2

I'm kind of new to postfix so am hoping someone can point me up the obvious here I have a Postfix working as SMTP server and everything is fine for a few days. Then without warning or apparent reason i can't send mail anymore.

Checking the mail.log file is see:

warning: xxx-xxx-xxx-xxx.isp.domain.my[xxx.xxx.xxx.xxx]: SASL login authentication failed: authentication failure
NOQUEUE: reject: RCPT from xxx-xxx-xxx-xxx.isp.domain.my[xxx.xxx.xxx.xxx]: 454 4.7.1 <someone@outside.mail>: Relay access denied; from=<me@domain.url> to=<someone@outside.mail> proto=ESMTP helo=<MyComputerName>

I tried restarting postfix, but it didn't work. So I restarted the computer and that worked. Reading around I got the idea that the SASL authentication daemon might be the problem - but still having to start that service every few days doesn't seem productive.

Has anyone an idea on where i should start looking for problems/permanent solutions?

EDIT! As requested, here's my main.cf file contente. Notice some stuff there placed by EHCP, my control panel solution that postfix ignores with a unused parameter warning:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name powered by Easy Hosting Control Panel (ehcp) on Ubuntu, www.ehcp.net
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = m21-traducoes.com.pt
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost, 89.152.248.139
relayhost = 
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = 
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains = 
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtp_use_tls = yes
smtpd_tls_auth_only = no
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
debug_peer_list = 
sender_canonical_maps = 
debug_peer_level = 1
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $mynetworks $virtual_mailbox_limit_maps $transport_maps
inet_protocols = all
mynetworks = 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/16, 10.0.0.0/8,  89.152.248.0/24

#smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,check_client_access hash:/var/lib/pop-before-smtp/hosts,reject_unauth_destinations
smtpd_destination_concurrency_limit = 2
smtpd_destination_rate_delay = 1s
smtpd_extra_recipient_limit = 10
disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
#smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_authenticated

As for what SASL solution i am using, i don't even know how to check that, sorry.

EDIT2: Restarting saslauthd service rather than a full reboot also works - i haven't figured out what makes that service stop working while still loaded (PS shows it in memory)

Ideas?

537mfb
  • 167
  • 1
  • 11
  • 2
    How is your SASL configuration configured? Can you post your main.cf and at least the program you use for SASL auth? – NickW Dec 12 '13 at 16:37
  • 1
    Look in the logs and see why the sasl service is failing. how is postfix configured, are you running a separate auth service (Such as cyrus-sasl). Try restarting that service and see if the problem clears. My guess is a dependent service is failing hence the reason restarting mail server doesn't fix it , but reboot does – Doon Dec 12 '13 at 16:37
  • Posted my main.cf above - not sure how to find what SASL i use though - very new to mail server configuration – 537mfb Dec 12 '13 at 17:22
  • @NickW please check my edits – 537mfb Dec 26 '13 at 13:11
  • @Doon - saslauthd is the issue - please check my edits – 537mfb Dec 26 '13 at 13:12

1 Answers1

0

Ultimatly i moved away from saslauthd and started using courier-authdaemon instead

537mfb
  • 167
  • 1
  • 11