# Mail server, auxprop error

## audiodef

My mail server setup, that has been working for many months now, has suddenly gone on vacation. 

tail -f /var/log/messages using web mail:

```

Jul  5 14:59:16 audiodef postfix/smtpd[3663]: SQL engine 'sql' not supported

Jul  5 14:59:16 audiodef postfix/smtpd[3663]: auxpropfunc error no mechanism available

Jul  5 14:59:16 audiodef postfix/smtpd[3663]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql

Jul  5 14:59:25 audiodef roundcube: IMAP Error: Login failed for (user)@(domain) from (ip_address). AUTHENTICATE PLAIN: no mechanism available in /var/www/mail/htdocs/program/lib/Roundcube/rcube_imap.php on line 184 (POST /?_task=login&_action=login)

```

Same tail from Thunderbird:

```

Jul  5 15:03:18 audiodef imap[3844]: accepted connection

Jul  5 15:03:18 audiodef master[4026]: about to exec /usr/lib64/cyrus/imapd

Jul  5 15:03:18 audiodef imap[4026]: executed

Jul  5 15:03:18 audiodef imap[4026]: SQL engine 'mysql' not supported

Jul  5 15:03:18 audiodef imap[4026]: auxpropfunc error no mechanism available

Jul  5 15:03:18 audiodef imap[4026]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql

Jul  5 15:03:18 audiodef master[4029]: about to exec /usr/lib64/cyrus/imapd

Jul  5 15:03:18 audiodef imap[4029]: executed

Jul  5 15:03:18 audiodef imap[4027]: imapd:Loading hard-coded DH parameters

Jul  5 15:03:18 audiodef imap[4027]: TLS server engine: No CA file specified. Client side certs may not work

Jul  5 15:03:18 audiodef imap[4028]: imapd:Loading hard-coded DH parameters

Jul  5 15:03:18 audiodef imap[4028]: TLS server engine: No CA file specified. Client side certs may not work

Jul  5 15:03:18 audiodef imap[4026]: imapd:Loading hard-coded DH parameters

Jul  5 15:03:18 audiodef imap[4026]: TLS server engine: No CA file specified. Client side certs may not work

Jul  5 15:03:18 audiodef imap[3844]: imapd:Loading hard-coded DH parameters

Jul  5 15:03:18 audiodef imap[3844]: TLS server engine: No CA file specified. Client side certs may not work

Jul  5 15:03:18 audiodef imap[4027]: SSL_accept() incomplete -> wait

Jul  5 15:03:18 audiodef imap[4028]: SSL_accept() incomplete -> wait

Jul  5 15:03:18 audiodef imap[4026]: SSL_accept() incomplete -> wait

Jul  5 15:03:18 audiodef imap[3844]: SSL_accept() incomplete -> wait

Jul  5 15:03:19 audiodef imap[4027]: SSL_accept() succeeded -> done

Jul  5 15:03:19 audiodef imap[4027]: starttls: TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits new) no authentication

Jul  5 15:03:19 audiodef imap[4026]: SSL_accept() succeeded -> done

Jul  5 15:03:19 audiodef imap[3844]: SSL_accept() succeeded -> done

Jul  5 15:03:19 audiodef imap[4026]: starttls: TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits new) no authentication

Jul  5 15:03:19 audiodef imap[3844]: starttls: TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits new) no authentication

Jul  5 15:03:19 audiodef imap[4028]: SSL_accept() succeeded -> done

Jul  5 15:03:19 audiodef imap[4028]: starttls: TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits new) no authentication

Jul  5 15:03:19 audiodef imap[4027]: unknown password verifier(s) auxprop

Jul  5 15:03:19 audiodef imap[4027]: badlogin: pool-(ip_identifier).(service_provider) [ip_address] plain [SASL(-4): no mechanism available: Password verification failed]

Jul  5 15:03:19 audiodef imap[3844]: unknown password verifier(s) auxprop

Jul  5 15:03:19 audiodef imap[3844]: badlogin: pool-(ip_identifier).(service_provider) [ip_address] plain [SASL(-4): no mechanism available: Password verification failed]

```

etc.

main.cf:

```

queue_directory = /var/spool/postfix

message_size_limit = 102400000

mailbox_size_limit = 1024000000

command_directory = /usr/sbin

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

mail_owner = postfix

default_privs = nobody

myhostname = (my domain)

mydomain = (my domain)

virtual_mailbox_domains = (list of my domains)

myorigin = $myhostname

alias_maps = mysql:/etc/postfix/validate.cf

virtual_mailbox_maps = mysql:/etc/postfix/validate.cf

mailbox_transport = lmtp:unix:/var/imap/socket/lmtp

virtual_transport = lmtp:unix:/var/imap/socket/lmtp

inet_interfaces = all

mydestination = $myhostname, localhost

local_recipient_maps = $alias_maps, $virtual_mailbox_maps

unknown_local_recipient_reject_code = 550

mynetworks = (server_ip), 127.0.0.0/8

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_authenticated_header = yes

broken_sasl_auth_clients = yes

smtpd_tls_auth_only = yes

mail_spool_directory = /var/spool/mail

smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

local_destination_concurrency_limit = 2

default_destination_concurrency_limit = 20

debug_peer_level = 2

debugger_command =

         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

         ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

smtpd_tls_security_level = may

smtpd_tls_cert_file = /etc/ssl/postfix/server.crt

smtpd_tls_key_file = /etc/ssl/postfix/server.key

#smtpd_tls_CAfile = /etc/ssl/postfix/root.crt

smtpd_tls_ask_ccert = no

smtpd_tls_loglevel = 1

smtpd_recipient_restrictions =

        permit_mynetworks,

        permit_sasl_authenticated,

        reject_unauth_destination

biff = no

empty_address_recipient = MAILER-DAEMON

tls_random_source = dev:/dev/urandom

smtp_tls_note_starttls_offer = yes

content_filter = scan:[127.0.0.1]:10025

smtpd_delay_reject = no

smtpd_client_restrictions =

        permit_mynetworks

        reject_rbl_client ix.dnsbl.manitu.net

        reject_rbl_client cbl.abuseat.org

        reject_rbl_client b.barracudacentral.org

        reject_rbl_client new.spam.dnsbl.sorbs.net

        reject_rbl_client zen.spamhaus.org

#Mail from Verizon gets incorrectly filtered out

#reject_rbl_client new.spam.dnsbl.sorbs.net

transport_maps = hash:/etc/postfix/transport

```

master.cf:

```

smtp      inet  n       -       n       -       -       smtpd

pickup    fifo  n       -       n       60      1       pickup

cleanup   unix  n       -       n       -       0       cleanup

qmgr      fifo  n       -       n       300     1       qmgr

tlsmgr    unix  -       -       n       1000?   1       tlsmgr

rewrite   unix  -       -       n       -       -       trivial-rewrite

bounce    unix  -       -       n       -       0       bounce

defer     unix  -       -       n       -       0       bounce

trace     unix  -       -       n       -       0       bounce

verify    unix  -       -       n       -       1       verify

flush     unix  n       -       n       1000?   0       flush

proxymap  unix  -       -       n       -       -       proxymap

proxywrite unix -       -       n       -       1       proxymap

smtp      unix  -       -       n       -       -       smtp

relay     unix  -       -       n       -       -       smtp

        -o smtp_fallback_relay=

showq     unix  n       -       n       -       -       showq

error     unix  -       -       n       -       -       error

retry     unix  -       -       n       -       -       error

discard   unix  -       -       n       -       -       discard

local     unix  -       n       n       -       -       local

virtual   unix  -       n       n       -       -       virtual

lmtp      unix  -       -       n       -       -       lmtp

anvil     unix  -       -       n       -       1       anvil

scache    unix  -       -       n       -       1       scache

submission inet n      -       n       -       -       smtpd

# AV scan filter (used by content_filter)

scan      unix  -       -       n       -       16      smtp

        -o smtp_send_xforward_command=yes

        -o smtp_enforce_tls=no

# For injecting mail back into postfix from the filter

127.0.0.1:10026 inet  n -       n       -       16      smtpd

        -o content_filter=

        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

        -o smtpd_helo_restrictions=

        -o smtpd_client_restrictions=

        -o smtpd_sender_restrictions=

        -o smtpd_recipient_restrictions=permit_mynetworks,reject

        -o mynetworks_style=host

        -o smtpd_authorized_xforward_hosts=127.0.0.0/8

```

validate.cf:

```

hosts = 127.0.0.1

user = maildb

dbname = maildb

password = (password)

query = SELECT email from aliases where email='%s'

```

smtpd.conf:

```

pwcheck_method: auxprop

auxprop_plugin: mysql

mech_list: PLAIN LOGIN 

sql_engine: sql

sql_hostnames: 127.0.0.1

sql_user: maildb

sql_passwd: (password)

sql_database: maildb

sql_select: SELECT plainpass FROM aliases WHERE email = '%u@%r'

```

ehlo localhost:

```

250-(domain)

250-PIPELINING

250-SIZE 102400000

250-VRFY

250-ETRN

250-STARTTLS

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

```

I have tried a bunch of stuff already, to no avail, and have looked around for an hour. As I said, this has been working for a long time now. This happened right after my last update, and I don't know what changed.

----------

## freke

Postfix updated? Still emerged with mysql use-flag?

Some seems to use:

auxprop_plugin: sql

sql_engine: mysql

in smtpd.conf

I've got no idea what's right/works though.

----------

## audiodef

Yep, did all that, and more. This WAS a working system until today, and I changed NOTHING related to mail. Obviously, something got changed, but it wasn't by me, and I don't know what might have gotten updated that broke my mail server.

----------

