Symptoms
-
Unable to send or receive emails in Postfix after updating to Plesk Obsidian 18.0.34 in Debian 9 OS, in some cases the Postfix service might be down
-
The attempt to connect with the mail client registers the following errors in the log file
/var/log/maillog
:postfix/smtpd[5810]: warning: SASL authentication failure: no secret in database
postfix/smtpd[5810]: warning: example.com[0.0.0.0]: SASL DIGEST-MD5 authentication failed: authentication failurepostfix/smtpd[4288]: Unable to open database(readonly) /plesk/passwd.db: unable to open database file
postfix/smtpd[4288]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Cause
Product issue:
-
#PPPM-12885 "The default chroot settings are no longer changed after updating Plesk to the latest version."
Fixed in:- Plesk Obsidian 20 July 2021 (Linux)
Resolution
Workaround
Until the bug is fixed consider applying the following workaround:
-
Connect to the server via SSH
-
Back up the Postfix configuration file
/etc/postfix/master.cf
:# cp -a /etc/postfix/master.cf{,.backup}
-
Edit the Postfix configuration file
/etc/postfix/master.cf
, enable the chroot to the smtp, smtps and submission processes configuration:From:
smtp inet n - - - - smtpd
smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes
submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destinationTo:
smtp inet n - y - - smtpd
smtps inet n - y - - smtpd -o smtpd_tls_wrappermode=yes
submission inet n - y - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination -
Back up the Postfix SASL configuration file
/etc/postfix/sasl/smtpd.conf
:# cp -a /etc/postfix/sasl/smtpd.conf{,.backup}
-
(Optional – in general cases, proceed with step 6) Edit the Postfix SASL configuration file
/etc/postfix/sasl/smtpd.conf
, configure thesaslauthd_path
with the relative chrooted path:From:
pwcheck_method: auxprop saslauthd
auxprop_plugin: plesk
saslauthd_path: /var/spool/postfix/private/plesk_saslauthd
mech_list: CRAM-MD5 PLAIN LOGIN
sql_engine: intentionally disabled
log_level: 4To:
pwcheck_method: auxprop saslauthd
auxprop_plugin: plesk
saslauthd_path: /private/plesk_saslauthd
mech_list: CRAM-MD5 PLAIN LOGIN
sql_engine: intentionally disabled
log_level: 4 -
Restart Postfix to apply the changes:
# systemctl restart postfix