Getting haraka email server error when attempting to use as outgoing only :
[tls] secured: cipher=ECDHE-RSA-AES128-GCM-SHA256 version=TLSv1/SSLv3 verified=false error="Error: unable to get issuer certificate"
... entire server log for this send email attempt
[NOTICE] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] connect ip=111.222.333.444 port=55152 local_ip=:: local_port=587
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running connect_init hooks
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running connect_init_respond
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running lookup_rdns hooks
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running connect hooks
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 220 mydomain.com ESMTP Haraka 2.8.8 ready
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] C: EHLO mydomain.com state=1
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running ehlo hooks
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running capabilities hooks
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running capabilities hook in tls plugin
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] hook=capabilities plugin=tls function=tls_capabilities params="" retval=CONT msg=""
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running capabilities hook in auth/flat_file plugin
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [auth/flat_file] Auth disabled for insecure public connection
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] hook=capabilities plugin=auth/flat_file function=hook_capabilities params="" retval=CONT msg=""
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250-mydomain.com Hello mydomain.com [111.222.333.444], Haraka is at your service.
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250-PIPELINING
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250-8BITMIME
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250-SIZE 0
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250 STARTTLS
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] C: STARTTLS state=1
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running unrecognized_command hooks
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running unrecognized_command hook in tls plugin
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 220 Go ahead.
[DEBUG] [-] [core] Upgrading to TLS
[DEBUG] [-] [core] TLS secured.
[INFO] [06F7A5F3-E976-404E-8629-CAB3771964E9] [tls] secured: cipher=ECDHE-RSA-AES128-GCM-SHA256 version=TLSv1/SSLv3 verified=false error="Error: unable to get issuer certificate"
[INFO] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] hook=unrecognized_command plugin=tls function=tls_unrecognized_command params="STARTTLS" retval=OK msg=""
[INFO] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] client [111.222.333.444] dropped connection
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running disconnect hooks
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running disconnect hook in tls plugin
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] hook=disconnect plugin=tls function=hook_disconnect params="" retval=CONT msg=""
[NOTICE] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] disconnect ip=111.222.333.444 rdns="mydomain.com" helo="" relay=N early=N esmtp=Y tls=Y pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="" time=0.06
here is entire nodejs client code to send outgoing email
// https://github.com/nodemailer/nodemailer
var nodemailer = require('nodemailer');
var transporter = nodemailer.createTransport('smtp://myloginid:mypassword#mydomain.com:587');
var mailOptions = {
host: 'mydomain.com',
port: 587,
from: 'myloginid#mydomain.com', // sender address
to: 'mygmailname#gmail.com', // list of receivers
subject: 'Hello',
text: 'Hello world',
debug: true,
auth: {
user: 'myloginid',
pass: 'mypassword'
}
};
// send mail with defined transport object
transporter.sendMail(mailOptions, function(error, info){
if(error){
return console.log(error);
}
console.log('Message sent: ' + info.response);
});
node --version
v6.6.0
I am using TLS certs generated from tutorial at
https://letsecure.me/secure-web-deployment-with-lets-encrypt-and-nginx/
here are the four cert files
cert.pem chain.pem fullchain.pem privkey.pem
I used two of these TLS cert files for haraka
cp /etc/letsencrypt/live/${FRESH_DOMAIN}/privkey.pem ${HARAKA_HOME}/config/tls_key.pem
cp /etc/letsencrypt/live/${FRESH_DOMAIN}/cert.pem ${HARAKA_HOME}/config/tls_cert.pem
Here are the errors
client nodemailer
Error: unable to verify the first certificate at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:416:38) code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }
haraka log error :
[INFO] [06F7A5F3-E976-404E-8629-CAB3771964E9] [tls] secured: cipher=ECDHE-RSA-AES128-GCM-SHA256 version=TLSv1/SSLv3 verified=false error="Error: unable to get issuer certificate"
Any suggestions ?
