Re: load balanced emails servers pair
Another approach is to load balance with DNS. You setup a domain that resolves to the set of IP addresses of your mail servers. You might even imploy priority in the DNS records for weighted load sharing. You have the persistence of the session as a bonus. Not so efficient always but way more simple. Alex On February 10, 2017 1:07:45 AM GMT+02:00, Alexwrote: >One approach could be to setup a load balancer (lvs, haproxy) in front >of the servers to share the IMAP load. Make also the sessions >persistent to avoid issues with authentication. > >Alex > >On February 9, 2017 11:57:09 AM GMT+02:00, Patrick Chemla > wrote: >>Thanks all for your answers. >> >>I have at last setup the NAS, and mails are received there. >> >>So I will set the second server and second MTA, and both will receive >>emails. >> >>Next step is to give users access to both servers to retreive emails. >> >>As a load-balancer could help easily for http/https access, how to >deal >> >>with IMAP ports? How to load-balance IMAP ports? >> >>Thanks >>Patrick >> >>Le 29/01/2017 à 14:29, rightkicktech.gmail.com a écrit : >>> A shared storage with glusterfs seems a nice approach. >>> In this way, it doesn't matter which server receives the mail, as >>long >>> as the MDAs of each server write on the shared storage. >>> >>> Alex >>> >>> On January 25, 2017 6:08:59 PM EET, Patrick Domack >>> wrote: >>> >>> All options, assuming your imap/pop/lmtp are compatable and >>friendly using it. >>> >>> I know dovecot you should only access a mailstore from one host >>at a >>> time, don't just randomly balance things, or it can corrupt the >>index >>> files. >>> >>> Quoting Eero Volotinen : >>> >>> how about mounting ceph or glusterfs disk to message store? >>> eero 25.1.2017 5.18 ap. "Patrick Domack" >>> kirjoitti: >>> >>> This would not be a good thing to do, as deleted email >>> will magically reappear. Using unison to sync it worked >>> for me, over 10years ago. But these days, just use dsync >>> part of dovecot, and your life will be happy. Quoting >>> Patrick Chemla : Hi >>Wietse, >>> >>> Of course I thought about such NAS solution, but I >>> wanted to check if there is a way with 2 separate >>> disks, with a kind of that could be aware of emails >>> files changes. Actually, the mail server run onto a >>> VM, on a big server. I have another big server with >>> same emails VM, and I just rsync --delete --update >>> from the first one to the second. So I have a full >>> image copy every 5 minutes, but only one real MTA. I >>> will check the NAS option, if there is no other way. >>> Thanks Patrick Le 24/01/2017 à 13:45, Wietse Venema >a >>> écrit : >>> >>> Patrick Chemla: >>> >>> Hi, I have a running Fedora 24 emails server >>> using postfix 3.1.3, with courier. I wonder >>> how to build a pair of MTAs to secure emails >>> at all time, having 2 servers receiving the >>> emails, and users could connect to either >>> server to get emails, maybe on a load >>balanced >>> way. Problems are with synchronization when >>> receiving emails from outside, or emails >>read, >>> emails moved, >>> >>> You need a redundant message store. In pre-cloud >>> times, people would use a NAS filer with >>redundant >>> disks, store email as maildir files (one per >>> message) and MDAs would mount that store via >NFS. >>> Perhaps that model still works for you. Does >>> someone have a good guide, howto, doc to achieve >>> this? >>> >>> Thanks for help. Patrick >>> >>> >>> >>> >>> >>> -- >>> Sent from my Android device with K-9 Mail. Please excuse my brevity. > > >-- >Sent from my Android device with K-9 Mail. Please excuse my brevity. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: load balanced emails servers pair
