How to totally bugger your mail server
I'm about to get fairly technical here, but after a solid day of downtime and hours of debugging, this is worth putting down.
So, I'm pretty regular about keeping up with debian updated packages on my personal server, griffin. I'm paranoid about exploits and the like, and I like to play with the latest and greatest features. Plus, debian is usually behind on most stuff, so a new debian package means you can finally use what the rest of the world has been using for a month or two already. Anyway, so earlier this week, I applied some updates, one of which was dovecot. It wasn't until about a day later that I noticed I hadn't gotten any new email in my inbox for awhile... Checking my postfix logs, I see this type of thing over and over again:
Dec 27 21:52:03 griffin postfix/smtpd[2946]: warning: SASL: Connect to private/auth failed: No such file or directory
Dec 27 21:52:03 griffin postfix/smtpd[2946]: fatal: no SASL authentication mechanisms
Dec 27 21:52:03 griffin postfix/smtpd[2948]: warning: SASL: Connect to private/auth failed: No such file or directory
Dec 27 21:52:03 griffin postfix/smtpd[2948]: fatal: no SASL authentication mechanisms
Dec 27 21:52:04 griffin postfix/master[2834]: warning: process /usr/lib/postfix/smtpd pid 2946 exit status 1
Dec 27 21:52:04 griffin postfix/master[2834]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Dec 27 21:52:04 griffin postfix/master[2834]: warning: process /usr/lib/postfix/smtpd pid 2948 exit status 1
Dec 27 21:55:34 griffin postfix/smtpd[2956]: warning: SASL: Connect to private/auth failed: No such file or directory
Dec 27 21:55:34 griffin postfix/smtpd[2956]: fatal: no SASL authentication mechanisms
I start to freak out.
Apparently, smtpd within postfix is crashing over and over again because it can't talk to or even really find SASL, therefore not allowing to receive or deliver any email. This is BAD. After hours of trying to reconfigure postfix or saslauthd or both or amavisd-new or anything else that really talks and controls SMTP, I hadn't imagined that it could be dovecot, I mean it's just a IMAP daemon, right? I had forgotten I had just upgraded it and it could very easily be the likely culprit. Anyway, I finally come across someone who had the same problem! I had also forgotten that dovecot isn't just an IMAP daemon, but it can act as an AUTH daemon as well, if you want it to... which is exactly what I was having it do for postfix. When I upgraded dovecot, it deployed a new dovecot.conf file and commented out the handy lil' "allow other applications to use dovecot as an AUTH daemon" functionality. So, in closing, if you ever see the errors above? Make sure you have this in your dovecot.conf:
socket listen {
client {
# The client socket is generally safe to export to everyone. Typical use
# is to export it to your SMTP server so it can do SMTP AUTH lookups
# using it.
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
I swear, if work doesn't give me an aneurysm, I'll accidentally give myself one.
So, I'm pretty regular about keeping up with debian updated packages on my personal server, griffin. I'm paranoid about exploits and the like, and I like to play with the latest and greatest features. Plus, debian is usually behind on most stuff, so a new debian package means you can finally use what the rest of the world has been using for a month or two already. Anyway, so earlier this week, I applied some updates, one of which was dovecot. It wasn't until about a day later that I noticed I hadn't gotten any new email in my inbox for awhile... Checking my postfix logs, I see this type of thing over and over again:
Dec 27 21:52:03 griffin postfix/smtpd[2946]: warning: SASL: Connect to private/auth failed: No such file or directory
Dec 27 21:52:03 griffin postfix/smtpd[2946]: fatal: no SASL authentication mechanisms
Dec 27 21:52:03 griffin postfix/smtpd[2948]: warning: SASL: Connect to private/auth failed: No such file or directory
Dec 27 21:52:03 griffin postfix/smtpd[2948]: fatal: no SASL authentication mechanisms
Dec 27 21:52:04 griffin postfix/master[2834]: warning: process /usr/lib/postfix/smtpd pid 2946 exit status 1
Dec 27 21:52:04 griffin postfix/master[2834]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Dec 27 21:52:04 griffin postfix/master[2834]: warning: process /usr/lib/postfix/smtpd pid 2948 exit status 1
Dec 27 21:55:34 griffin postfix/smtpd[2956]: warning: SASL: Connect to private/auth failed: No such file or directory
Dec 27 21:55:34 griffin postfix/smtpd[2956]: fatal: no SASL authentication mechanisms
I start to freak out.
Apparently, smtpd within postfix is crashing over and over again because it can't talk to or even really find SASL, therefore not allowing to receive or deliver any email. This is BAD. After hours of trying to reconfigure postfix or saslauthd or both or amavisd-new or anything else that really talks and controls SMTP, I hadn't imagined that it could be dovecot, I mean it's just a IMAP daemon, right? I had forgotten I had just upgraded it and it could very easily be the likely culprit. Anyway, I finally come across someone who had the same problem! I had also forgotten that dovecot isn't just an IMAP daemon, but it can act as an AUTH daemon as well, if you want it to... which is exactly what I was having it do for postfix. When I upgraded dovecot, it deployed a new dovecot.conf file and commented out the handy lil' "allow other applications to use dovecot as an AUTH daemon" functionality. So, in closing, if you ever see the errors above? Make sure you have this in your dovecot.conf:
socket listen {
client {
# The client socket is generally safe to export to everyone. Typical use
# is to export it to your SMTP server so it can do SMTP AUTH lookups
# using it.
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
I swear, if work doesn't give me an aneurysm, I'll accidentally give myself one.