How to get saslauthd to work in postfix chroot environment

This article is about getting saslauthd working in a chroot’d postfix, but I’ll explain how I got here to start with.

I was working on a Gentoo box that has been a slight nightmare for me (actually, complete nightmare). It was built outside of Gentoo portage (basically image’d from another Gentoo box). Because of this, world is all broken and the server basically doesn’t know what it has installed, so updates are a bear, and I was lucky enough to inherit this machine.

The real problem was the original admin liked qmail… so if any of you are qmail fans.. stop reading now.

Me being a noob of qmail systems, and was not part of the initial configuration I felt it was a steep climb to a spot where I could see what is going on and more importantly what is going wrong. What I do know, is that’s it’s hard to understand what is going wrong with it. Sure the service is secure, but the logging is crap (which I’m sure is a misconfiguration on debug level or something on my part, so I’ll definitely take some blame, since I’m sure someone will email me on this).

This article is about getting saslauthd working in a chroot’d postfix, but I’ll explain how I got here to start with.

The real problem was the original admin liked qmail… so if any of you are qmail fans.. stop reading now.

Basically, I was trying to upgrade the mail-mta/qmail package to the new mail-mta/netqmail. This server was running qmail with one domain and ten local accounts, so not a virtual system, etc. Also, no spam or virus filtering. You’d think this should be a snap. Long story short, I broke everything by going up, and I couldn’t go back. I even tried to replace binaries from backups, but I’m sure I was missing configs or something, no matter what, qmail was not working.

After several panic posts and the expected no responses (since I believe qmail use is pretty small compared to postfix), I decided to ditch the whole thing and install postfix.

It’s been so long since creating postfix with local users, so I had to dig through some old configs. I usually build virtual postfix set ups now.

After chroot’ing postfix, I ran across some problems with SASL. Here is another stab at qmail (logs clearly tell me what’s wrong.. radical concept), so I was able to Google on this:

warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

Doing some digging I found out that saslauthd socket is needed in the postfix jail

postfix jail mkdir /var/spool/postfix/var/run/saslauthd/

Next, I needed to tell saslauthd to create pid and socket in the new directory.

/etc/conf.d/saslauthd SASLAUTHD_OPTS="-m /var/spool/postfix/var/run/saslauthd"

After restarting, I still got the error, and after finding a forum post via Google, I added the following to smtpd.conf

/etc/sasl/smtpd.conf saslauthd_path: /var/run/saslauthd/mux

Restarting and everything was working great until I restarted again. Saslauthd process was still hung and couldn’t restart. I figured it has to be related to the stop() in init since it starts fine. Sure enough, path is hard coded in the stop() call

/etc/init.d/saslauthd stop() { ebegin "Stopping saslauthd" #start-stop-daemon --stop --quiet --pidfile /var/lib/sasl2/saslauthd.pid start-stop-daemon --stop --quiet --pidfile /var/spool/postfix/var/run/saslauthd/saslauthd.pid eend $? }

Hope this helps someone running into the same problem. As far as the qmail debacle, I hope to have a chance to work with it again, from the ground up, and truly get to know it. The problem was when it was down, it was panic mode to get it up, and I was extremely frustrated, and that could have happened with any unfamiliar service.

Thanks!