One approach could be to setup a load balancer (lvs, haproxy) in front of the servers to share the IMAP load. Make also the sessions persistent to avoid issues with authentication. Alex On February 9, 2017 11:57:09 AM GMT+02:00, Patrick Chemlawrote: >Thanks all for your answers. > >I have at last setup the NAS, and mails are received there. > >So I will set the second server and second MTA, and both will receive >emails. > >Next step is to give users access to both servers to retreive emails. > >As a load-balancer could help easily for http/https access, how to deal > >with IMAP ports? How to load-balance IMAP ports? > >Thanks >Patrick > >Le 29/01/2017 à 14:29, rightkicktech.gmail.com a écrit : >> A shared storage with glusterfs seems a nice approach. >> In this way, it doesn't matter which server receives the mail, as >long >> as the MDAs of each server write on the shared storage. >> >> Alex >> >> On January 25, 2017 6:08:59 PM EET, Patrick Domack >> wrote: >> >> All options, assuming your imap/pop/lmtp are compatable and >friendly using it. >> >> I know dovecot you should only access a mailstore from one host >at a >> time, don't just randomly balance things, or it can corrupt the >index >> files. >> >> Quoting Eero Volotinen : >> >> how about mounting ceph or glusterfs disk to message store? >> eero 25.1.2017 5.18 ap. "Patrick Domack" >> kirjoitti: >> >> This would not be a good thing to do, as deleted email >> will magically reappear. Using unison to sync it worked >> for me, over 10years ago. But these days, just use dsync >> part of dovecot, and your life will be happy. Quoting >> Patrick Chemla : Hi >Wietse, >> >> Of course I thought about such NAS solution, but I >> wanted to check if there is a way with 2 separate >> disks, with a kind of that could be aware of emails >> files changes. Actually, the mail server run onto a >> VM, on a big server. I have another big server with >> same emails VM, and I just rsync --delete --update >> from the first one to the second. So I have a full >> image copy every 5 minutes, but only one real MTA. I >> will check the NAS option, if there is no other way. >> Thanks Patrick Le 24/01/2017 à 13:45, Wietse Venema a >> écrit : >> >> Patrick Chemla: >> >> Hi, I have a running Fedora 24 emails server >> using postfix 3.1.3, with courier. I wonder >> how to build a pair of MTAs to secure emails >> at all time, having 2 servers receiving the >> emails, and users could connect to either >> server to get emails, maybe on a load >balanced >> way. Problems are with synchronization when >> receiving emails from outside, or emails >read, >> emails moved, >> >> You need a redundant message store. In pre-cloud >> times, people would use a NAS filer with >redundant >> disks, store email as maildir files (one per >> message) and MDAs would mount that store via NFS. >> Perhaps that model still works for you. Does >> someone have a good guide, howto, doc to achieve >> this? >> >> Thanks for help. Patrick >> >> >> >> >> >> -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: BBC mapping
On 2/9/2017 11:47 AM, @lbutlr wrote: > >> On Feb 7, 2017, at 5:10 PM, Wietse Venemawrote: >> >> @lbutlr: >>> if !/backup.*@/ >>> /^([^+_]*).*@(.*)/ backup+${1}.${2}@domain.tld >>> endif >>> >>> […] >>> >>> However, I would like to exclude a specific domain from this backup = >>> including all mail TO and FROM the domain. >> >> if !/backup.*@/ >> if !/@example\.com$/ >> /^([^+_]*).*@(.*)/ backup+${1}.${2}@domain.tld >> endif >> endif > > And if a second domain wants the same exclusion? I can’t do multiple tests in > the map, right? I think you'll have to nest more if..endif statements for the negative matching to work. if !/backup.*@/ if !/@example\.com$/ if !/@example\.org$/ /^([^+_]*).*@(.*)/ backup+${1}.${2}@domain.tld endif endif endif -- Noel Jones
Re: BBC mapping
> On Feb 7, 2017, at 5:10 PM, Wietse Venemawrote: > > @lbutlr: >> if !/backup.*@/ >> /^([^+_]*).*@(.*)/ backup+${1}.${2}@domain.tld >> endif >> >> […] >> >> However, I would like to exclude a specific domain from this backup = >> including all mail TO and FROM the domain. > > if !/backup.*@/ > if !/@example\.com$/ > /^([^+_]*).*@(.*)/ backup+${1}.${2}@domain.tld > endif > endif And if a second domain wants the same exclusion? I can’t do multiple tests in the map, right? > However the first pattern doesn't seem robust to me. It excludes > something that has 'backup' in the middle of the localpart. That’s a feature! Or a kuludge, more likely. (If someone is already sending to a ‘backup’ account then the message isn’t backed up again). -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.
AW: The "from" header looks like paypal but it is coming from somewhere else.
Im Auftrag von P.V.Anthony > Since the email contains the following. > > From: =?utf-8?Q?service=40paypaI=2Ecom=2Esg?= >> > What do you all think about that? > > P.V.Anthony > Perhaps if /^From:.*paypal.*/ if !/\<.+@(.\.)?paypal\.(de|com)\>$/ #!/\<.+@(.\.)paypal\.(de|com)\>$/i /^/ REJECT Your Mailaccount was hacked endif endif Mit freundlichen Grüßen Uwe Drießen -- Software & Computer Netzwerke, Server. Wir vernetzen Sie und Ihre Rechner ! Uwe Drießen Lembergstraße 33 67824 Feilbingert Tel.: 06708660045
Re: SASL LOGIN authentication failed: no mechanism available
Hi Viktor, I switched to dovecot and the email went through fine this time! You rock! Thanks so much for the help! Viktor Dukhovni wrote: On Thu, Feb 09, 2017 at 04:05:25PM +, Viktor Dukhovni wrote: On Thu, Feb 09, 2017 at 12:45:44PM -0300, Nick wrote: I have just tried adding multiple symlinks, restarted postfix and saslauthd but the same error persists, Time to configure "debug_peer_list" to include the IP address of the client that is triggering the errors. More may become apparent from verbose logs. Be aware that the client may send base64-encoded plaintext passwords to the server. Excise any password-bearing base64 payload from any logs you post. Since the passwords end up in syslog output files, you may want to change any password used after you get this working. Also, you seem to be trying to use "rimap". If your IMAP server is dovecot, it is much simpler to use the dovecot SASL backend instead. Indeed you may in fact be configured to use Dovecot, since I don't see: smtpd_sasl_type = cyrus in your "postconf -n" output. That could explain why the Cyrus smtpd.conf is not used...
Re: SASL LOGIN authentication failed: no mechanism available
On Thu, Feb 09, 2017 at 04:05:25PM +, Viktor Dukhovni wrote: > On Thu, Feb 09, 2017 at 12:45:44PM -0300, Nick wrote: > > > I have just tried adding multiple symlinks, restarted postfix and saslauthd > > but the same error persists, > > Time to configure "debug_peer_list" to include the IP address of > the client that is triggering the errors. More may become apparent > from verbose logs. Be aware that the client may send base64-encoded > plaintext passwords to the server. Excise any password-bearing > base64 payload from any logs you post. Since the passwords end up > in syslog output files, you may want to change any password used > after you get this working. Also, you seem to be trying to use "rimap". If your IMAP server is dovecot, it is much simpler to use the dovecot SASL backend instead. Indeed you may in fact be configured to use Dovecot, since I don't see: smtpd_sasl_type = cyrus in your "postconf -n" output. That could explain why the Cyrus smtpd.conf is not used... -- Viktor.
Re: SASL LOGIN authentication failed: no mechanism available
On Thu, Feb 09, 2017 at 12:45:44PM -0300, Nick wrote: > I have just tried adding multiple symlinks, restarted postfix and saslauthd > but the same error persists, Time to configure "debug_peer_list" to include the IP address of the client that is triggering the errors. More may become apparent from verbose logs. Be aware that the client may send base64-encoded plaintext passwords to the server. Excise any password-bearing base64 payload from any logs you post. Since the passwords end up in syslog output files, you may want to change any password used after you get this working. -- Viktor.
Re: SASL LOGIN authentication failed: no mechanism available
Hi Viktor, Thanks for the help! Postfix is from Ubuntu apt official repo, version is 2.11. # postconf -d | grep mail_version mail_version = 2.11.0 I have just tried adding multiple symlinks, restarted postfix and saslauthd but the same error persists, # ls -lah /usr/lib/sasl2/smtpd.conf lrwxrwxrwx 1 root root 28 Feb 9 10:35 /usr/lib/sasl2/smtpd.conf -> /etc/postfix/sasl/smtpd.conf # ls -lah /etc/sasl2/smtpd.conf lrwxrwxrwx 1 root root 28 Feb 9 10:40 /etc/sasl2/smtpd.conf -> /etc/postfix/sasl/smtpd.conf # ls -lah /var/lib/sasl2/smtpd.conf lrwxrwxrwx 1 root root 28 Feb 9 10:41 /var/lib/sasl2/smtpd.conf -> /etc/postfix/sasl/smtpd.conf Im running chroot'ed postfix: root@server:~# grep smtp /etc/postfix/master.cf smtp inet n - - - - smtpd #smtp inet n - - - 1 postscreen #smtpd pass - - - - - smtpd #submission inet n - - - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject #smtps inet n - - - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject smtp unix - - - - - smtp relay unix - - - - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient saslauthd option is configured with the chroot'ed path. root@server:~# cat /etc/default/saslauthd START=yes NAME=saslauthd MECHANISMS="rimap" #imap server address MECH_OPTIONS="localhost" OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r" # ls -lah /var/spool/postfix/var/run/saslauthd total 976K drwx--x--- 2 root sasl 4.0K Feb 9 10:41 . drwxr-xr-x 3 root root 4.0K Feb 8 23:46 .. -rw--- 1 root root0 Feb 9 10:41 cache.flock -rw--- 1 root root 963K Feb 9 10:41 cache.mmap srwxrwxrwx 1 root root0 Feb 9 10:41 mux -rw--- 1 root root0 Feb 9 10:41 mux.accept -rw--- 1 root root6 Feb 9 10:41 saslauthd.pid Not sure if Im missing anything. Thank you so much guys! Viktor Dukhovni wrote: On Thu, Feb 09, 2017 at 12:05:08PM -0300, Nick wrote: Hi Chris, Thank you for the prompt reply, package its already installed. What Postfix version? Is Postfix from the Debian package, or your own build? Upthread you mention /etc/postfix/sasl/smtpd.conf, that would not be used if your Postfix is not modified (e.g. by the Debian release maintainers) to do that (or perhaps a symlink is expected from the default location to /etc/postfix/sasl/): SASL_README: * Cyrus SASL version 2.x searches for the configuration file in /usr/lib/ sasl2/. * Cyrus SASL version 2.1.22 and newer additionally search in /etc/sasl2/. * Some Postfix distributions are modified and look for the Cyrus SASL configuration file in /etc/postfix/sasl/, /var/lib/sasl2/ etc. See the distribution-specific documentation to determine the expected location. Note Cyrus SASL searches /usr/lib/sasl2/ first. If it finds the specified configuration file there, it will not examine other locations. And of course you need to make sure that any chroot settings in master.cf are compatible with the saslauthd mux socket location.
Re: SASL LOGIN authentication failed: no mechanism available
Hi chaouche, I appreciate the quick help, I provided the config files on my very first email, below is the smtpd.conf file, let me know if you want me to paste all the config files again, # cat /etc/postfix/sasl/smtpd.conf pwcheck_method: saslauthd mech_list: plain login auxprop_plugin: rimap log_level: 7 Kind Regards, SB-Nick. Certified System and Network Administrator. http://www.serverbuddies.com Technical Support Manager n...@serverbuddies.com Providing Dedicated Server Solutions Just a Click AWAY! --- chaouche yacine wrote: Hi Nick, I'm curious to know what's inside your /etc/postfix/sasl/smtpd.conf file ?
Re: SASL LOGIN authentication failed: no mechanism available
On Thu, Feb 09, 2017 at 12:05:08PM -0300, Nick wrote: > Hi Chris, > > Thank you for the prompt reply, package its already installed. What Postfix version? Is Postfix from the Debian package, or your own build? Upthread you mention /etc/postfix/sasl/smtpd.conf, that would not be used if your Postfix is not modified (e.g. by the Debian release maintainers) to do that (or perhaps a symlink is expected from the default location to /etc/postfix/sasl/): SASL_README: * Cyrus SASL version 2.x searches for the configuration file in /usr/lib/ sasl2/. * Cyrus SASL version 2.1.22 and newer additionally search in /etc/sasl2/. * Some Postfix distributions are modified and look for the Cyrus SASL configuration file in /etc/postfix/sasl/, /var/lib/sasl2/ etc. See the distribution-specific documentation to determine the expected location. Note Cyrus SASL searches /usr/lib/sasl2/ first. If it finds the specified configuration file there, it will not examine other locations. And of course you need to make sure that any chroot settings in master.cf are compatible with the saslauthd mux socket location. -- Viktor.
Re: SASL LOGIN authentication failed: no mechanism available
Hi Nick, I'm curious to know what's inside your /etc/postfix/sasl/smtpd.conf file ?
Re: SASL LOGIN authentication failed: no mechanism available
Hi Chris, Thank you for the prompt reply, package its already installed. root@server:~# dpkg --get-selections | grep -i sasl2 libsasl2-2:amd64install libsasl2-modules:amd64install libsasl2-modules-db:amd64install sasl2-bininstall root@server:~# apt-get install libsasl2-modules Reading package lists... Done Building dependency tree Reading state information... Done libsasl2-modules is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 225 not upgraded. root@server:~# Any guidance will be appreciated! Christian Kivalo wrote: On 2017-02-09 09:09, Nick - ServerBuddies Support wrote: Hello guys, For some reason Im unable to send any email from this postfix server, Im getting the following error: Feb 9 03:00:35 buf postfix/smtpd[6424]: warning: SASL PLAIN authentication failed: no mechanism available For debian install the package libsasl2-modules
Re: The "from" header looks like paypal but it is coming from somewhere else. [signed]
It is a DKIM issue. Google "strict DKIM alignment" This is something usually defined in DMARC, but you could have a local definition that forces strict DKIM alignment for sensitive domains, like "all domains containing *paypal* or *bank*". Dominic Raferdskrev: (9 februari 2017 12:11:11 CET) >On 9 Feb 2017 12:53, wrote: > >That is the mailchimp server. (Technically rocketsciencegroup.com) So >has >the email originator figured out some sort of unintended use of >mailchimp? > > > >*From: *Sebastian Nielsen >*Sent: *Thursday, February 9, 2017 2:24 AM >*To: *postfix-users@postfix.org >*Subject: *Re: The "from" header looks like paypal but it is coming >from >somewhere else. [signed] > >The problem here is that DKIM isn't aligned to paypal.com >Enforce strict DKIM alignment on sensitive domains like paypal > >I don't think this is a DKIM issue. A bespoke regex as check_header >should >be able to trap this specific faking attempt - if it relates as I think >to >the internal From header not the envelope sender (client). > >More generally, are there legitimate cases where a sender shows a >different >but apparently valid email address as the (whole) to text of the From >compared with the actual address which follows it? If not, can a pcre >regex >match such situations or is something more sophisticated needed? smime.p7s Description: S/MIME Cryptographic Signature
Re: The "from" header looks like paypal but it is coming from somewhere else. [signed]
On 9 Feb 2017 12:53,wrote: That is the mailchimp server. (Technically rocketsciencegroup.com) So has the email originator figured out some sort of unintended use of mailchimp? *From: *Sebastian Nielsen *Sent: *Thursday, February 9, 2017 2:24 AM *To: *postfix-users@postfix.org *Subject: *Re: The "from" header looks like paypal but it is coming from somewhere else. [signed] The problem here is that DKIM isn't aligned to paypal.com Enforce strict DKIM alignment on sensitive domains like paypal I don't think this is a DKIM issue. A bespoke regex as check_header should be able to trap this specific faking attempt - if it relates as I think to the internal From header not the envelope sender (client). More generally, are there legitimate cases where a sender shows a different but apparently valid email address as the (whole) to text of the From compared with the actual address which follows it? If not, can a pcre regex match such situations or is something more sophisticated needed?
Re: The "from" header looks like paypal but it is coming from somewhere else. [signed]
That is the mailchimp server. (Technically rocketsciencegroup.com) So has the email originator figured out some sort of unintended use of mailchimp? From: Sebastian NielsenSent: Thursday, February 9, 2017 2:24 AMTo: postfix-users@postfix.orgSubject: Re: The "from" header looks like paypal but it is coming from somewhere else. [signed]The problem here is that DKIM isn't aligned to paypal.com Enforce strict DKIM alignment on sensitive domains like paypal
Re: The "from" header looks like paypal but it is coming from somewhere else. [signed]
The problem here is that DKIM isn't aligned to paypal.com Enforce strict DKIM alignment on sensitive domains like paypal smime.p7s Description: S/MIME Cryptographic Signature
Re: load balanced emails servers pair
Thanks all for your answers. I have at last setup the NAS, and mails are received there. So I will set the second server and second MTA, and both will receive emails. Next step is to give users access to both servers to retreive emails. As a load-balancer could help easily for http/https access, how to deal with IMAP ports? How to load-balance IMAP ports? Thanks Patrick Le 29/01/2017 à 14:29, rightkicktech.gmail.com a écrit : A shared storage with glusterfs seems a nice approach. In this way, it doesn't matter which server receives the mail, as long as the MDAs of each server write on the shared storage. Alex On January 25, 2017 6:08:59 PM EET, Patrick Domackwrote: All options, assuming your imap/pop/lmtp are compatable and friendly using it. I know dovecot you should only access a mailstore from one host at a time, don't just randomly balance things, or it can corrupt the index files. Quoting Eero Volotinen : how about mounting ceph or glusterfs disk to message store? eero 25.1.2017 5.18 ap. "Patrick Domack" kirjoitti: This would not be a good thing to do, as deleted email will magically reappear. Using unison to sync it worked for me, over 10years ago. But these days, just use dsync part of dovecot, and your life will be happy. Quoting Patrick Chemla : Hi Wietse, Of course I thought about such NAS solution, but I wanted to check if there is a way with 2 separate disks, with a kind of that could be aware of emails files changes. Actually, the mail server run onto a VM, on a big server. I have another big server with same emails VM, and I just rsync --delete --update from the first one to the second. So I have a full image copy every 5 minutes, but only one real MTA. I will check the NAS option, if there is no other way. Thanks Patrick Le 24/01/2017 à 13:45, Wietse Venema a écrit : Patrick Chemla: Hi, I have a running Fedora 24 emails server using postfix 3.1.3, with courier. I wonder how to build a pair of MTAs to secure emails at all time, having 2 servers receiving the emails, and users could connect to either server to get emails, maybe on a load balanced way. Problems are with synchronization when receiving emails from outside, or emails read, emails moved, You need a redundant message store. In pre-cloud times, people would use a NAS filer with redundant disks, store email as maildir files (one per message) and MDAs would mount that store via NFS. Perhaps that model still works for you. Does someone have a good guide, howto, doc to achieve this? Thanks for help. Patrick -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: SASL LOGIN authentication failed: no mechanism available
On 2017-02-09 09:09, Nick - ServerBuddies Support wrote: Hello guys, For some reason Im unable to send any email from this postfix server, Im getting the following error: Feb 9 03:00:35 buf postfix/smtpd[6424]: warning: SASL PLAIN authentication failed: no mechanism available For debian install the package libsasl2-modules -- Christian Kivalo
SASL LOGIN authentication failed: no mechanism available
Hello guys, For some reason Im unable to send any email from this postfix server, Im getting the following error: Feb 9 03:00:35 buf postfix/smtpd[6424]: warning: SASL PLAIN authentication failed: no mechanism available No more errors than the one below appears on logs. Im using rimap for checking valid mailbox accounts, receiving email through POP3/IMAP works just fine. Im able to get a Success when testing the mailbox with testsaslauth: # testsaslauthd -u t...@domain.tld -p passwd -f /var/spool/postfix/var/run/saslauthd/mux 0: OK "Success. Adding typos on file /etc/postfix/sasl/smtpd.conf doesnt return any error from postfix so Im wondering if its really loading it. Additionally, have tried to run saslauthd in debug/verbose mode when sending an email from my email client but I dont see any connection attempt or error in there, just the "no mechanism available" error on the postfix log. Below is my postconf, master.cf and saslauthd config, please let me know if you need further details to help me find the cause of the problem, any help is highly appreciated! root@server:~# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix inet_interfaces = all inet_protocols = all mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 mydestination = localhost.localdomain, localhost mynetworks = 138.128.20.50/32 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_recipient_restrictions = permit_mynetworks reject_invalid_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unknown_sender_domain reject_unauth_pipelining permit_sasl_authenticated reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf # cat /etc/postfix/sasl/smtpd.conf pwcheck_method: saslauthd mech_list: plain login auxprop_plugin: rimap log_level: 7 # cat /etc/default/saslauthd START=yes NAME=saslauthd MECHANISMS="rimap" #imap server address MECH_OPTIONS="localhost" OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r" root@server:~# cat /etc/postfix/master.cf # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp inet n - - - - smtpd #smtp inet n - - - 1 postscreen #smtpd pass - - - - - smtpd #dnsblog unix - - - - 0 dnsblog #tlsproxy unix - - - - 0 tlsproxy #submission inet n - - - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #smtps inet n - - - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd pickupunix n - - 60 1 pickup cleanup unix n - - -