /var/spool/postfix/var/run/saslauthd and then
added the following to my /etc/fstab file

/var/run/saslauthd /var/spool/postfix/var/run/saslauthd none rw,bind 0 0

It was easier to do it this way and have the machine come up fully and
properly with a reboot, since I always seemed to have to recreate the
symlink on reboot with the prior method (until I started editing startup
scripts, but let's not get into that).

--
Steve Block
http://ev-15.com/
http://steveblock.com/
[EMAIL PROTECTED]


--

To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
















    











					Reply via email to