Dovecot / Postfix / SASL: Connect to /var/run/dovecot/auth-client failed: Permission denied

Solution 1:

You define this parameter in main.cf

smtpd_sasl_path = /var/run/dovecot/auth-client

This tells postfix where path the unix socket for SASL connection.

Yet, in dovecot config you define the SASL socket was in /var/spool/postfix/private/auth

service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  ...
}

Try to set smtpd_sasl_path = private/auth and restart postfix.

Solution 2:

I had this problem as well. I can't see your log files, but the error appeared in the following way

Jan 18 16:54:47 xxxx0 postfix/smtpd[5819]: warning: SASL: Connect to /var/run/dovecot/auth-client failed: No such file or directory
Jan 18 16:54:47 xxxx0 postfix/smtpd[5819]: fatal: no SASL authentication mechanisms
Jan 18 16:54:48 xxxx0 postfix/master[5813]: warning: process /usr/lib/postfix/sbin/smtpd pid 5819 exit status 1
Jan 18 16:54:48 xxxx0 postfix/master[5813]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling

This is hard to find because the daemon terminates and is confusing because the /var/run/dovecot/auth-client socket does exist. I remembered that postfix uses chroot. When I changed the master.cf by just one character

--- a/postfix/master.cf
+++ b/postfix/master.cf
@@ -9,7 +9,7 @@
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (no)    (never) (100)
 # ==========================================================================
-smtp      inet  n       -       y       -       -       smtpd
+smtp      inet  n       -       n       -       -       smtpd
 #smtp      inet  n       -       y       -       1       postscreen
 #smtpd     pass  -       -       y       -       -       smtpd
 #dnsblog   unix  -       -       y       -       0       dnsblog

And restarted the daemons, no error messages and the smtpd began to receive messages

Jan 18 17:01:05 xxxx0 postfix/smtpd[6034]: connect from mail-lf1-f49.google.com[209.85.167.49]
Jan 18 17:01:06 xxxx0 postfix/smtpd[6034]: Anonymous TLS connection established from mail-lf1-f49.google.com[209.85.167.49]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
Jan 18 17:01:06 xxxx0 postfix/smtpd[6034]: 8852527CDA: client=mail-lf1-f49.google.com[209.85.167.49]
Jan 18 17:01:06 xxxx0 postfix/cleanup[6039]: 8852527CDA: message-id=<CAG7vz7oDTXmSfKOTM7YKqzVGvvXyEvtjsREaN4dXh+qJXN60BQ@mail.gmail.com>
Jan 18 17:01:06 xxxx0 postfix/qmgr[6013]: 8852527CDA: from=<[email protected]>, size=2730, nrcpt=1 (queue active)
Jan 18 17:01:06 xxxx0 postfix/virtual[6040]: 8852527CDA: to=<[email protected]>, relay=virtual, delay=0.03, delays=0.01/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Jan 18 17:01:06 xxxx0 postfix/qmgr[6013]: 8852527CDA: removed
Jan 18 17:01:06 xxxx0 postfix/smtpd[6034]: disconnect from mail-lf1-f49.google.com[209.85.167.49] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7

With more effort, I could relocate the socket to the chroot.