OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Problem with Postfix and LDAP (SSL / TLS)

From: Artur Muecke (muecketyntec.biz)
Date: Thu Jan 17 2008 - 05:28:15 CST

Yeah, I fixed the problem. Thx for the hints to Wietse Venema!

Btw, LDAP is not linked against GNUTLS in debian:

libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7e4e000)

The problem was, that postfix cant access the random files (/dev/[u]random)
from the chroot environment.
All I had to do is to copy the files to the chroot environment like that:

mkdir /var/spool/postfix/dev
copy -a /dev/random /var/spool/postfix/dev
copy -a /dev/urandom /var/spool/postfix/dev

Thats all. You dont have to change any chroot settings in master.cf. I think
thats the best way to fix the problem rather then removing postfix from
chroot.

Cheers,

Artur

--
Artur Muecke
System Administration
TynTec GmbH

Tel: +49 231 47 79 04 89
Fax: +49 231 1 08 79 92
Email: muecketyntec.biz
http: www.tyntec.biz

"There are 10 kinds of people in the world, those who understand binary
math, and those who don't."
On Wednesday 16 January 2008 17:05:17 you wrote:
> Artur Muecke:
> > Thx for your answer. What else can I use to make it work and how?
>
> I repeat: Postfix has no code that does "exit 2". I have no control
> over non-Postfix code that users or distributors insist in putting
> into Postfix.
>
> Wietse
>
> > I got another answer by the list:
> >
> > "If you remove smtpd and cleanup from the jail, its work. I can't solve
> > this problem too."
> >
> > I tried it by removing the smtpd in the master.cf from the chroot.
> >
> > # service type private unpriv chroot wakeup maxproc command + args
> > # (yes) (yes) (yes) (never) (100)
> > #
> > =========================================================================
> >= smtp inet n - - - - smtpd
> > # changed to:
> > smtp inet n - n - - smtpd
> >
> >
> > Still no success. :-/
> >
> >
> > Would be glad about some hints.
> >
> >
> >
> > --
> > "There are 10 kinds of people in the world, those who understand binary
> > math, and those who don't."
> >
> > On Wednesday 16 January 2008 16:25:23 Wietse Venema wrote:
> > > Artur Muecke:
> > > > Jan 16 15:45:16 toa20 postfix/master[13359]: warning:
> > > > process /usr/lib/postfix/trivial-rewrite pid 13370 exit status 2
> > > > Jan 16 15:45:16 toa20 postfix/master[13359]:
> > > > warning: /usr/lib/postfix/trivial-rewrite: bad command startup --
> > > > throttling
> > >
> > > Postfix has no "exit 2" anywhere in its code, however GNU TLS does,
> > > and must not be used with Postfix.
> > >
> > > Wietse