PS. Strangely it currently does work OK if I use swaks to send emails even though above nodejs email client fails
swaks -f myloginid#mydomain.com -t mygmailname#gmail.com -s localhost -p 587 -au myloginid -ap mypassword
The choice of letsencrypt TLS cert files I used above works for other email servers like postfix ... yet haraka instead wants file fullchain.pem
wrong one previously used : cert.pem
correct TLS cert : fullchain.pem
This file change fixed the TLS error so Haraka now sends outgoing email OK with above nodejs client code
Related
I am having trouble connecting to libera.chat and irc.libera.chat using Konversation Version 1.8.21123 on Jammy Jellyfish (fully updated). I have worked through the steps given on https://userbase.kde.org/Konversatio...tication#step5 and still cannot connect. The repeating log is shown below.
[12:44] [Info] Looking for server irc.libera.chat (port 6697)...
[12:44] [Info] Server found, connecting...
[12:44] [Info] Negotiating capabilities with server...
[12:44] [Notice] -lithium.libera.chat- *** Checking Ident
[12:44] [Notice] -lithium.libera.chat- *** Looking up your hostname...
[12:44] [Notice] -lithium.libera.chat- *** Couldn't look up your hostname
[12:45] [Notice] -lithium.libera.chat- *** No Ident response
[12:45] [Capabilities] account-notify away-notify chghost extended-join multi-prefix sasl=PLAIN,ECDSA-NIST256P-CHALLENGE,EXTERNAL tls account-tag cap-notify echo-message server-time solanum.chat/identify-msg solanum.chat/oper solanum.chat/realhost
[12:45] [Info] Requesting capabilities: account-notify away-notify chghost extended-join multi-prefix sasl cap-notify server-time
[12:45] [Info] SASL capability acknowledged by server, attempting SASL PLAIN authentication...
[12:45] [Error] SASL authentication attempt failed.
[12:45] [Info] Closing capabilities negotiation.
[12:45] [Error] Connection to server irc.libera.chat (port 6697) lost: The TLS/SSL connection has been closed.
[12:45] [Info] Trying to reconnect to irc.libera.chat (port 6697) in 10 seconds.
[12:45] [Info] Looking for server irc.libera.chat (port 6697)... <-- Log repeats from this line.
Is there something blatant that I have overlooked ?
Is there some web page that I need to visit in order to register my ident/hostname/whatever (!) ?
Stuart
Packer qemu build fails with below error for rhel9.
2022/11/14 06:49:53 packer-builder-qemu plugin: [DEBUG] SSH handshake err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none password], no supported methods remain
2022/11/14 06:49:53 packer-builder-qemu plugin: [DEBUG] Detected authentication error. Increasing handshake attempts.
2022/11/14 06:50:00 packer-builder-qemu plugin: [INFO] Attempting SSH connection to 127.0.0.1:2799...
2022/11/14 06:50:00 packer-builder-qemu plugin: [DEBUG] reconnecting to TCP connection for SSH
2022/11/14 06:50:00 packer-builder-qemu plugin: [DEBUG] handshaking with SSH
2022/11/14 06:50:03 packer-builder-qemu plugin: [DEBUG] SSH handshake err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none password], no supported methods remain
2022/11/14 06:50:03 packer-builder-qemu plugin: [DEBUG] Detected authentication error. Increasing handshake attempts.
2022/11/14 06:50:10 packer-builder-qemu plugin: [INFO] Attempting SSH connection to 127.0.0.1:2799...
2022/11/14 06:50:10 packer-builder-qemu plugin: [DEBUG] reconnecting to TCP connection for SSH
2022/11/14 06:50:10 packer-builder-qemu plugin: [DEBUG] handshaking with SSH
2022/11/14 06:50:14 packer-builder-qemu plugin: [DEBUG] SSH handshake err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none password], no supported methods remain
With same iso and kickstart file , I could login to new VM via vcenter.
Any suggestions?
I am trying to send mail using perl through server office 365
The operation succeed 8 times out of 10 (i.e. randomly fail in 20% of cases).
use Net::SMTPS;
my $mailer = Net::SMTPS->new("smtp.office365.com",
Port => "587",
doSSL => "starttls",
SSL_version => "TLSv1",
Debug => 4
);
...
$mailer returns as undef ;
Below is the log:
Net::SMTPS>>> Net::SMTPS(0.10)
Net::SMTPS>>> IO::Socket::IP(0.41)
Net::SMTPS>>> IO::Socket(1.48)
Net::SMTPS>>> IO::Handle(1.48)
Net::SMTPS>>> Exporter(5.73)
Net::SMTPS>>> Net::SMTP(3.13)
Net::SMTPS>>> Net::Cmd(3.13)
Net::SMTPS=GLOB(0x30816b0)<<< 220 DU2PR04CA0355.outlook.office365.com Microsoft ESMTP MAIL Service ready at Fri, 22 Oct 2021 09:15:28 +0000
Net::SMTPS=GLOB(0x30816b0)>>> EHLO localhost.localdomain
Net::SMTPS=GLOB(0x30816b0)<<< 250-DU2PR04CA0355.outlook.office365.com Hello [54.77.44.87]
Net::SMTPS=GLOB(0x30816b0)<<< 250-SIZE 157286400
Net::SMTPS=GLOB(0x30816b0)<<< 250-PIPELINING
Net::SMTPS=GLOB(0x30816b0)<<< 250-DSN
Net::SMTPS=GLOB(0x30816b0)<<< 250-ENHANCEDSTATUSCODES
Net::SMTPS=GLOB(0x30816b0)<<< 250-STARTTLS
Net::SMTPS=GLOB(0x30816b0)<<< 250-8BITMIME
Net::SMTPS=GLOB(0x30816b0)<<< 250-BINARYMIME
Net::SMTPS=GLOB(0x30816b0)<<< 250-CHUNKING
Net::SMTPS=GLOB(0x30816b0)<<< 250 SMTPUTF8
Net::SMTPS=GLOB(0x30816b0)>>> STARTTLS
Net::SMTPS=GLOB(0x30816b0)<<< 220 2.0.0 SMTP server ready
DEBUG: .../IO/Socket/SSL.pm:3010: new ctx 51201296
DEBUG: .../IO/Socket/SSL.pm:1620: start handshake
DEBUG: .../IO/Socket/SSL.pm:787: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:832: not using SNI because hostname is unknown
DEBUG: .../IO/Socket/SSL.pm:864: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:880: set socket to non-blocking to enforce timeout=120
DEBUG: .../IO/Socket/SSL.pm:894: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:897: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:907: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:917: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:937: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:894: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:897: done Net::SSLeay::connect -> 0
DEBUG: .../IO/Socket/SSL.pm:945: connection failed - connect returned 0
DEBUG: .../IO/Socket/SSL.pm:946: local error: SSL connect attempt failed because of handshake problems
DEBUG: .../IO/Socket/SSL.pm:2043: downgrading SSL only, not closing socket
DEBUG: .../IO/Socket/SSL.pm:3059: free ctx 51201296 open=51201296
DEBUG: .../IO/Socket/SSL.pm:3063: free ctx 51201296 callback
DEBUG: .../IO/Socket/SSL.pm:3070: OK free ctx 51201296
Thanks for any help
my $mailer = Net::SMTPS->new("smtp.office365.com",
...
SSL_version => "TLSv1",
For some unknown reason you are trying to enforce TLS 1.0 with SSL_version => 'TLSv1'. But some of the servers behind smtp.office365.com only support TLS 1.1 and later:
$ dig smtp.office365.com
...
SXF-efz.ms-acdc.office.com. 36 IN A 52.98.199.194
SXF-efz.ms-acdc.office.com. 36 IN A 40.101.61.130
SXF-efz.ms-acdc.office.com. 36 IN A 52.98.208.114
From these the first two support TLS 1.0, the last only TLS 1.1 and later, which means depending on which server is actually chosen the TLS handshake will succeed or fail. Note that from your perspective or at a different time you might see other IP addresses which exhibit a different behavior.
The solution is simple: stop explicitly restricting the SSL_version. In this case it will offer the best version the linked version of OpenSSL offers which since many years should be better than TLS 1.0.
Apart from that, the CORE module Net::SMTP has builtin support for TLS for several years, so there is probably no need to use Net::SMTPS (which inside uses Net::SMTP anyway).
