When configuring Postfix with SMTP authentication using SASL, you might encounter the frustrating "cannot connect to saslauthd server" error. The key symptoms include:
- Failed authentication attempts with "535 5.7.8 Error: authentication failed"
- Log entries showing "SASL authentication failure: cannot connect to saslauthd server"
- Successful tests with
testsaslauthdbut failures in actual Postfix operation
First, let's check the existing setup based on the information provided:
# Current smtpd.conf configuration
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
saslauthd_path: /var/run/saslauthd/mux
autotransition:true
# Postfix main.cf entry
smtpd_sasl_auth_enable = yes1. Check saslauthd Process Status
ps aux | grep saslauthd
systemctl status saslauthdIf saslauthd isn't running, start it with the correct parameters:
saslauthd -a shadow -m /var/run/saslauthd -n 52. Verify Socket Path Accessibility
The most common root cause is Postfix (running in chroot) being unable to access the saslauthd socket. Check these paths:
ls -la /var/run/saslauthd/
ls -la /var/spool/postfix/var/run/saslauthd/Create the necessary directory structure if missing:
mkdir -p /var/spool/postfix/var/run/saslauthd
chown postfix:sasl /var/spool/postfix/var/run/saslauthd
mount --bind /var/run/saslauthd /var/spool/postfix/var/run/saslauthd3. Update Postfix Configuration
Modify your /etc/postfix/sasl/smtpd.conf:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
log_level: 3Enable verbose logging in saslauthd:
saslauthd -d -a shadow -m /var/run/saslauthdCheck authentication attempts in real-time:
tail -f /var/log/auth.log- Ensure saslauthd is running with correct parameters
- Verify socket path exists in Postfix chroot environment
- Confirm proper permissions on all directories
- Check that SELinux/AppArmor isn't blocking access
- Restart both saslauthd and Postfix after changes
After applying these changes, test authentication again:
telnet localhost 25
EHLO example.com
AUTH PLAIN AHRlc3R1c2VyAHRlc3RwYXNzd29yZA==When setting up SMTP authentication in Postfix, you might encounter the frustrating SASL error where Postfix can't locate the saslauthd socket. The critical error message appears as:
warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directoryInterestingly, testsaslauthd works fine but Postfix fails to authenticate users, indicating a path or permission issue rather than a complete SASL setup failure.
First verify these essential components:
# Check saslauthd status
systemctl status saslauthd
# Verify socket path
ls -la /var/run/saslauthd/mux
# Test SASL directly
testsaslauthd -u username -p passwordMany Postfix installations run in a chroot jail. If your master.cf shows entries like this:
smtp inet n - y - - smtpdThe 'y' indicates chroot is active. You'll need to mirror the saslauthd socket path inside the chroot:
mkdir -p /var/spool/postfix/var/run/saslauthd
mount --bind /var/run/saslauthd /var/spool/postfix/var/run/saslauthdEdit /etc/default/saslauthd with these key settings:
START=yes
MECHANISMS="shadow"
OPTIONS="-c -m /var/run/saslauthd"Then restart saslauthd:
systemctl restart saslauthdYour /etc/postfix/sasl/smtpd.conf should contain:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
saslauthd_path: /var/run/saslauthd/mux
log_level: 3And in main.cf add:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yesEnable verbose logging in saslauthd:
saslauthd -a shadow -dCheck the mail logs in real-time:
tail -f /var/log/mail.logVerify SASL capabilities in Postfix:
telnet localhost 25
EHLO example.comLook for AUTH capabilities in the response.
If you're still facing issues, consider:
# Change authentication method
pwcheck_method: auxprop
auxprop_plugin: sasldb
# Or use PAM directly
pwcheck_method: pamRemember to create appropriate sasldb entries if changing methods:
saslpasswd2 -c -u example.com username