Connect to private/dovecot-auth failed

from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
Revision as of 18:44, 8 June 2011 by Woozle (talk | contribs) (post-move tweaks, updates, SMW markup)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

About

Connect to private/dovecot-auth failed is an error message which appears in /var/log/mail.log. It is generated by Postfix, but is actually caused by the failure of a Dovecot component which is supposed to provide a pipe for Postfix to talk to. The pipe is usually located at /var/spool/postfix/private/dovecot-auth.

A more complete and generalized version of this message is:

servername nss-mysql[number]: warning: SASL: Connect to pipe failed: No such file or directory

Where:

  • servername is the network name of the machine generating the error
  • number is an integer, significance unknown (it seems to be a standard thing in mail.log files)
  • pipe is the filespec of a pipe for communication between Postfix and Dovecot, typically "private/dovecot-auth"
    • (is "pipe" correct, or do I mean "socket"? not sure.)

In one particular scenario, it is preceded by an SMTP connection attempt from a remote server, and followed by a fatal: no SASL authentication mechanisms error message.

Example

From /var/log/mail.info:

Jun  8 07:43:05 rizzo nss-mysql[14459]: connect from monitor.therealms.net[64.62.231.70]
Jun  8 07:43:06 rizzo nss-mysql[14459]: warning: Connect to private/dovecot-auth failed: No such file or directory
Jun  8 07:43:06 rizzo nss-mysql[14459]: fatal: no SASL authentication mechanisms
Jun  8 07:43:07 rizzo postfix/master[1906]: warning: process /usr/lib/postfix/smtpd pid 14459 exit status 1
Jun  8 07:43:07 rizzo postfix/master[1906]: warning: /usr/lib/postfix/smtpd: bad command startup --  throttling

fixes

One fix involved the following:

  • ls /var/spool/postfix/private
  • look for pipe with "auth" in the name
  • modify Dovecot's dovecot.conf file so that the auth default section includes at least the "client" section shown here, but with the "path" parameter pointing at your actual auth pipe.

If that doesn't work, go to the Postfix and Dovecot web sites and read up on SASL, especially this section.

Notes

  • This gives more information about configuring Postfix for secure SMTP authentication in Group-Office
  • Make sure the file referred to by postfix's main.cf is the same file referred to by dovecot's dovecot.conf. They had been the same, but when I checked them just now, one had apparently been updated from "auth-dovecot" to just "auth" and this was causing error messages in the log and some emails were being silently rejected. --Woozle 17:12, 11 February 2011 (EST)