Please help to solve my problem
Genymotion with VirtualBox download from genymotion site and install properly
Add Genymotion pluging on eclipse and set Genymotion directory
Add virtual device Nexus9 os version 5.1.0 API 22
Add Selenium and Appium java client jar files under project
Use Genymotion Android Tool and Custom Android SDK tool as Genymotion ADB tool connection setting
Configure Appium Setting and run appium
Run below source code
import java.io.IOException;
import org.apache.commons.exec.CommandLine;
import org.apache.commons.exec.DefaultExecuteResultHandler;
import org.apache.commons.exec.DefaultExecutor;
import org.apache.commons.exec.ExecuteException;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.remote.DesiredCapabilities;
import org.openqa.selenium.remote.RemoteWebDriver;
import java.net.URL;
import io.appium.java_client.android.AndroidDriver;
public class Firstappium {
static String deviceName = "Nexus9-6.0.0-API23";
static WebDriver driver;;
public static void main(String[] args) throws InterruptedException, ExecuteException, IOException {
DesiredCapabilities capabilities = new DesiredCapabilities();
DefaultExecutor executor = new DefaultExecutor();
DefaultExecuteResultHandler resultHandler = new DefaultExecuteResultHandler();
capabilities.setCapability("deviceName","Nexus9-5.1.0API22");
capabilities.setCapability("platformVersion", "5.1");
capabilities.setCapability("platformName", "Android");
capabilities.setCapability("app","G:/appium/apk/cz.hipercalc.apk");
driver = new AndroidDriver(new URL("http://127.0.0.1:4720/wd/hub"),capabilities);
System.out.println("SetUp is successful and Appium Driver is launched successfully");
}
}
Show below log in Appium
info: [debug] 1 device(s) connected
info: Found device adb server version (32) doesn't match this client (36); killing...
info: [debug] Setting device id to adb server version (32) doesn't match this client (36); killing...
info: [debug] Waiting for device to be ready and to respond to shell commands (timeout = 5)
info: [debug] executing cmd: G:\Android\sdk\platform-tools\adb.exe -s adb server version (32) doesn't match this client (36); killing...
wait-for-device
info: [debug] Retrying restartAdb
error: Error running wait-for-device
info: [debug] executing cmd: G:\Android\sdk\platform-tools\adb.exe -s adb server version (32) doesn't match this client (36); killing...
kill-server
error: Error killing ADB server, going to see if it's online anyway
info: [debug] Getting connected devices...
info: [debug] executing cmd: G:\Android\sdk\platform-tools\adb.exe -s adb server version (32) doesn't match this client (36); killing...
devices
info: [debug] Waiting for device to be ready and to respond to shell commands (timeout = 5)
info: [debug] executing cmd: G:\Android\sdk\platform-tools\adb.exe -s adb server version (32) doesn't match this client (36); killing...
wait-for-device
error: Error running wait-for-device
info: [debug] Retrying restartAdb
info: [debug] executing cmd: G:\Android\sdk\platform-tools\adb.exe -s adb server version (32) doesn't match this client (36); killing...
error: Error running wait-for-device
info: [debug] executing cmd: G:\Android\sdk\platform-tools\adb.exe -s adb server version (32) doesn't match this client (36); killing...
kill-server
error: Error killing ADB server, going to see if it's online anyway
info: [debug] Getting connected devices...
info: [debug] executing cmd: G:\Android\sdk\platform-tools\adb.exe -s adb server version (32) doesn't match this client (36); killing...
devices
info: [debug] Waiting for device to be ready and to respond to shell commands (timeout = 5)
info: [debug] executing cmd: G:\Android\sdk\platform-tools\adb.exe -s adb server version (32) doesn't match this client (36); killing...
wait-for-device
error: Error running wait-for-device
info: [debug] Sent shutdown command, waiting for UiAutomator to stop...
warn: UiAutomator did not shut down fast enough, calling it gone
info: [debug] Cleaning up android objects
info: [debug] Cleaning up appium session
error: Failed to start an Appium session, err was: Error: Command failed: C:\WINDOWS\system32\cmd.exe /s /c "G:\Android\sdk\platform-tools\adb.exe -s adb server version (32) doesn't match this client (36); killing...
wait-for-device"
error: could not install smartsocket listener: cannot bind to 127.0.0.1:5037: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)
could not read ok from ADB Server
* could not start server *
info: [debug] Error: Command failed: C:\WINDOWS\system32\cmd.exe /s /c "G:\Android\sdk\platform-tools\adb.exe -s adb server version (32) doesn't match this client (36); killing...
