TokenStore::Read: fail to open file

[kiurzz]

Hello, I have this issue:

The file exist, I can read-it and there is the output of the sasl-xoauth2-test-config:

Thanks for your help ;)

[tarickb]

Is it possible you have chroot enabled? The README has a note that might be helpful.

[kiurzz]

Ok my bad, I havn't read those lines... Now I have this error:

"TokenStore::Refresh: http error: error setting certificate verify locations:#012 CAfile: /etc/ssl/certs/ca-certificates.crt#012 CApath: /etc/ssl/certs"

When I check in /var/spool/postfix/etc/ssl/certs there is no ca-certificates.crt or ca-certificates.crt#12 but there is:

[tarickb]

The next section in the README covers that topic. :) If that doesn't help, I'll need more information. What distribution/release are you using? What version of sasl-xoauth2? Did you build it yourself or are you using prebuilt binaries?

[kiurzz]

I'm on Ubuntu 20.04 LTS, for sasl-xoauth2 last version on Linux Packages via apt

[tarickb]

Do you have ca_bundle_file or ca_certs_dir specified in sasl-xoauth2.conf? What's your TLS configuration in /etc/postfix/main.cf?

[kiurzz]

I don't have "ca_certs_dir" specified. There is my configuration:

[tarickb]

Your config file specifies smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt, so it's interesting that that file doesn't make it into /var/spool/postfix. Can you verify that /etc/ssl/certs/ca-certificates.crt exists?

[kiurzz]

Hello, the file exists in /etc/ssl/certs/ but not in /var/spool/postfix/etc/ssl/certs

[tarickb]

Try coping it over manually?

[alfonsodou]

Hello, I have the same problem. Here's the error message I get:

TokenStore::Refresh: http error: SSL certificate problem: unable to get local issuer certificate

In the directory /var/spool/postfix/etc/ssl/certs/ is the file ca-certificates.crt, copied from the folder /etc/ssl/certs/ In the configuration file /etc/saslxoauth2.conf the following parameter is defined: "ca_certs_dir": "/var/spool/postfix/etc/ssl/certs" I tried setting the parameter ca_bundle_file but the error is the same. Server has Debian GNU/Linux 10 (buster) installed

Thanks for your support.

[tarickb]

Can you try unsetting ca_certs_dir and setting ca_bundle_file to /etc/ssl/certs/ca-certificates.crt? Note that I purposefully left out /var/spool/postfix from the path (because I suspect you have chroot enabled, and so the plugin will never see that part of the path). If that doesn't work please provide the same config-file snippets that I asked for above from @kiurzz.

[alfonsodou]

Ok, right. My mistake. Thank you. This is the current content of the /etc/sasl-xoauth2.conf file

And it works correctly, I get the tokens and they refresh automatically, but, I can't send the mails anyway. I always get the same error. This is the postfix log:

How do I know what is failing? Thanks again.

[tarickb]

There aren't any sasl-xoauth2 traces in that log snippet, which leads me to believe that either 1) Postfix isn't successfully loading sasl-xoauth2 (in which case I'd suggest reviewing the README), or 2) sasl-xoauth2 is logging to /var/log/syslog but you sent me /var/log/mail.log (in which case, check /var/log/syslog).

[alfonsodou]

My apologies. It is now working properly. The problem I had is that at the time of obtaining the initial token I was identifying myself in O365 with a different user than the one configured in postfix for sending emails. Thanks for your help and patience.

[tarickb]

Happy to help, and I'm glad you figured it out!