Knowledge Base

Unable to send or receive emails in Postfix after updating to Plesk Obsidian 18.0.34 in Debian 9 OS: SASL authentication failure: no secret in database

Symptoms

Unable to send or receive emails in Postfix after updating to Plesk Obsidian 18.0.34 in Debian 9 OS, in some cases the Postfix service might be down

The attempt to connect with the mail client registers the following errors in the log file /var/log/maillog:

postfix/smtpd[5810]: warning: SASL authentication failure: no secret in database
postfix/smtpd[5810]: warning: example.com[0.0.0.0]: SASL DIGEST-MD5 authentication failed: authentication failure

postfix/smtpd[4288]: Unable to open database(readonly) /plesk/passwd.db: unable to open database file
postfix/smtpd[4288]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

Cause

Product issue:

#PPPM-12885 "The default chroot settings are no longer changed after updating Plesk to the latest version."

Fixed in:
- Plesk Obsidian 20 July 2021 (Linux)

Resolution

Please consider updating your server:

How to install Plesk updates

Workaround

Until the bug is fixed consider applying the following workaround:

Connect to the server via SSH
Back up the Postfix configuration file /etc/postfix/master.cf:

# cp -a /etc/postfix/master.cf{,.backup}

Edit the Postfix configuration file /etc/postfix/master.cf, enable the chroot to the smtp, smtps and submission processes configuration:

From:

smtp inet n - - - - smtpd
smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes
submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

To:

smtp inet n - y - - smtpd
smtps inet n - y - - smtpd -o smtpd_tls_wrappermode=yes
submission inet n - y - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

Back up the Postfix SASL configuration file /etc/postfix/sasl/smtpd.conf:

# cp -a /etc/postfix/sasl/smtpd.conf{,.backup}

(Optional – in general cases, proceed with step 6) Edit the Postfix SASL configuration file /etc/postfix/sasl/smtpd.conf, configure the saslauthd_path with the relative chrooted path:

From:

pwcheck_method: auxprop saslauthd
auxprop_plugin: plesk 
saslauthd_path: /var/spool/postfix/private/plesk_saslauthd
mech_list: CRAM-MD5 PLAIN LOGIN 
sql_engine: intentionally disabled 
log_level: 4

To:

pwcheck_method: auxprop saslauthd
auxprop_plugin: plesk 
saslauthd_path: /private/plesk_saslauthd
mech_list: CRAM-MD5 PLAIN LOGIN 
sql_engine: intentionally disabled 
log_level: 4