Postfix: SASL authentication failure: cannot connect to saslauthd server: Permission denied

Tell saslauthd to create its socket within postfix' chroot jail via its -m option, e.g. -m /var/spool/postfix/var/run/saslauthd. On my Ubuntu i appended this line to /etc/default/saslauthd:

 OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

and then i did

 service saslauthd stop
 mkdir -p /var/spool/postfix/var/run
 mv /var/run/saslauthd /var/spool/postfix/var/run/
 service saslauthd start

You might want to leave a softlink at the old place in case other services (like an IMAP service) expect to find /var/run/saslauthd:

 ln -s /var/spool/postfix/var/run/saslauthd/ /var/run/

If /var/run/ is a tmpfs you might have to create that link each time after boot, e.g. somewhere within /etc/init.d/saslauthd

I just encountered a similar issue and ended up working around it using a bind mount from the Postfix chroot jail up into the SASL Auth daemon's preferred path:

mkdir -p     /var/spool/postfix/var/run/saslauthd
chgrp sasl   /var/spool/postfix/var/run/saslauthd
mount --bind /var/spool/postfix/var/run/saslauthd /var/run/saslauthd

I also had to change the permissions slightly to allow Postfix to traverse (-x) into that directory. (I did NOT change the permissions on the Postfix directory /var/spool/postfix) ... that's why I used a bind mount; because changing the Postfix permissions seems likely to cause a lot more trouble than changing the just the "other execute" permission on the saslauthd directory containing its Unix domain socket and PID file).

I'd still welcome a pointer to a better HOWTO on enabling Postfix plus SASLauthd.

Incidentally, though I figured out this workaround on my own, the very next link in Google after this Serverfault entry (for me, at this time) was to this:

https://github.com/webmin/webmin/issues/58

... which is a more detailed description of the problem and solution. Essentially the same as I figured out on my own.

You could also try to add postfix user to sasl group.