Bug 52007 – postfix smtpd / submission cannot connect to saslauthd

Bug 52007 - postfix smtpd / submission cannot connect to saslauthd


Summary:	postfix smtpd / submission cannot connect to saslauthd

Status:	NEEDMOREINFO

Product:	UCS
Classification:	Unclassified
Component:	Mail
Version:	UCS 4.4
Hardware:	Other All

Importance:	P5 critical (vote)
Target Milestone:	---
Assigned To:	Mail maintainers
QA Contact:	Mail maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2020-09-14 11:18 CEST by Christian Zengel
Modified:	2020-11-12 16:54 CET (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Workaround is available
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christian Zengel 2020-09-14 11:18:51 CEST

Problem

```
Sep 14 09:48:47 ucs postfix/smtpd[17384]: warning: SASL authentication failure: cannot connect to saslauthd server: Connection refused
```

```
systemctl restart saslauthd.service
```

Das Problem tritt bei fast allen Kunden mit SMTP Clients auf Port 587 auf.
Selbst bei uns mit der Faktura Software, die meldet mir sogar dass Mail raus wäre
Dauerhafte Lösung wäre gut!

Liebe Grüsse
c

Comment 1 Ingo Steuwer

2020-09-16 08:43:40 CEST

Are there any problems on the client side or is this only a temporary reconnect due to a session timeout?

Comment 2 Daniel Tröder

2020-09-16 08:55:35 CEST

When restarting the saslauthd service, was it running?
→ systemctl status saslauthd.service

What's in the socket/status dir of saslsauthd?
→ ls -la /var/run/saslauthd/

What's in the log files?
→ grep -i sasl /var/log/auth.log /var/log/syslog

Comment 3 Christian Zengel 2020-09-16 11:37:22 CEST

we will provide the information on next crash
should not take too long

Comment 4 Christian Zengel 2020-09-18 15:07:09 CEST

the problem seems to be after the univention-upgrade task by policy

Comment 5 Christian Zengel 2020-09-23 10:09:10 CEST

Hier ist der Zustand nach dem letzten Ausfall heute, kein update

root@ucs:~# systemctl status saslauthd.service
● saslauthd.service - LSB: saslauthd startup script
   Loaded: loaded (/etc/init.d/saslauthd; generated; vendor preset: enabled)
   Active: active (exited) since Fri 2020-09-18 14:15:19 CEST; 4 days ago
     Docs: man:systemd-sysv-generator(8)
  Process: 2408 ExecStop=/etc/init.d/saslauthd stop (code=exited, status=0/SUCCESS)
  Process: 2432 ExecStart=/etc/init.d/saslauthd start (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4915)
   Memory: 0B
      CPU: 0
   CGroup: /system.slice/saslauthd.service

Sep 19 07:36:55 ucs saslauthd[2460]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Sep 19 07:36:55 ucs PAM-univentionmailcyrus[2460]: No or ambigous result, found 0 entries.
Sep 19 07:36:55 ucs PAM-univentionmailcyrus[2460]: failed to map username
Sep 19 07:36:55 ucs saslauthd[2460]: pam_krb5(smtp:auth): authentication failure; logname=chairman@zengel.com uid=0 euid=0 tty= ruser= rhost=
Sep 19 07:36:57 ucs saslauthd[2460]: DEBUG: auth_pam: pam_authenticate failed: Authentication service cannot retrieve authentication info
Sep 19 07:36:57 ucs saslauthd[2460]:                 : auth failure: [user=chairman@zengel.com] [service=smtp] [realm=zengel.com] [mech=pam] [reason=PA
Sep 19 07:36:58 ucs saslauthd[2460]: pam_unix(smtp:auth): check pass; user unknown
Sep 19 07:36:58 ucs saslauthd[2460]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Sep 19 07:36:58 ucs PAM-univentionmailcyrus[2460]: No or ambigous result, found 0 entries.
Sep 19 07:36:58 ucs PAM-univentionmailcyrus[2460]: failed to map username
...skipping...
● saslauthd.service - LSB: saslauthd startup script
   Loaded: loaded (/etc/init.d/saslauthd; generated; vendor preset: enabled)
   Active: active (exited) since Fri 2020-09-18 14:15:19 CEST; 4 days ago
     Docs: man:systemd-sysv-generator(8)
  Process: 2408 ExecStop=/etc/init.d/saslauthd stop (code=exited, status=0/SUCCESS)
  Process: 2432 ExecStart=/etc/init.d/saslauthd start (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4915)
   Memory: 0B
      CPU: 0
   CGroup: /system.slice/saslauthd.service

Sep 19 07:36:55 ucs saslauthd[2460]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Sep 19 07:36:55 ucs PAM-univentionmailcyrus[2460]: No or ambigous result, found 0 entries.
Sep 19 07:36:55 ucs PAM-univentionmailcyrus[2460]: failed to map username
Sep 19 07:36:55 ucs saslauthd[2460]: pam_krb5(smtp:auth): authentication failure; logname=chairman@zengel.com uid=0 euid=0 tty= ruser= rhost=
Sep 19 07:36:57 ucs saslauthd[2460]: DEBUG: auth_pam: pam_authenticate failed: Authentication service cannot retrieve authentication info
Sep 19 07:36:57 ucs saslauthd[2460]:                 : auth failure: [user=chairman@zengel.com] [service=smtp] [realm=zengel.com] [mech=pam] [reason=PA
Sep 19 07:36:58 ucs saslauthd[2460]: pam_unix(smtp:auth): check pass; user unknown
Sep 19 07:36:58 ucs saslauthd[2460]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Sep 19 07:36:58 ucs PAM-univentionmailcyrus[2460]: No or ambigous result, found 0 entries.
Sep 19 07:36:58 ucs PAM-univentionmailcyrus[2460]: failed to map username

Comment 6 Christian Zengel 2020-11-12 16:54:07 CET

still have the problem 2-3 times at about 5 customers

log output contains to much user names

where shall i look for source problem?