Issue 12.5 install didn't include TLS/SASL support, how do I fix?

[ShoneA]

My newest Plesk VM (12.5, Debian 8, up to date) does not support TLS out of the box. Did I miss some sort of configuration setting somewhere?

- There is no "submission inet...etc" line in the postfix master.conf
- If I add the submission line from another server, I get SASL errors
- I modify the /etc/postfix/smtpd.conf to match our other Plesk servers (modifying paths), but still denied access: SASL authentication failure: cannot connect to saslauthd server: Permission denied

It feels like I'm having to set it up from scratch and I'm running into issues along the way. Is there some easier way? If not, what do I have to do to get it working?

 

[UFHH01]

Hi ShoneA,

often enough, it helps to switch from postfix to qmail and from dovecot to courier-imap and backwards again to solve possible issues/problems, using the commands:

/usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --install-component qmail
( this will uninstall postfix and install qmail, with the standard configuration settings - no eMail - accounts are being touched during this process, no eMails will be lost! )

/usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --install-component postfix
( this will uninstall qmail and install postfix, with the standard configuration settings - no eMail - accounts are being touched during this process, no eMails will be lost! )


/usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --install-component dovecot
( this will uninstall courrier-imap and install dovecot, with the standard configuration settings - no eMail - accounts are being touched during this process, no eMails will be lost! )

/usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --install-component courier
( this will uninstall postfix and install qmail, with the standard configuration settings - no eMail - accounts are being touched during this process, no eMails will be lost! )​

Plesk has a very powerfull REPAIR UTILITY:

Plesk Repair Utility ( Plesk 12.5 online documentation )​

Consider to use

plesk repair mail​

over your command line ( as root ), if you experience issues with your mails/mail - server in use, or with the mail - transport and keep in mind, that the repair - procedure will as well produce a new log - file, where you can find usefull informations about possible issues/problems.



Pls. keep in mind, that investigations are done with the help of log - files and configuration files. Pls. bookmark

Plesk for Linux services logs and configuration files ( KB - article: 111 283 )​

Sometimes, it is as well a good idea to change the log - level, to get more informations in psa - log - files:

How to enable/disable debug logging in Plesk 11.5 and up? ( KB - article 120 101 )​

... and provide depending configuration files and log - file - entries, depending to your issue and the used service(s), if you would like help with your investigations.



If you changed something, so that you don't meet the standard settings and configurations anymore, pls. provide decent informations about your changes, because people willing to help you are not able to guess your changes.



Now directly to your thread - comments:

Did I miss some sort of configuration setting somewhere?

Sorry, you don't provide enough informations ( installation - log from "autoinstaller" is missing ) for a decent answer.

- There is no "submission inet...etc" line in the postfix master.conf

As suggested above, pls try to repair issues with the help of the "Plesk repair utility" first and provide possible repair - logs for investigations.

- If I add the submission line from another server, I get SASL errors

Sorry, you don't provide enough informations here, you don't specify WHAT you've added and you don't provide the SASL - errors from your log - file(s).

- I modify the /etc/postfix/smtpd.conf to match our other Plesk servers (modifying paths), but still denied access: SASL authentication failure: cannot connect to saslauthd server: Permission denied

Pls provide the ORIGINAL "smtpd.conf" and as well your MODIFIED "smtpd.conf" for investigations.

Possible KB - articles, which might help you to solve issues as described with the error "SASL authentication failure: cannot connect to saslauthd server: Permission denied" :

SMTP authentication is not working in Postfix: SASL authentication failure: cannot connect to saslauthd server ( KB - article 129031 )
SMTP authorization does not work with Postfix MTA: "SASL login authentication failed" ( KB - article 113866 )
[HUB] Mail – Unable to send ( KB - article 126705 )​

​

 

[ShoneA]

I tried the swapping the SMTP servers as suggested and still have problems:

# telnet localhost 25
Trying ::1...
Connected to pl4.hosteria.io.
Escape character is '^]'.
220 pl4.hosteria.io ESMTP Postfix (Debian/GNU)
HELO test
250 pl4.hosteria.io
quit
221 2.0.0 Bye
Connection closed by foreign host.

# telnet localhost 587
Trying ::1...
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

No logs at this point to look at since everything was just denied.

I add the submission line from another (older server, 12.0):

submission inet n - n - - smtpd -o smtpd_enforce_tls=no -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

I restart postfix. Attempt #2 (telnet works fine):

# telnet localhost 587
Trying ::1...
Connected to pl4.hosteria.io.
Escape character is '^]'.
220 pl4.hosteria.io ESMTP Postfix (Debian/GNU)

But now to try google (settings):

Aug 25 13:03:17 pl4.hosteria.io postfix/smtpd[22658]: connect from mail-it0-x22f.google.com[2607:f8b0:4001:c0b::22f]
Aug 25 13:03:18 pl4.hosteria.io postfix/smtpd[22658]: Unable to open database(readonly) /plesk/passwd.db: unable to open database file
Aug 25 13:03:18 pl4.hosteria.io postfix/smtpd[22658]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Aug 25 13:03:18 pl4.hosteria.io postfix/smtpd[22658]: warning: SASL authentication failure: Password verification failed
Aug 25 13:03:18 pl4.hosteria.io postfix/smtpd[22658]: warning: mail-it0-x22f.google.com[2607:f8b0:4001:c0b::22f]: SASL PLAIN authentication failed: generic failure
Aug 25 13:03:18 pl4.hosteria.io postfix/smtpd[22658]: lost connection after AUTH from mail-it0-x22f.google.com[2607:f8b0:4001:c0b::22f]
Aug 25 13:03:18 pl4.hosteria.io postfix/smtpd[22658]: disconnect from mail-it0-x22f.google.com[2607:f8b0:4001:c0b::22f]

This is where I started to mess with smtpd.conf, but I don't know how...

The original smtpd.conf file looks like:

pwcheck_method: auxprop saslauthd
auxprop_plugin: plesk
saslauthd_path: /private/plesk_saslauthd
mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
sql_engine: intentionally disabled
log_level: 4

I can update the following, based on what kb article 113866 says for auto_transition, and where i located my plesk_saslauthd file:

saslauthd_path: /usr/lib/postfix/plesk_saslauthd
auto_transition: yes

Of course we get the same error:

Unable to open database(readonly) /plesk/passwd.db: unable to open database file

The documentation says that Plesk 11.x shouldn't specify a path to that file, so it isn't. I'm using 12.5 though. Not sure what to do. If I copy the way it's done with 10.x (where it specifies the path to that file), that's where I was getting the error:

SASL authentication failure: cannot connect to saslauthd server: Permission denied

Any ideas?

 

[UFHH01]

Hi ShoneA,

Unable to open database(readonly) /plesk/passwd.db: unable to open database file

I tried the swapping the SMTP servers as suggested and still have problems:

1. I can't see the usage of the "Plesk repair utility". Did you try it? And if "yes",, could you pls. post the corresponding repair - log?
2. You could as well use the command: "/usr/local/psa/admin/sbin/mchk --with-spam"​

Unable to open database(readonly) /plesk/passwd.db: unable to open database file

... leads to:

Unable to send mails: Unable to open database(readonly) /var/lib/plesk/mail/auth/passwd.db ( KB - article 129107 )

1. What is the output of the command "stat /var/spool/postfix/plesk/passwd.db"​

warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

... still leads to:

SMTP authentication is not working in Postfix: SASL authentication failure: cannot connect to saslauthd server ( KB - article 129031 )

1. Pls. post the complete main.cf and master.cf - configuration files, if you would like further help with your investigations.

2. Locate "saslauthd" on your system with the command "locate saslauthd" ( The "locate" - command depends on the installed package "mlocate" on your server. After it's installation, pls. use "updatedb", so that "mlocate" generates and/or updates the current "mlocate" - database ) - and pls. post your search - results.​

1. Pls. check if service is running "ps aux | grep saslauthd" - and pls. post the output.

2. Pls. post the output of the command "ls -lah /var/spool/postfix/plesk".​

Correct the "/etc/postfix/sasl/smtpd.conf" to:

pwcheck_method: auxprop saslauthd
auxprop_plugin: plesk
saslauthd_path: private/plesk_saslauthd
mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
sql_engine: intentionally disabled
log_level: 4

Pls. don't use "saslauthd_path: /usr/lib/postfix/plesk_saslauthd" - it's not the correct path anymore and therefore outdated for 12.5!
Pls. check for possible multiple "smtpd.conf" - files on your server, with the command "locate smtpd.conf" and post the search - result, please.​

Could you pls. add as well, HOW you installed your server? With templates from your hosting provider? Did you update/upgrade your server yet with "apt-get" or "aptitude" ?