The core symptom appears when Postfix attempts to authenticate against Cyrus SASL (saslauthd), throwing these critical errors:
warning: xsasl_cyrus_server_get_mechanism_list: no mechanism available
fatal: no SASL authentication mechanisms
Interestingly, direct SASL authentication works perfectly when tested manually:
# testsaslauthd -u user -p password -s smtp
0: OK "Success."
Your current SASL configuration in /etc/sasl2/smtpd.conf appears correct at first glance:
pwcheck_method: saslauthd
mech_list: plain login
Postfix SASL-related settings show:
smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd
Several potential culprits could cause this mechanism disappearance:
- Missing SASL mechanism libraries (particularly for plain/login)
- Permission issues on SASL socket files
- Mismatch between Postfix and SASL configurations
- SELinux context problems (common on CentOS/RHEL)
First, verify SASL mechanisms are actually available:
# saslauthd -v
# sasldblistusers2
# ls -l /usr/lib64/sasl2/ | grep -E 'plain|login'
Check socket permissions (critical for Postfix communication):
# ls -la /var/run/saslauthd/
# stat /var/run/saslauthd/mux
Here's the complete fix sequence I recommend:
# yum install cyrus-sasl-plain cyrus-sasl-md5
# chmod 755 /var/run/saslauthd
# chgrp postfix /var/run/saslauthd/mux
# systemctl restart saslauthd
# systemctl restart postfix
For SELinux environments (likely on CentOS 7):
# semanage fcontext -a -t postfix_local_t "/var/run/saslauthd(/.*)?"
# restorecon -Rv /var/run/saslauthd
After applying fixes, test with:
# telnet localhost 25
EHLO test
AUTH LOGIN
You should now see proper mechanism listing and authentication flow.
If issues persist, enable detailed debugging:
# setsebool -P allow_postfix_local_write_mail_spool 1
# echo "psm_saslauthd_flags=\"-c -m /var/run/saslauthd -r -a pam -d\"" >> /etc/sysconfig/saslauthd
# tail -f /var/log/maillog | grep sasl
When working with Postfix and Cyrus SASL authentication on CentOS 7, you might encounter authentication failures despite saslauthd working correctly in isolation. The key symptoms from syslog show:
warning: SASL authentication failure: Internal Error -4 in server.c near line 1757
warning: xsasl_cyrus_server_get_mechanism_list: no mechanism available
fatal: no SASL authentication mechanisms
First, verify these critical components are properly configured:
# Check saslauthd service status
systemctl status saslauthd
# Verify saslauthd socket exists
ls -l /var/run/saslauthd/
The "no mechanism available" error typically indicates either:
- Missing SASL mechanism plugins
- Incorrect permissions on the saslauthd socket
- Mismatch between Postfix and SASL configurations
Install required SASL plugins:
yum install cyrus-sasl-plain cyrus-sasl-md5
Here's a complete working configuration:
# /etc/sysconfig/saslauthd
SOCKETDIR=/var/run/saslauthd
MECH=shadow
FLAGS="-O localhost"
# /etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
log_level: 7
Postfix main.cf additions:
smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
After configuration changes:
# Restart services
systemctl restart saslauthd postfix
# Test authentication
testsaslauthd -u username -p password -s smtp
# Check SASL debug output
journalctl -u saslauthd -f
If issues persist, increase logging:
# /etc/postfix/master.cf
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_sasl_security_options=noanonymous
-o debug_peer_level=10
-o debug_peer_list=192.0.2.0/24
Check SELinux context if enabled:
ls -Z /var/run/saslauthd/
semanage permissive -a saslauthd_t