Knowledge Base

Unable to send or receive emails in Postfix after updating to Plesk Obsidian 18.0.34 in Debian 9 OS: SASL authentication failure: no secret in database

 
0postfixupdatestechnical questionsssh

Symptoms

  • Unable to send or receive emails in Postfix after updating to Plesk Obsidian 18.0.34 in Debian 9 OS, in some cases the Postfix service might be down

  • The attempt to connect with the mail client registers the following errors in the log file /var/log/maillog:

    postfix/smtpd[5810]: warning: SASL authentication failure: no secret in database
    postfix/smtpd[5810]: warning: example.com[0.0.0.0]: SASL DIGEST-MD5 authentication failed: authentication failure
    postfix/smtpd[4288]: Unable to open database(readonly) /plesk/passwd.db: unable to open database file
    postfix/smtpd[4288]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

Cause

Product issue:

  • #PPPM-12885 "The default chroot settings are no longer changed after updating Plesk to the latest version."

    Fixed in:

Resolution

Please consider updating your server:

Workaround

Until the bug is fixed consider applying the following workaround:

  1. Connect to the server via SSH

  2. Back up the Postfix configuration file /etc/postfix/master.cf:

    # cp -a /etc/postfix/master.cf{,.backup}

  3. Edit the Postfix configuration file /etc/postfix/master.cf, enable the chroot to the smtp, smtps and submission processes configuration:

    From:

    smtp inet n - - - - smtpd
    smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes
    submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

    To:

    smtp inet n - y - - smtpd
    smtps inet n - y - - smtpd -o smtpd_tls_wrappermode=yes
    submission inet n - y - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

  4. Back up the Postfix SASL configuration file /etc/postfix/sasl/smtpd.conf:

    # cp -a /etc/postfix/sasl/smtpd.conf{,.backup}

  5. (Optional – in general cases, proceed with step 6) Edit the Postfix SASL configuration file /etc/postfix/sasl/smtpd.conf, configure the saslauthd_path with the relative chrooted path:

    From:

    pwcheck_method: auxprop saslauthd
    auxprop_plugin: plesk 
    saslauthd_path: /var/spool/postfix/private/plesk_saslauthd
    mech_list: CRAM-MD5 PLAIN LOGIN 
    sql_engine: intentionally disabled 
    log_level: 4

    To:

    pwcheck_method: auxprop saslauthd
    auxprop_plugin: plesk 
    saslauthd_path: /private/plesk_saslauthd
    mech_list: CRAM-MD5 PLAIN LOGIN 
    sql_engine: intentionally disabled 
    log_level: 4

  6. Restart Postfix to apply the changes:

    # systemctl restart postfix

Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2022 Plesk International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of Plesk International GmbH.

Managed with 💙  with Plesk WP Toolkit
Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt