From: Benjamin Zwittnig (benjamin.zwittnigarnes.si)
Date: Wed Sep 05 2007 - 04:13:35 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> What happens, if you remove the -o option line, reload postfix and telnet to
> the submission port? Does it keep the channel open then and can you do a
> regular smtp session?
>
>
Without -o smtpd_sasl_auth_enable=yes submission works like a normal
smtp channel:

# telnet localhost 587
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.xx.yy ESMTP Postfix
ehlo localhost
250-mail.xx.yy
250-PIPELINING
250-SIZE 13534336
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.

>> I have found something else in the log files:
>>
>> Sep 5 09:31:25 mail postfix/master[9958]: warning: process /opt/postfix/sbin/smtpd pid 8126 exit status 1
>> Sep 5 09:31:25 mail postfix/master[9958]: warning: /opt/postfix/sbin/smtpd: bad command startup -- throttling
>>
>
> Quite likely a result of the bad security parameter.
>
>
>
>>>>>> In the postfix log there are only two lines indicating
>>>>>> the problem:
>>>>>>
>>>>>> Sep 4 13:55:01 mail postfix/smtpd[6149]: warning: SASL per-connection
>>>>>> security setup; invalid parameter supplied
>>>>>> Sep 4 13:55:01 mail postfix/smtpd[6149]: fatal: SASL per-connection
>>>>>> initialization failed
>>>>>>
>>>>>>
>>> I've searched the source code for the error messages and it seems to me - I
>>> am not a programmer - that the message "invalid parameter supplied" stems
>>>
>> >from the SASL library returning the error in xsasl_cyrus_server.c.
>>
>>> However I don't remember ever having seen this before, so its probably
>>> better to get somebody to deal with your problem who knows to interpret the
>>> code.
>>>
>>>
>> I can send you strace of the smtpd process. The sasl libraries are CentOS
>> default libraries which come with the system.
>>
>
> Yes, please do so. You did build Postfix yourself? Did you throw the switch to
> add Cyrus SASL? What was your build statement?
>
>
 $ make makefiles CCARGS="-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL
-DHAS_MYSQL -I/opt/mysql/include/mysql" AUXLIBS="-L/opt/mysql/lib/mysql
-lssl -lcrypto -lsasl2 -lmysqlclient -lz -lm"

Strace is on http://www2.arnes.si/~bzwitt/smtpd-strace

>>>>> No idea where this comes from. Simplify the setup. Make it work with
>>>>> smtpd first, the go for submission.
>>>>>
>>>>>
>>>> I use similar configuration (sasl authentication only for the submission
>>>> channel) on a machine running FreeBSD. It works there. I suspect
>>>> something might be 'wrong' with sasl setup on the linux machine.
>>>>
>
> Still: Does SMTP AUTH work with the regular smtpd? If it doesn't, the problem
> is more generic and we don't need to hunt submission down for it.
>
>

It doesn't work with the regular smtpd. The connection is closed without
greeting:

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
Connection closed by foreign host.

Regards,

Benjamin

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]