Dovecot doesn't create /var/spool/postfix/private/auth

Question

I'm moving an Ubuntu 14.04 postfix mail installation from one machine to another. The current setup works fine pretty much with Ubuntu's default postfix and dovecot setup so that users can use SMTP auth, etc.

So I copied the relevant configuration files over to the new machine (which is also running Ubuntu 14.04) and started up postfix there after making the necessary DNS changes.

But I get this in the mail log of the new machine:

Oct 28 14:18:50 lorina postfix/smtpd[13445]: warning: SASL: Connect to private/auth failed: No such file or directory

Oct 28 14:18:50 lorina postfix/smtpd[13445]: fatal: no SASL authentication mechanisms

Oct 28 14:18:51 lorina postfix/master[13440]: warning: process /usr/lib/postfix/smtpd pid 13445 exit status 1

Oct 28 14:18:51 lorina postfix/master[13440]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

Postfix is set to use the following:

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

and in the dovecot config I have:

  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
  }

However, I see that /var/spool/postfix/private/auth doesn't exist on the new machine.

I've tried rebooting the machine in case any services weren't working properly. When does this file get made? How can I crate it?

Answer 1

To answer your questions:

• The socket gets made by running dovecot. It is dovecot that offers a service to postfix, so dovecot should create it. It should get made as soon as dovecot starts. If there is no socket after you restart dovecot, check the dovecot logs, not postfix.
• How you can create it? You shouldn't create it manually for sure.

I think your setup is missing a few settings (Postfix and Dovecot) and relying on default settings. That might have changed from one machine to the other.

Dovecot

I would say that the biggest problem is that you're not telling dovecot who should own the socket. It is typically assigned to the postfix user and group, like so:

# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}

Check the ownership of the parent directory of the socket ('private') What user and group is it assigned to? You'll need dovecot to use the same user if it is to be able to write in the directory.

Postfix

The smtpd_sasl_path setting is relative to the queue_directory setting. By default queue_directory should be /var/spool/postfix but it doesn't hurt to make it explicit.

queue_directory = /var/spool/postfix

From the logs it would appear that you have enabled sasl in postfix though your configuration doesn't say so. But on what agent? If you set smtpd_sasl_auth_enable=yes in main.cf it applies to the all agents including smtpd on port 25. I believe it is considered better practice to use it only on the submission agent in master.cf (which runs on port 587). If you edit an existing master.cf just uncomment the submission line and any options lines below that you need.

submission inet n        -       -       -       -       smtpd
-o syslog_name=postfix/submission
-o smtpd_sasl_auth_enable=yes

Answer 2

It looks like the error being reported was misleading. In fact, there was a path to an SSL certificate in the config file(s) that dovecot wasn't finding. So it wasn't starting properly and therefore not creating the socket in /var/spool/postfix/private/auth.