wait-for-device"
error: could not install smartsocket listener: cannot bind to 127.0.0.1:5037: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)
could not read ok from ADB Server
* could not start server *
at ChildProcess.exithandler (child_process.js:751:12)
at ChildProcess.emit (events.js:110:17)
at maybeClose (child_process.js:1016:16)
at Process.ChildProcess._handle.onexit (child_process.js:1088:5)
info: [debug] Responding to client with error: {"status":33,"value":{"message":"A new session could not be created. (Original error: Command failed: C:\WINDOWS\system32\cmd.exe /s /c \"G:\Android\sdk\platform-tools\adb.exe -s adb server version (32) doesn't match this client (36); killing...\r wait-for-device\"\nerror: could not install smartsocket listener: cannot bind to 127.0.0.1:5037: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)\r\ncould not read ok from ADB Server\r\n* could not start server *\r\n)","killed":false,"code":4294967295,"signal":null,"cmd":"C:\WINDOWS\system32\cmd.exe /s /c \"G:\Android\sdk\platform-tools\adb.exe -s adb server version (32) doesn't match this client (36); killing...\r wait-for-device\"","origValue":"Command failed: C:\WINDOWS\system32\cmd.exe /s /c \"G:\Android\sdk\platform-tools\adb.exe -s adb server version (32) doesn't match this client (36); killing...\r wait-for-device\"\nerror: could not install smartsocket listener: cannot bind to 127.0.0.1:5037: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)\r\ncould not read ok from ADB Server\r\n* could not start server *\r\n"},"sessionId":null}
info: <-- POST /wd/hub/session 500 30628.747 ms - 1226
From the logs what I can is "adb server version does not match".
Try updating your Android SDK first through ANDROID SDK MANAGER.
And you need to start appium server before you try to initialise the driver.
When you start appium server, by default it starts with port number 4723.
If you are not mentioning any port number while starting appium server then the url should be http://127.0.0.1:4723/wd/hub
How to configure the server to allow users to authenticate against the postfix and to send mail from any client software. I think I am missing something small but I need HELP. I have been working on this on and off for about 8 weeks now and cannot figure out my issue.
Telnet test from remote machine (My Laptop)
imac:~ jtolson $ echo -ne '\0sogo1\0sogo' | openssl enc -base64
AHNvZ28xAHNvZ28=
imac:~ jtolson $ telnet 10.1.2.130 25
Trying 10.1.2.130...
Connected to 10.1.2.130.
Escape character is '^]'.
220 *********************************
EHLO tcusit.com
250-tcusit.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN
250-AUTH=DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN AHNvZ28xAHNvZ28=
535 5.7.8 Error: authentication failed: authentication failure
From the /var/log/syslog on the server 10.1.2.130
Oct 17 11:21:41 sogo postfix/smtpd[14957]: connect from unknown[172.16.1.8]
Oct 17 11:21:59 sogo postfix/smtpd[14957]: warning: SASL authentication failure: Password verification failed
Oct 17 11:21:59 sogo postfix/smtpd[14957]: warning: unknown[172.16.1.8]: SASL PLAIN authentication failed: authentication failure
From the mail server file /etc/saslauthd.conf
ldap_servers: ldap://127.0.0.1:3389/
ldap_version: 3
ldap_auth_method: bind
ldap_search_base: dc=tcusit,dc=com
ldap_filter: (|(uid=%U)(cn=%U))
ldap_scope: sub
From the 10.1.2.130 mail server
root#sogo:~# testsaslauthd -u sogo1 -p sogo
0: OK "Success."
Given the testsaslauthd comes back with a "0: OK "Success." tells me that the ldap and saslauthd is working properly. I know that the POSTFIX/SMTP is using SASL authentication and is failing on the password from the log file. Postfix/SMTPD is configured with the SASL Authentication and the SASL Authentication through ldap is working given my testsaslauthd test. What am I missing? I am just trying to setup a simple mail server that I can use with remote clients from mobile, macs and windows.
Any guidance is appreciated.
It´s the solution
service saslauthd stop
rm -rf /var/spool/postfix/var/run/saslauthd
Edit /etc/default/saslauthdenter code hereSTART=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="ldap"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-r -V -c -m /var/spool/postfix/var/run/saslauthd"
dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/
service saslauthd start