Fixing “SASL Authentication Failure: Cannot Connect to saslauthd Server” Error in Postfix/Dovecot Mail Server


15 views

The error message SASL authentication failure: cannot connect to saslauthd server: No such file or directory typically occurs when Postfix or Dovecot cannot communicate with the saslauthd daemon. This breaks SMTP/IMAP authentication, preventing mail clients from connecting.

Nov 23 18:32:55 hig3 postfix/smtpd[11653]: warning: SASL authentication 
failure: cannot connect to saslauthd server: No such file or directory

Your testsaslauthd results reveal an important clue:

# Fails with default socket:
$ testsaslauthd -u user -p pass
connect() : No such file or directory

# Works with explicit socket:
$ testsaslauthd -u user -p pass -f /var/spool/postfix/var/run/saslauthd/mux -s smtp
0: OK "Success."

The issue stems from a mismatch between:

  • Where saslauthd actually creates its socket (/var/spool/postfix/var/run/saslauthd/mux)
  • Where Postfix/Dovecot expect to find it (default /var/run/saslauthd/mux)

Option 1: Update Postfix/Dovecot Configuration

# For Postfix (main.cf):
smtpd_sasl_path = /var/spool/postfix/var/run/saslauthd/mux

# For Dovecot (10-auth.conf):
auth_mechanisms = plain login
auth_username_format = %n
service auth {
  unix_listener /var/spool/postfix/var/run/saslauthd/mux {
    mode = 0660
    user = postfix
    group = postfix
  }
}

Option 2: Reconfigure saslauthd

# Edit /etc/default/saslauthd:
OPTIONS="-c -m /var/run/saslauthd -r -n 5"

# Then restart:
sudo service saslauthd restart

After making changes, verify with:

$ sudo testsaslauthd -u testuser -p testpass
0: OK "Success."

$ telnet localhost 25
EHLO localhost
250-AUTH PLAIN LOGIN

Useful troubleshooting commands:

# Check saslauthd status:
$ sudo saslauthd -v
$ sudo lsof -U | grep saslauthd

# Validate socket permissions:
$ ls -la /var/spool/postfix/var/run/saslauthd/

# Test SASL directly:
$ sudo apt-get install libsasl2-modules
$ testsaslauthd -u username -p password

To avoid future issues:

  1. Create systemd service override (for Ubuntu 16.04+):
    2. # /etc/systemd/system/saslauthd.service.d/override.conf
[Service]
ExecStart=
ExecStart=/usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
  2. Add monitoring for the saslauthd socket:
    3. # Simple Nagios check:
#!/bin/bash
SOCKET=/var/spool/postfix/var/run/saslauthd/mux
test -S $SOCKET || exit 2
test $(stat -c %a $SOCKET) -eq 660 || exit 1
exit 0

When your mail server suddenly stops authenticating users without any configuration changes, the frustration is real. Let's dive into this SASL authentication puzzle where clients get "No such file or directory" errors despite saslauthd running.

The key error in your logs tells the story:

postfix/smtpd[11653]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

This indicates Postfix cannot communicate with saslauthd through the Unix domain socket. The smoking gun comes from your tests:

# Fails with socket error
testsaslauthd -u username -p password

# Succeeds when specifying socket path
testsaslauthd -u username -p password -f /var/spool/postfix/var/run/saslauthd/mux -s smtp

Postfix runs in a chroot environment (/var/spool/postfix by default), while saslauthd typically creates its socket in /var/run/saslauthd. This path mismatch breaks communication.

Your current saslauthd configuration shows the correct approach:

/usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5

Here's how to properly configure the components:

1. Configure saslauthd

Edit /etc/default/saslauthd:

START=yes
MECHANISMS="pam"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

2. Postfix SASL Configuration

Ensure /etc/postfix/main.cf contains:

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

3. Socket Permissions

Create the socket directory with proper permissions:

mkdir -p /var/spool/postfix/var/run/saslauthd
chown postfix:sasl /var/spool/postfix/var/run/saslauthd
chmod 750 /var/spool/postfix/var/run/saslauthd

After making changes:

service saslauthd restart
service postfix restart

# Test authentication
testsaslauthd -u testuser -p password -f /var/spool/postfix/var/run/saslauthd/mux

For stubborn cases, trace the socket access:

strace -f -e trace=file postfix/smtpd -d

Look for attempts to access the wrong socket path.

If socket issues persist, configure saslauthd to use TCP:

# In /etc/default/saslauthd
OPTIONS="-c -m /var/run/saslauthd -r -p tcp"

# In /etc/postfix/main.cf
smtpd_sasl_path = inet:localhost:12345

Remember to open the port in your firewall if using TCP.