Re: Wierd postfix/cyrus SASL error...
--On Friday, June 01, 2007 14:55:23 +0530 Amarendra Godbole <[EMAIL PROTECTED]> wrote: Okay, after a lot of digging around, I got the error. Somehow something messed up during the portupgrade, and postfix started negotiating GSSAPI authentication with the smtp server. Since GSSAPI needs krb (kerberos) support, which was not configured, the auth failed. Adding the following lines to main.cf solved the problem, and postfix now happily chugs along: smtp_sasl_security_options = noanonymous, noplaintext smtp_sasl_mechanism_filter = login, ntlm Now it negotiates login or ntlm with the server, and the auth works fine. Thanks for all the help. My next stop is to figure out *what* changed during portupgrade (as my postfix config files were the same as before) that created this issue. Since Postfix is such a critical app, you might want to consider presetting the config you want in /usr/local/etc/pkgtools.conf to avoid surprises during portupgrade. -- Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Re: Wierd postfix/cyrus SASL error...
On 5/31/07, Paul Schmehl <[EMAIL PROTECTED]> wrote: I have a similar setup: smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname smtpd_sasl_application_name = smtpd broken_sasl_auth_clients = yes permit_sasl_authenticated But I don't use a db password file. Have you tried re-running the postfix hash utility (postmap) on the db? That's the first thing that I would try. [...] Okay, after a lot of digging around, I got the error. Somehow something messed up during the portupgrade, and postfix started negotiating GSSAPI authentication with the smtp server. Since GSSAPI needs krb (kerberos) support, which was not configured, the auth failed. Adding the following lines to main.cf solved the problem, and postfix now happily chugs along: smtp_sasl_security_options = noanonymous, noplaintext smtp_sasl_mechanism_filter = login, ntlm Now it negotiates login or ntlm with the server, and the auth works fine. Thanks for all the help. My next stop is to figure out *what* changed during portupgrade (as my postfix config files were the same as before) that created this issue. -Amarendra ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Wierd postfix/cyrus SASL error...
--On Thursday, May 31, 2007 14:48:55 +0530 Amarendra Godbole <[EMAIL PROTECTED]> wrote: Hi, I use postfix as an smtp client to deliver email to our enterprise smtp server. Since the smtp server needs authentication, I used cyrus sasl with postfix and things worked fine. After a portupgrade, postfix has stopped working, and gives some wierd authentication error. Googling did not help much, and hence I am posting here. Relevant details follow: --8<- Postfix version: postfix-2.4.1,1 Cyrus SASL version: cyrus-sasl-2.1.22 Postfix built with: (contents of makedefs.out) SYSTYPE = FREEBSD6 AR = ar ARFL= rv RANLIB = ranlib SYSLIBS = -L/usr/local/lib -lpcre -L/usr/local/lib -lsasl2 -lpam -lcrypt CC = cc -DHAS_PCRE -I/usr/local/include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I /usr/local/include -I/usr/local/include/sasl OPT = -O2 -fno-strict-aliasing -pipe DEBUG = AWK = awk STRCASE = EXPORT = AUXLIBS='-L/usr/local/lib -lpcre -L/usr/local/lib -lsasl2 -lpam -lcryp t' CCARGS='-DHAS_PCRE -I/usr/local/include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/u sr/local/include -I/usr/local/include/sasl' OPT='-O2 -fno-strict-aliasing -pipe ' DEBUG='' WARN= -Wall -Wno-comment -Wformat -Wimplicit -Wmissing-prototypes \ -Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \ -Wunused main.cf has the following entries: # cyrus sasl stuff smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd smtp_security_options = sasl_passwd.db exists created with postmap hash: command Error in the maillog shows: May 31 14:35:12 zimbu postfix/smtp[49765]: warning: SASL authentication failure: GSSAPI Error: Miscellaneous failure (see text) (open(/tmp/krb5cc_125): No such file or directory) May 31 14:35:12 zimbu postfix/smtp[49765]: 1E722B895: to=<[EMAIL PROTECTED]>, relay=smtp.foo.com[xx.xx.xx.xx]:25, delay=1.4, delays=0.02/0.01/1.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.foo.com[xx.xx.xx.xx]: generic failure) I don't quiet understand the first message of "no such file or directory". I used exactly the same configuration earlier, and postfix was happily working for the last year or so. Any pointers to fix this issue will be appreciated. Thanks in advance! I have a similar setup: smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname smtpd_sasl_application_name = smtpd broken_sasl_auth_clients = yes permit_sasl_authenticated But I don't use a db password file. Have you tried re-running the postfix hash utility (postmap) on the db? That's the first thing that I would try. -- Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Wierd postfix/cyrus SASL error...
Hi, I use postfix as an smtp client to deliver email to our enterprise smtp server. Since the smtp server needs authentication, I used cyrus sasl with postfix and things worked fine. After a portupgrade, postfix has stopped working, and gives some wierd authentication error. Googling did not help much, and hence I am posting here. Relevant details follow: --8<- Postfix version: postfix-2.4.1,1 Cyrus SASL version: cyrus-sasl-2.1.22 Postfix built with: (contents of makedefs.out) SYSTYPE = FREEBSD6 AR = ar ARFL= rv RANLIB = ranlib SYSLIBS = -L/usr/local/lib -lpcre -L/usr/local/lib -lsasl2 -lpam -lcrypt CC = cc -DHAS_PCRE -I/usr/local/include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I /usr/local/include -I/usr/local/include/sasl OPT = -O2 -fno-strict-aliasing -pipe DEBUG = AWK = awk STRCASE = EXPORT = AUXLIBS='-L/usr/local/lib -lpcre -L/usr/local/lib -lsasl2 -lpam -lcryp t' CCARGS='-DHAS_PCRE -I/usr/local/include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/u sr/local/include -I/usr/local/include/sasl' OPT='-O2 -fno-strict-aliasing -pipe ' DEBUG='' WARN= -Wall -Wno-comment -Wformat -Wimplicit -Wmissing-prototypes \ -Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \ -Wunused main.cf has the following entries: # cyrus sasl stuff smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd smtp_security_options = sasl_passwd.db exists created with postmap hash: command Error in the maillog shows: May 31 14:35:12 zimbu postfix/smtp[49765]: warning: SASL authentication failure: GSSAPI Error: Miscellaneous failure (see text) (open(/tmp/krb5cc_125): No such file or directory) May 31 14:35:12 zimbu postfix/smtp[49765]: 1E722B895: to=<[EMAIL PROTECTED]>, relay=smtp.foo.com[xx.xx.xx.xx]:25, delay=1.4, delays=0.02/0.01/1.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.foo.com[xx.xx.xx.xx]: generic failure) I don't quiet understand the first message of "no such file or directory". I used exactly the same configuration earlier, and postfix was happily working for the last year or so. Any pointers to fix this issue will be appreciated. Thanks in advance! -Amarendra ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"