search

cyrusimap / cyrus-sasl

Other
128 stars 147 forks source link

broken smtpd auth after update Cyrus SASL #385

Open brong opened 10 years ago

brong commented 10 years ago

From: brad Bugzilla-Id: 3811 Version: 2.1.x Owner: Alexey Melnikov

brong commented 10 years ago

From: brad

after migrating from depreciated smtpd_recipient_restrictions to smtpd_relay_restrictions, outbound smtp hangs for users and this is the errors I find in the logs. "auxpropfunc error version mismatch with plug-in" and a "_sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql"

emailer1 saslfinger-1.0.3 # ./saslfinger -s saslfinger - postfix Cyrus sasl configuration Fri Aug 30 00:48:43 UTC 2013 version: 1.0.2 mode: server-side SMTP AUTH

-- basics -- Postfix: 2.10.1 System: Gentoo Base System release 2.2

-- smtpd is linked to -- libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00007f262e22a000) libsasl2.so.3 => /usr/lib64/libsasl2.so.3 (0x00007f262d6cc000)

-- active SMTP AUTH and TLS parameters for smtpd -- broken_sasl_auth_clients = no smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/ssl/postfix/comm.com.crt smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/ssl/postfix/comm.com.crt smtpd_tls_key_file = /etc/ssl/postfix/comm.com.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes

-- listing of /usr/lib64/sasl2 -- total 1180 drwxr-xr-x 2 root root 4096 Aug 11 20:29 . drwxr-xr-x 43 root root 12288 Aug 28 18:22 .. -rwxr-xr-x 1 root root 18632 Aug 11 20:29 libanonymous.so -rwxr-xr-x 1 root root 18632 Aug 11 20:29 libanonymous.so.3 -rwxr-xr-x 1 root root 18632 Aug 11 20:29 libanonymous.so.3.0.0 -rwxr-xr-x 1 root root 22760 Aug 11 20:29 libcrammd5.so -rwxr-xr-x 1 root root 22760 Aug 11 20:29 libcrammd5.so.3 -rwxr-xr-x 1 root root 22760 Aug 11 20:29 libcrammd5.so.3.0.0 -rwxr-xr-x 1 root root 56040 Aug 11 20:29 libdigestmd5.so -rwxr-xr-x 1 root root 56040 Aug 11 20:29 libdigestmd5.so.3 -rwxr-xr-x 1 root root 56040 Aug 11 20:29 libdigestmd5.so.3.0.0 -rwxr-xr-x 1 root root 18632 Aug 11 20:29 liblogin.so -rwxr-xr-x 1 root root 18632 Aug 11 20:29 liblogin.so.3 -rwxr-xr-x 1 root root 18632 Aug 11 20:29 liblogin.so.3.0.0 -rwxr-xr-x 1 root root 35208 Aug 11 20:29 libntlm.so -rwxr-xr-x 1 root root 35208 Aug 11 20:29 libntlm.so.3 -rwxr-xr-x 1 root root 35208 Aug 11 20:29 libntlm.so.3.0.0 -rwxr-xr-x 1 root root 109056 Aug 11 20:29 libotp.so -rwxr-xr-x 1 root root 109056 Aug 11 20:29 libotp.so.3 -rwxr-xr-x 1 root root 109056 Aug 11 20:29 libotp.so.3.0.0 -rwxr-xr-x 1 root root 18664 Aug 11 20:29 libplain.so -rwxr-xr-x 1 root root 18664 Aug 11 20:29 libplain.so.3 -rwxr-xr-x 1 root root 18664 Aug 11 20:29 libplain.so.3.0.0 -rwxr-xr-x 1 root root 26800 Aug 11 20:29 libsasldb.so -rwxr-xr-x 1 root root 26800 Aug 11 20:29 libsasldb.so.3 -rwxr-xr-x 1 root root 26800 Aug 11 20:29 libsasldb.so.3.0.0 -rwxr-xr-x 1 root root 39208 Aug 11 20:29 libscram.so -rwxr-xr-x 1 root root 39208 Aug 11 20:29 libscram.so.3 -rwxr-xr-x 1 root root 39208 Aug 11 20:29 libscram.so.3.0.0 -rwxr-xr-x 1 root root 26816 Aug 11 20:29 libsql.so -rwxr-xr-x 1 root root 26816 Aug 11 20:29 libsql.so.3 -rwxr-xr-x 1 root root 26816 Aug 11 20:29 libsql.so.3.0.0

-- listing of /usr/lib/sasl2 -- total 1180 drwxr-xr-x 2 root root 4096 Aug 11 20:29 . drwxr-xr-x 43 root root 12288 Aug 28 18:22 .. -rwxr-xr-x 1 root root 18632 Aug 11 20:29 libanonymous.so -rwxr-xr-x 1 root root 18632 Aug 11 20:29 libanonymous.so.3 -rwxr-xr-x 1 root root 18632 Aug 11 20:29 libanonymous.so.3.0.0 -rwxr-xr-x 1 root root 22760 Aug 11 20:29 libcrammd5.so -rwxr-xr-x 1 root root 22760 Aug 11 20:29 libcrammd5.so.3 -rwxr-xr-x 1 root root 22760 Aug 11 20:29 libcrammd5.so.3.0.0 -rwxr-xr-x 1 root root 56040 Aug 11 20:29 libdigestmd5.so -rwxr-xr-x 1 root root 56040 Aug 11 20:29 libdigestmd5.so.3 -rwxr-xr-x 1 root root 56040 Aug 11 20:29 libdigestmd5.so.3.0.0 -rwxr-xr-x 1 root root 18632 Aug 11 20:29 liblogin.so -rwxr-xr-x 1 root root 18632 Aug 11 20:29 liblogin.so.3 -rwxr-xr-x 1 root root 18632 Aug 11 20:29 liblogin.so.3.0.0 -rwxr-xr-x 1 root root 35208 Aug 11 20:29 libntlm.so -rwxr-xr-x 1 root root 35208 Aug 11 20:29 libntlm.so.3 -rwxr-xr-x 1 root root 35208 Aug 11 20:29 libntlm.so.3.0.0 -rwxr-xr-x 1 root root 109056 Aug 11 20:29 libotp.so -rwxr-xr-x 1 root root 109056 Aug 11 20:29 libotp.so.3 -rwxr-xr-x 1 root root 109056 Aug 11 20:29 libotp.so.3.0.0 -rwxr-xr-x 1 root root 18664 Aug 11 20:29 libplain.so -rwxr-xr-x 1 root root 18664 Aug 11 20:29 libplain.so.3 -rwxr-xr-x 1 root root 18664 Aug 11 20:29 libplain.so.3.0.0 -rwxr-xr-x 1 root root 26800 Aug 11 20:29 libsasldb.so -rwxr-xr-x 1 root root 26800 Aug 11 20:29 libsasldb.so.3 -rwxr-xr-x 1 root root 26800 Aug 11 20:29 libsasldb.so.3.0.0 -rwxr-xr-x 1 root root 39208 Aug 11 20:29 libscram.so -rwxr-xr-x 1 root root 39208 Aug 11 20:29 libscram.so.3 -rwxr-xr-x 1 root root 39208 Aug 11 20:29 libscram.so.3.0.0 -rwxr-xr-x 1 root root 26816 Aug 11 20:29 libsql.so -rwxr-xr-x 1 root root 26816 Aug 11 20:29 libsql.so.3 -rwxr-xr-x 1 root root 26816 Aug 11 20:29 libsql.so.3.0.0

-- listing of /etc/sasl2 -- total 32 drwxr-xr-x 2 root root 4096 Aug 11 20:29 . drwxr-xr-x 58 root root 4096 Aug 29 05:12 .. -rw-r--r-- 1 root root 147 Aug 9 02:08 ._cfg0000_smtpd.conf -rw-r--r-- 1 root root 0 Aug 11 20:29 .keep_dev-libs_cyrus-sasl-2 -rw-r----- 1 root mail 12432 Aug 8 19:44 sasldb2 -rw-r--r-- 1 root root 405 Aug 10 07:39 smtpd.conf

-- content of /etc/sasl2/smtpd.conf -- pwcheck_method: authdaemond mech_list: LOGIN PLAIN authdaemon_path: /var/lib/courier/authdaemon/socket

log_level: 5

sasl_pwcheck_method: auxprop sasl_auxprop_plugin: pgsql password_format: crypt mech_list: LOGIN PLAIN

sql_engine: pgsql

sql_hostnames: localhost

sql_database: postfix sql_user: --- replaced --- sql_passwd: --- replaced --- sql_select: SELECT password FROM mailbox WHERE local_part='%u' AND active='1'

-- active services in /etc/postfix/master.cf --

service type private unpriv chroot wakeup maxproc command + args

(yes) (yes) (yes) (never) (100)

smtp inet n - n - - smtpd submission inet n - n - - smtpd pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache

user1 unix - - n - - smtp -o syslog_name=postfix-user1 -o smtp_bind_address6=2600:3c01:e000:44:0:0:0:10

-- mechanisms on localhost -- 250-AUTH LOGIN PLAIN

-- end of saslfinger output --

*** postmap ****

emailer1 htdocs # postmap -q "info@comm.com" pgsql:/etc/postfix/pgsql/virtual_alias_maps.cf info@comm.com emailer1 htdocs # postmap -q "comm.com" pgsql:/etc/postfix/pgsql/virtual_mailbox_domains.cf comm emailer1 htdocs # postmap -q "info@comm.com" pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf comm.com/info/

***** postconf ****

emailer1 htdocs # postconf -n broken_sasl_auth_clients = no command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 3 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 disable_vrfy_command = yes home_mailbox = .maildir/ html_directory = no inet_protocols = ipv4, ipv6 mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no sample_directory = /etc/postfix sender_dependent_default_transport_maps = hash:/etc/postfix/transport.cf sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_client_restrictions = permit_sasl_authenticated permit_mynetworks, check_client_access smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_sasl_authenticated permit_mynetworks, reject_unknown_helo_hostname, reject_invalid_helo_hostname smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks, permit_sasl_authenticated smtpd_relay_restrictions = permit_sasl_authenticated permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = permit_sasl_authenticated reject_non_fqdn_sender, reject_unknown_sender_domain smtpd_tls_CAfile = /etc/ssl/postfix/comm.com.crt smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/ssl/postfix/comm.com.crt smtpd_tls_key_file = /etc/ssl/postfix/comm.com.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = pgsql:/etc/postfix/pgsql/virtual_alias_maps.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /var/vmail virtual_mailbox_domains = pgsql:/etc/postfix/pgsql/virtual_mailbox_domains.cf virtual_mailbox_maps = pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf virtual_uid_maps = static:5000

**** error ***

2013-08-28T23:06:57+00:00 emailer1 postfix/smtpd[21746]: auxpropfunc error version mismatch with plug-in 2013-08-28T23:06:57+00:00 emailer1 postfix/smtpd[21746]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sasldb 2013-08-28T23:06:57+00:00 emailer1 postfix/smtpd[21746]: auxpropfunc error version mismatch with plug-in 2013-08-28T23:06:57+00:00 emailer1 postfix/smtpd[21746]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: