Ubuntu
postfix package

postfix/smtpd: fatal: no SASL authentication mechanisms

Asked by Todd Taft

I'm trying to setup a combination IMAP/SMTP server using Dovecot and Postfix. After attempting to setup SASL authentication for postfix, the system fails with a postfix/smtpd: fatal: no SASL authentication mechanisms whenever any SMTP connection is attempted (either via a program like Thunderbird or telnet localhost 25). I'm trying to use the guide at https://ubuntu.com/server/docs/mail-postfix, but even with some of the debug settings enabled, I'm still not seeing a more useful log message. What's wrong?

My configuration:

root@kangaroo:~# dovecot -n
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.7.2 ()
# OS: Linux 5.10.0-1038-oem x86_64 Ubuntu 20.04.2 LTS
# Hostname: kangaroo.unclet.net
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  driver = pam
}
protocols = " imap"
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
  driver = passwd
}

root@kangaroo:~# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
compatibility_level = 2
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mydestination = kangaroo.unclet.net, localhost.unclet.net, localhost, localhost.localdomain
myhostname = kangaroo.unclet.net
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/8
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous,noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/ssl/certs/server.crt
smtpd_tls_key_file = /etc/ssl/private/server.key
smtpd_tls_loglevel = 4
smtpd_tls_received_header = yes
smtpd_tls_security_level = may

root@kangaroo:~# postconf -M
smtp inet n - n - - smtpd -v
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp -o syslog_name=postfix/$service_name
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}

root@kangaroo:~# systemctl is-active dovecot
active

root@kangaroo:~# systemctl is-active postfix
active

taft@kangaroo:~$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.

Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: name_mask: all
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: inet_addr_local: configured 2 IPv4 addresses
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: inet_addr_local: configured 4 IPv6 addresses
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: process generation: 30 (30)
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: smtpd_client_event_limit_exceptions ~? debug_peer_list
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: smtpd_client_event_limit_exceptions ~? fast_flush_domains
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: smtpd_client_event_limit_exceptions ~? mynetworks
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: smtpd_client_event_limit_exceptions ~? permit_mx_backup_networks
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: smtpd_client_event_limit_exceptions ~? qmqpd_authorized_clients
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: smtpd_client_event_limit_exceptions ~? relay_domains
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: smtpd_client_event_limit_exceptions ~? smtpd_access_maps
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_list_match: smtpd_client_event_limit_exceptions: no match
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: mynetworks ~? debug_peer_list
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: mynetworks ~? fast_flush_domains
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: mynetworks ~? mynetworks
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: name_mask: host
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: been_here: 127.0.0.1/32: 0
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: been_here: 10.1.2.21/32: 0
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: been_here: [::1]/128: 0
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: been_here: [fe80::2e0:4cff:fe9d:a9eb]/128: 0
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: been_here: [fe80::2e0:4cff:fe9d:aa2f]/128: 0
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: been_here: [fe80::2ef0:5dff:fe46:fb7a]/128: 0
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: mynetworks_core: 127.0.0.1/32 10.1.2.21/32 [::1]/128 [fe80::2e0:4cff:fe9d:a9eb]/128 [fe80::2e0:4cff:fe9d:aa2f]/128 [fe80::2ef0:5dff:fe46:fb7a]/128
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: mynetworks ~? debug_peer_list
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: mynetworks ~? fast_flush_domains
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: mynetworks ~? mynetworks
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: relay_domains ~? debug_peer_list
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: relay_domains ~? fast_flush_domains
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: relay_domains ~? mynetworks
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: relay_domains ~? permit_mx_backup_networks
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: relay_domains ~? qmqpd_authorized_clients
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: relay_domains ~? relay_domains
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: permit_mx_backup_networks ~? debug_peer_list
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: permit_mx_backup_networks ~? fast_flush_domains
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: permit_mx_backup_networks ~? mynetworks
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: permit_mx_backup_networks ~? permit_mx_backup_networks
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: connect to subsystem private/proxymap
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: send attr request = open
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: send attr table = unix:passwd.byname
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: send attr flags = 0
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: private/proxymap socket: wanted attribute: status
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: input attribute name: status
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: input attribute value: 0
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: private/proxymap socket: wanted attribute: flags
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: input attribute name: flags
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: input attribute value: 16
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: private/proxymap socket: wanted attribute: (list terminator)
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: input attribute name: (end)
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: dict_proxy_open: connect to map=unix:passwd.byname status=0 server_flags=fixed
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: dict_open: proxy:unix:passwd.byname
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: Compiled against Berkeley DB: 5.3.28?
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: Run-time linked against Berkeley DB: 5.3.28?
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: dict_open: hash:/etc/aliases
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: smtpd_access_maps ~? debug_peer_list
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: smtpd_access_maps ~? fast_flush_domains
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: smtpd_access_maps ~? mynetworks
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: smtpd_access_maps ~? permit_mx_backup_networks
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: smtpd_access_maps ~? qmqpd_authorized_clients
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: smtpd_access_maps ~? relay_domains
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: smtpd_access_maps ~? smtpd_access_maps
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: unknown_helo_hostname_tempfail_action = defer_if_permit
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: unknown_address_tempfail_action = defer_if_permit
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: unverified_recipient_tempfail_action = defer_if_permit
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: unverified_sender_tempfail_action = defer_if_permit
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: name_mask: 4
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: initializing the server-side TLS engine
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: auto_clnt_create: transport=local endpoint=private/tlsmgr
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: auto_clnt_open: connected to private/tlsmgr
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: send attr request = seed
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: send attr size = 32
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: private/tlsmgr: wanted attribute: status
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: input attribute name: status
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: input attribute value: 0
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: private/tlsmgr: wanted attribute: seed
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: input attribute name: seed
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: input attribute value: L0isnDSApijRpjlNVB5aGF82H3bWHduc6qG5V4l16oY=
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: private/tlsmgr: wanted attribute: (list terminator)
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: input attribute name: (end)
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: send attr request = policy
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: send attr cache_type = smtpd
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: private/tlsmgr: wanted attribute: status
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: input attribute name: status
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: input attribute value: 0
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: private/tlsmgr: wanted attribute: cachable
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: input attribute name: cachable
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: input attribute value: 0
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: private/tlsmgr: wanted attribute: timeout
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: input attribute name: timeout
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: input attribute value: 3600
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: private/tlsmgr: wanted attribute: (list terminator)
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: input attribute name: (end)
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: fast_flush_domains ~? debug_peer_list
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_string: parent_domain_matches_subdomains: fast_flush_domains ~? fast_flush_domains
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: auto_clnt_create: transport=local endpoint=private/anvil
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: connection established
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: master_notify: status 0
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: name_mask: resource
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: name_mask: software
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: connect from kangaroo.unclet.net[127.0.0.1]
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_list_match: kangaroo.unclet.net: no match
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_list_match: 127.0.0.1: no match
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_list_match: kangaroo.unclet.net: no match
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_list_match: 127.0.0.1: no match
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: smtp_stream_setup: maxtime=300 enable_deadline=0
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_hostname: smtpd_client_event_limit_exceptions: kangaroo.unclet.net ~? 127.0.0.0/8
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: match_hostaddr: smtpd_client_event_limit_exceptions: 127.0.0.1 ~? 127.0.0.0/8
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: > kangaroo.unclet.net[127.0.0.1]: 220 kangaroo.unclet.net ESMTP Postfix (Ubuntu)
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: xsasl_dovecot_server_create: SASL service=smtp, realm=(null)
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: name_mask: noanonymous
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: name_mask: noplaintext
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: xsasl_dovecot_server_connect: Connecting
Aug 17 04:07:21 kangaroo dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Aug 17 04:07:21 kangaroo dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Aug 17 04:07:21 kangaroo dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: xsasl_dovecot_server_connect: auth reply: VERSION?1?2
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: xsasl_dovecot_server_connect: auth reply: MECH?PLAIN?plaintext
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: name_mask: plaintext
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: xsasl_dovecot_server_connect: auth reply: MECH?LOGIN?plaintext
Aug 17 04:07:21 kangaroo dovecot: auth: Debug: auth client connected (pid=0)
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: name_mask: plaintext
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: xsasl_dovecot_server_connect: auth reply: SPID?46497
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: xsasl_dovecot_server_connect: auth reply: CUID?1
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: xsasl_dovecot_server_connect: auth reply: COOKIE?f1df4b151ab753934e42c4baaa1d2620
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: xsasl_dovecot_server_connect: auth reply: DONE
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN
Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: fatal: no SASL authentication mechanisms
Aug 17 04:07:22 kangaroo postfix/master[26205]: warning: process /usr/lib/postfix/sbin/smtpd pid 46495 exit status 1
Aug 17 04:07:22 kangaroo postfix/master[26205]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling

Question information

Language:
English Edit question
Status:
Expired
For:
Ubuntu postfix Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

https://serverfault.com/questions/571191/postfix-fatal-no-sasl-authentication-mechanisms

Possibly

Revision history for this message
Todd Taft (taft) said : 		#2

That doesn't seem to be it. I've installed the sasl2-bin package, changed the /etc/default/saslauthd option to START=yes, and then restarted everything, but I'm still seeing the same problem.

Revision history for this message
Manfred Hampl (m-hampl) said : 		#3

https://serverfault.com/questions/571191/postfix-fatal-no-sasl-authentication-mechanisms talks about installing libsasl2-modules and libsasl2-dev.
Do you have these installed?

Revision history for this message
Todd Taft (taft) said : 		#4

Yes.

#aptitude search sasl |grep ^i
i A libauthen-sasl-perl - Authen::SASL - SASL Authentication framework
i A libsasl2-2 - Cyrus SASL - authentication abstraction library
i libsasl2-dev - Cyrus SASL - development files for authentication abstraction library
i A libsasl2-modules - Cyrus SASL - pluggable authentication modules
i A libsasl2-modules-db - Cyrus SASL - pluggable authentication modules (DB)
i sasl2-bin - Cyrus SASL - administration programs for SASL users database

Revision history for this message
Launchpad Janitor (janitor) said : 		#5

This question was expired because it remained in the 'Open' state without activity for the last 15 days.