Discussion:
Bug#437841: Postfix SASL configuration file smtpd.conf is placed in the wrong directory
(too old to reply)
Anton Chernev
2007-08-14 13:23:46 UTC
Permalink
Package: postfix
Version: 2.3.8-2

The configuration file for Postfix SASL (smtpd.conf) is placed in the
/etc/postfix/sasl/ directory. However, it is never read by the daemons.
As a result, the authentication falls back to the default, using the
file /etc/sasldb2 (sasldb mechanism) and offering all available
authentication methods.

The workaround is to move the file to /usr/lib/sasl2/ directory (the
default for Cyrus SASL2, IIRC).
A fix would probably be to reconfigure the prefix for the file while
building the package.

I am not sure which package this file belongs to, as dpkg returns the
dpkg: /etc/postfix/sasl/smtpd.conf not found.
I am using Debian GNU/Linux 4.0 (Etch), kernel version: 2.6.21.1, libc6
version: 2.3.6.ds1-13
I am omitting hardware details, as this is clearly not a hardware issue.

The following warning are logged:
postfix/smtpd[25479]: warning: SASL authentication problem: unable to
open Berkeley db /etc/sasldb2: No such file or directory
postfix/smtpd[25479]: warning: SASL authentication problem: unable to
open Berkeley db /etc/sasldb2: No such file or directory
postfix/smtpd[25479]: warning: SASL authentication failure: no secret in
database
postfix/smtpd[25479]: warning: hostname[x.x.x.x] SASL CRAM-MD5
authentication failed: authentication failure
postfix/smtpd[25479]: warning: SASL authentication problem: unable to
open Berkeley db /etc/sasldb2: No such file or directory
postfix/smtpd[25479]: warning: SASL authentication problem: unable to
open Berkeley db /etc/sasldb2: No such file or directory
postfix/smtpd[25479]: warning: SASL authentication failure: no secret in
database
postfix/smtpd[25479]: warning: hostname[x.x.x.x] SASL NTLM
authentication failed: authentication failure
postfix/smtpd[25479]: warning: SASL authentication problem: unable to
open Berkeley db /etc/sasldb2: No such file or directory
postfix/smtpd[25479]: warning: SASL authentication failure: Password
verification failed
postfix/smtpd[25479]: warning: hostname[x.x.x.x] SASL PLAIN
authentication failed: authentication failure
postfix/smtpd[25479]: warning: SASL authentication problem: unable to
open Berkeley db /etc/sasldb2: No such file or directory
postfix/smtpd[25479]: warning: hostname[x.x.x.x] SASL LOGIN
authentication failed: authentication failure
LaMont Jones
2007-08-14 13:58:52 UTC
Permalink
tags 437841 + moreinfo
Post by Anton Chernev
The configuration file for Postfix SASL (smtpd.conf) is placed in the
/etc/postfix/sasl/ directory. However, it is never read by the daemons.
As a result, the authentication falls back to the default, using the
file /etc/sasldb2 (sasldb mechanism) and offering all available
authentication methods.
I am using Debian GNU/Linux 4.0 (Etch), kernel version: 2.6.21.1, libc6
version: 2.3.6.ds1-13
I am omitting hardware details, as this is clearly not a hardware issue.
What architecture are you running on? Other people are using postfix
2.3.8-2 on x86 with no issues, so this may be a build issue....

lamont
Anton Chernev
2007-08-14 15:23:59 UTC
Permalink
Post by LaMont Jones
tags 437841 + moreinfo
Post by Anton Chernev
The configuration file for Postfix SASL (smtpd.conf) is placed in the
/etc/postfix/sasl/ directory. However, it is never read by the daemons.
As a result, the authentication falls back to the default, using the
file /etc/sasldb2 (sasldb mechanism) and offering all available
authentication methods.
I am using Debian GNU/Linux 4.0 (Etch), kernel version: 2.6.21.1, libc6
version: 2.3.6.ds1-13
I am omitting hardware details, as this is clearly not a hardware issue.
What architecture are you running on? Other people are using postfix
2.3.8-2 on x86 with no issues, so this may be a build issue....
lamont
I am also using x86.
Indeed, I have recompiled Postfix to add a trash quota patch, by using
the dpkg-build routine.
I haven't touched anything in the source or the debian control/rules
files, so my guess is this won't be the source of trouble.

What I'm not sure about is whether this is caused by Postfix, libsasl2,
libsasl2-modules or sasl2-bin; I couldn't find out which package
contains this file.

Anton
LaMont Jones
2007-08-15 03:07:33 UTC
Permalink
Post by Anton Chernev
I am also using x86.
Indeed, I have recompiled Postfix to add a trash quota patch, by using
the dpkg-build routine.
dpkg-buildpackage should result in the patches that you need...
strings -a /usr/lib/postfix/smtpd | grep "sasl:/usr/lib/sasl2" should
result in output, or you've managed to drop a patch.
Post by Anton Chernev
What I'm not sure about is whether this is caused by Postfix, libsasl2,
libsasl2-modules or sasl2-bin; I couldn't find out which package
contains this file.
The file is created either by the admin or by postfix (but I think
admin...) and would belong to postfix. If the strings | grep above
produces output, then life is interesting and I'm not sure who's broken.

lamont
Anton Chernev
2007-08-15 09:39:06 UTC
Permalink
Post by LaMont Jones
Post by Anton Chernev
I am also using x86.
Indeed, I have recompiled Postfix to add a trash quota patch, by using
the dpkg-build routine.
dpkg-buildpackage should result in the patches that you need...
strings -a /usr/lib/postfix/smtpd | grep "sasl:/usr/lib/sasl2" should
result in output, or you've managed to drop a patch.
Post by Anton Chernev
What I'm not sure about is whether this is caused by Postfix, libsasl2,
libsasl2-modules or sasl2-bin; I couldn't find out which package
contains this file.
The file is created either by the admin or by postfix (but I think
admin...) and would belong to postfix. If the strings | grep above
produces output, then life is interesting and I'm not sure who's broken.
lamont
$ strings -a /usr/lib/postfix/smtpd | grep "sasl:/usr/lib/sasl2"
/etc/postfix/sasl:/usr/lib/sasl2
$
Does that mean it looks for the file in both places?

Anton
LaMont Jones
2007-08-15 14:47:47 UTC
Permalink
Post by Anton Chernev
Post by LaMont Jones
$ strings -a /usr/lib/postfix/smtpd | grep "sasl:/usr/lib/sasl2"
/etc/postfix/sasl:/usr/lib/sasl2
Does that mean it looks for the file in both places?
That is the path that postfix provides to sasl. It also tells me that
you're running a version of postfix that didn't allow an alternate
config directory for sasl (hardcoded /etc/postfix). It's also possible
that said version has the defect that it only half-dealt with the path
split that sasl did a bit ago... does debian/patches/10tls.dpatch add a
routine called xsasl_getconfpath?

What version of postfix are we talking about here?

lamont
Anton Chernev
2007-08-16 11:43:48 UTC
Permalink
Post by LaMont Jones
Post by Anton Chernev
Post by LaMont Jones
$ strings -a /usr/lib/postfix/smtpd | grep "sasl:/usr/lib/sasl2"
/etc/postfix/sasl:/usr/lib/sasl2
Does that mean it looks for the file in both places?
That is the path that postfix provides to sasl. It also tells me
that you're running a version of postfix that didn't allow an
alternate config directory for sasl (hardcoded /etc/postfix). It's
also possible that said version has the defect that it only
half-dealt with the path split that sasl did a bit ago... does
debian/patches/10tls.dpatch add a routine called xsasl_getconfpath?
What version of postfix are we talking about here?
lamont
No such routine is mentioned in any of the files in the debian/patches
directory (the file you mentioned is 50tls.dpatch, btw).
I thought the first post mentions the version in the pseudo-header,
namely 2.3.8-2.

I have obtained these sources by doing an "apt-get source postfix" after
an apt database update on Etch. How could this result in getting
outdated sources? In aptitude it seems this is the latest version of the
package.

Anton

Loading...