After configuring AWS SES service with Postfix, you may have found error in logs – SASL authentication failed . The error will not allow you to send email from server by using AWS SES service.

Reasons For Error : SASL authentication failed

1. Incorrect Credential :
(a) Many times the “SASL authentication failed” error happened when we use incorrect credentials (Secret Keys and Access Keys). Hence, cross check the correct credentials.

(b) Check the IAM user which Access/Secret Keys you are using for SES . The IAM user must be allowed for SES service. (Reference : http://docs.aws.amazon.com/ses/latest/DeveloperGuide/control-user-access.html )

2. Package dependency issue :
Generally, it is also due to lack of installation of dependency packages. These packages are for supporting SASL mechanism in postfix. In end of this post, we have given sample output. Find this line – “warning: SASL authentication failure: No worthy mechs found”. It shows the problem with unavailable SASL mechanism supporting package in system.

Hence, install the dependency packages –

In CentOS / RHEL :

yum install cyrus-sasl-plain postfix

In Ubuntu/Debian :

sudo apt-get install Cyrus-sasl2

Given below is sample output from postfix maillog with error :

Jul 13 10:02:14 ip-10-0-0-5 postfix/smtp[32416]: CCBCE91E238: SASL authentication failed; cannot authenticate to server email-smtp.us-east-1.amazonaws.com[54.235.101.205]: no mechanism available
Jul 13 10:02:14 ip-10-0-0-5 postfix/smtp[32416]: warning: SASL authentication failure: No worthy mechs found
Jul 13 10:02:14 ip-10-0-0-5 postfix/smtp[32416]: CCBCE91E238: to=admin@example.com, relay=email-smtp.us-east-1.amazonaws.com[23.21.91.54]:25, delay=15, delays=0.01/0.02/15/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server email-smtp.us-east-1.amazonaws.com[23.21.91.54]: no mechanism available)