2.8.0 smtpd killed while using TLS + SASL AUTH

Tue, 22 Feb 2011 12:47:36 -0800 

Hi,

I have postfix-2.8-20101007 working fine for all features for some time.
The problem is specific to my 2.8.0 build.

This is on Debian.  I built 2.8.0. with:

make makefiles CCARGS='-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -DUSE_TLS -I
/usr/include/sasl -I /usr/include -DSNAPSHOT' \
AUXLIBS='-L/usr/local/lib -lsasl2 -lssl -lcrypto -L/usr/lib'

which seemed to be how I had built postfix-2.8-20101007 (on same machine
some months ago).

If I make upgrade from the 2.8.0, I get most features working, but
attempts to connect to secure SMTP fail with:

Feb 22 16:15:18 myserv postfix-internal/smtpd[18103]: initializing the
server-side TLS engine
Feb 22 16:15:18 myserv postfix-internal/tlsmgr[18104]: open smtpd TLS cache
btree:/var/lib/postfix-internal/smtpd_tls_session_cache
Feb 22 16:15:18 myserv postfix-internal/tlsmgr[18104]:
tlsmgr_cache_run_event: start TLS smtpd session cache cleanup
Feb 22 16:15:18 myserv postfix-internal/smtpd[18103]: connect from
client.example.com[xxx.yyy.137.93]
Feb 22 16:15:18 myserv postfix-internal/smtpd[18103]: setting up TLS
connection from client.example.com[xxx.yyy.137.93]
Feb 22 16:15:18 myserv postfix-internal/smtpd[18103]:
client.example.com[xxx.yyy.137.93]:
TLS cipher list "ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
Feb 22 16:15:18 myserv postfix-internal/master[18086]: warning: process
/usr/libexec/postfix/smtpd pid 18103 killed by signal 11
Feb 22 16:15:18 myserv postfix-internal/master[18086]: warning:
/usr/libexec/postfix/smtpd: bad command startup -- throttling

I can immediately fix this by going back to my postfix-2.8-20101007
build area and running make upgrade to replace the binaries.
With 2.8-20101007 installed I can submit over secure ports.

The ldd links from both smtpd binaries are to the same library files.

I'm using TLS+SASL, set up within master.cf like so:

# Secure submission server on port 465 for Outlook Clients
131.162.201.5:465 inet n       -       n       -       -       smtpd
        -o smtpd_sasl_auth_enable=yes
        -o smtpd_use_tls=yes
        -o smtpd_enforce_tls=yes
        -o smtpd_tls_wrappermode=yes
        -o smtpd_sasl_tls_security_options=noanonymous
        -o smtpd_sasl_security_options=noanonymous
#
# Secure submission server on port 587 for non-Outlook Clients
131.162.201.5:587 inet n       -       n       -       -       smtpd
        -o smtpd_sasl_auth_enable=yes
        -o smtpd_use_tls=yes
        -o smtpd_enforce_tls=yes
        -o smtpd_tls_wrappermode=no
        -o smtpd_sasl_tls_security_options=noanonymous
        -o smtpd_sasl_security_options=noanonymous


Probably something small I'm overlooking again - most likely build related,
but I can't spot it.

--Donald

Reply via email to