Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Postfix + SSL/cyrus-sasl bad option, but which one? [SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
-neX-
n00b
n00b


Joined: 29 Apr 2005
Posts: 44

PostPosted: Sat Jun 05, 2010 5:33 pm    Post subject: Postfix + SSL/cyrus-sasl bad option, but which one? [SOLVED] Reply with quote

so ive been trying to set up postfix + cyrus-sasl + ssl for the last couple of days. im able to get a standard postfix server going using the guide from gentoo docs. that works just fine - responds to telnet on localhost.

the problem crops up when i try to add cyrus-sasl and ssl support. i end up with this in my logs.

Code:
Jun  5 13:10:35 factory postfix/master[12002]: warning: //usr/lib/postfix/smtpd: bad command startup -- throttling


so its most definitely an option issue of some sort. im just not sure which one (arg!). heres a posconf -n, and the output of the diff between the working non-ssl/sasl version and one with ssl/sasl enabled.

Code:
#  postconf -n
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = //usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 10
home_mailbox = .maildir/
html_directory = /usr/share/doc/postfix-2.6.5/html
inet_interfaces = all
local_destination_concurrency_limit = 2
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = somedomain.ca
myhostname = factory.somedomain.ca
mynetworks = xx.199.xx.46/32,xx.172.xx.200/32,127.0.0.0/8
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.5/readme
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
unknown_local_recipient_reject_code = 550


Code:
# diff main.cf.BROKEN no-ssl/main.cf.NO_SSL
661,691d660
< #
< # SASL AUTH
< smtpd_sasl_auth_enable = yes
< smtpd_sasl2_auth_enable = yes
< smtpd_sasl_security_options = noanonymous
< # broken_ options for undocumented outlook/OE problems.
< broken_sasl_auth_clients = yes
< # appends local domain to clients using auth, must be blank or will get mangled.
< smtpd_sasl_local_domain =
< #
< smtpd_recipient_restrictions =
<        permit_sasl_authenticated,
<        permit_mynetworks,
<        reject_unauth_destination
< # smtp_ options enable outbount crypt
< smtp_use_tls = yes
< smtp_tls_note_starttls_offer = yes
< smtpd_use_tls = yes
< # this can be turned on later, if needed.
< #smtpd_tls_auth_only = yes
< smtpd_tls_key_file = /etc/postfix/postfix_key.pem
< smtpd_tls_cert_file = /etc/postfix/postfix_cert.pem
< smtpd_tls_CAfile = /etc/postfix/postfix_cacert.pem
< smtpd_tls_loglevel = 3
< smtpd_tls_received_header = yes
< smtpd_tls_session_cache_timeout = 3600s
< tls_random_source = dev:/dev/urandom
< #
< # LOCAL ACCESS LISTS: local black and whitelisting
< smtp_client_restrictions = check_client_access hash:/etc/postfix/access_lists/blacklist.local
< smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/access_lists/blacklist.local


im sure this is something im just not seeing. ive tried enabling/disabling various opts, and have been doing some reading - no positive results yet. any help is appreciated.


Last edited by -neX- on Mon Jun 07, 2010 11:07 pm; edited 1 time in total
Back to top
View user's profile Send private message
magic919
Advocate
Advocate


Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK

PostPosted: Sun Jun 06, 2010 10:21 am    Post subject: Reply with quote

smtp_client_restrictions
Back to top
View user's profile Send private message
-neX-
n00b
n00b


Joined: 29 Apr 2005
Posts: 44

PostPosted: Sun Jun 06, 2010 4:27 pm    Post subject: Reply with quote

magic919 wrote:
smtp_client_restrictions


removed both smtp_client_restrictions and smtpd_recipient_restrictions, no change.
Back to top
View user's profile Send private message
magic919
Advocate
Advocate


Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK

PostPosted: Sun Jun 06, 2010 5:33 pm    Post subject: Reply with quote

Now drop out TLS and test with just the SASL. When you reload Postfix ensure you are not missing earlier errors in the logs.
Back to top
View user's profile Send private message
-neX-
n00b
n00b


Joined: 29 Apr 2005
Posts: 44

PostPosted: Mon Jun 07, 2010 11:06 pm    Post subject: Reply with quote

magic919 wrote:
Now drop out TLS and test with just the SASL. When you reload Postfix ensure you are not missing earlier errors in the logs.


i tried doing something similar -- but not disabling all the options. so i took this step and it led me to this log entry.

Code:
Jun  6 12:27:50 factory postfix/smtpd[5872]: warning: SASL per-process initialization failed: generic failure


this error was due to a bad option in my /etc/sasl2/smtpd.conf file. the file was actually filled with junk. not sure how that happened. after i fixed up that file and went back and enabled the other options in postfix/main.cf, things worked just fine.

thanks!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum