Re: HELP! core dumps: install, mtree, et cetera all of the sudden after portmaster security/cyrus-sasl2
Am 08/16/12 21:44, schrieb Garrett Cooper: On Thu, Aug 16, 2012 at 8:33 AM, Hartmann, O. ohart...@zedat.fu-berlin.de wrote: I ran into a very delicate and nasty situation. ... On both FBSD 10 boxes, the installation of the port security/cyrus-sasl2 got corrupted by install and/or mtree dumping core and signalling SIGNAL 11. Booting into multiuser mode is impossible, login core dumps SIGNAL 11, many other daemons, too. The only way is to boot into single user mode. I'm not drawing a correlation between this and unrelated coredumping processes. Me neither, I report this for completeness, since I'm not a OS developer, such a behaviour could hint/indicate people who are involved in the OS development, what is going on. Sorry when I'm trying to be too precise (precise as precise I can be without the exact terminology!). An installation failed due to pkg(ng) was missing libarchive.so via portmaster or via core dumping install(1). By installing on one box, my home box, port security/cyrus-sasl2 manually, luckily install(1) and mtree(1) didn't coredump and it worked - and this precedure rescued me. But on my lab's development box, it doesn't work! Don't make delete-old-lib unless you have it moved off to compat directories, or have rebuilt everything using the new libarchive. I didn't! As I wrote before, this mess happened on ALL(!) freeBSD 10.0-CURRENT boxes in the very same way when I updated/reinstalled security/cyrus-sasl2. Moreover: I can reproduce this on all boxes. All my boxes use OpenLDAP as a backend with SASL2 enabled (not used so far). On this specific box, where this nasty problem also occured the same way by simply recompiling everything for port www/apache22, including the reinstallation of port security/cyrus-sasl2. Nearly every binary is suddenly coredumping (as on the home box). login, vi, install, devfs, syslogd, mtree, id, find ... a whole lot of binaries seem to be compromised by something I do not see (libsasl2.so perhaps?). truss the binaries to figure out exactly what's going wrong. I will try, but when this errative coredumps of binaries occur, nothing works properly that is using any kinf of dynamical loaded library! Only the binaries (static?) from /resucue/* do their work. A lot of this lost effort could be avoided (like others have posted on the list more than once), by having a centralized package distribution server, and by having VMs or jails and keeping snapshots with pre-upgrade state on the package building machine to avoid dead in the water scenarios like you're in right now. Yes, I'm working on this. it seems, that it becomes more relevant since I realized that FreeBSD suffers sometimes from misleaded ports or ports which suddenly are marked BROKEN and do not get compiled ... I tried to help myself via copying /rescue/vi to /usr/bin/vi to have at least a working vi. But in /rescue, I can not find install or mtree. I'm not familiar with the sophisticated ways of /rescue. Where are install(1) and mtree(1)? I ran into this issue too a little while ago. I basically gave up on recovering a VM and nuked and repaved it using a LiveCD with a chroot, some cp -p'ing, etc. But yes.. it would be nice if I could have recovered the system at least with a static toolchain: cc, binutils [equivalent], mtree, install, etc. This is how I recovered the nasty broken box. The other one was easy to recover by reinstalling security/cyrus-sasl2. I'm quite sure that there is something very foul with something in LDAP or SASL2, since I can reproduce that proplem. I saw that rtdl-elf has got some quirks these days, I will try to go behind the date/version of the source tree when it was committed and check whether this is the problem. ... Disabling this pkgng tag leads to reinstallation of missing packages, which are store in the pkgng sqlite format and not as ASCII anymore, but then I get /var/runld-elf.so.hints: No such file or directory Error: shared library iconv.3 does not exist. service ldconfig start ? Yes ... sorry ... in the heat of the fight I forgot ... but it doesn't make the problem go away. But most of the libs have never been touch! So what is the loader complaining about? ... I tried to find rescue images and a rescue DVD of a snap shot server, but there is no way to crawl through the informations on the web pages towards a snapshot. All folders end up in 2011 and highly outdated (www.freebsd.org, I didn't look at mirrors since I thought the main server carries the most recent stuff). This isn't funny. No lead, no hint, even in the download section. If someone has some hints how to recompile the sources with an emergency booted disk, I highly appreciate some desater advice. Maybe the release of FreeBSD-10-CURRENT sources I compiled do have accidentally a nasty bug, so it would be nice to update the sources and have a complete recompilation done. Thanks in advance, Simply
Re: HELP! core dumps: install, mtree, et cetera all of the sudden after portmaster security/cyrus-sasl2
On 08/16/12 17:44, Glen Barber wrote: On Thu, Aug 16, 2012 at 05:33:20PM +0200, Hartmann, O. wrote: I ran into a very delicate and nasty situation. On several boxes, FreeBSD 9.1-PRE and FreeBSD 10-CURRENT (build of CURRENT sources from yesterday, r239295 Wed August 15 17:04:51 CEST 2012 amd64, I had to recompile all requirements of port Apache22, since after the port update it core dumped. On FreeBSD 9.1-PRE, with pkg(ng), things went well. Recompilation and installation of all portmaster -f apache-2.2 requirements went perfect. On both FreeBSD 10-CURRENT boxes it ended up in a mess, all of a sudden(!), while reinstalling port security/cyrus-sasl2, things started to fail in a dramatik way! On both FBSD 10 boxes, the installation of the port security/cyrus-sasl2 got corrupted by install and/or mtree dumping core and signalling SIGNAL 11. Booting into multiuser mode is impossible, login core dumps SIGNAL 11, many other daemons, too. The only way is to boot into single user mode. An installation failed due to pkg(ng) was missing libarchive.so via There is pkg-static for recovering in this type of situation. Oh ... I'm new to pkg(ng). portmaster or via core dumping install(1). By installing on one box, my home box, port security/cyrus-sasl2 manually, luckily install(1) and mtree(1) didn't coredump and it worked - and this precedure rescued me. But on my lab's development box, it doesn't work! On this specific box, where this nasty problem also occured the same way by simply recompiling everything for port www/apache22, including the reinstallation of port security/cyrus-sasl2. Nearly every binary is suddenly coredumping (as on the home box). login, vi, install, devfs, syslogd, mtree, id, find ... a whole lot of binaries seem to be compromised by something I do not see (libsasl2.so perhaps?). I tried to help myself via copying /rescue/vi to /usr/bin/vi to have at least a working vi. But in /rescue, I can not find install or mtree. I'm not familiar with the sophisticated ways of /rescue. Where are install(1) and mtree(1)? Trying to reinstall security/cyrus-sasl2 from single-user fails due install coredumps. pkg(ng) fails due to missing libpkg.so.5 and even rejects being reinstalled. But /usr/local/lib/libpkg.so.0 is even there! Disabling the use of pkg with commenting out WITH_PKGNG=yes in /etc/make.conf leads to the above issues with mtree and install. Disabling this pkgng tag leads to reinstallation of missing packages, which are store in the pkgng sqlite format and not as ASCII anymore, but then I get /var/runld-elf.so.hints: No such file or directory Is this a typo, or literal transcription? (The missing / between 'run' and 'ld-elf.so.hints', that is.) A typo, sorry. I had to type it from the screen of the broken box to the laptop. Error: shared library iconv.3 does not exist. But most of the libs have never been touch! So what is the loader complaining about? Well, I'm floating like a dead man in the water and I'm glad that one box survided although suffering from the same symptomes. I tried to find rescue images and a rescue DVD of a snap shot server, but there is no way to crawl through the informations on the web pages towards a snapshot. All folders end up in 2011 and highly outdated (www.freebsd.org, I didn't look at mirrors since I thought the main server carries the most recent stuff). This isn't funny. No lead, no hint, even in the download section. Yes, I have been complaining about this for a while now... This is a so unneccessary issue. Why are people bothering themselfs with hiding a bit of information? If one isn't a cold-blood developer aware of all the neat knobs of FBSD and where to ask and where to look, a novice or not-so-well-informed guy like me run into frustration. The main page should have a hint present, where to find the newest stuff. Leaving the officiela page the way it is at the moment in this specific issue, it looks a bit unmaintained ... If someone has some hints how to recompile the sources with an emergency booted disk, I highly appreciate some desater advice. Maybe the release of FreeBSD-10-CURRENT sources I compiled do have accidentally a nasty bug, so it would be nice to update the sources and have a complete recompilation done. If you can get booted into a recovery medium, you can mount /usr/src and /usr/obj from the hosed system, and should be able to installworld/installkernel into the hosed system with DESTDIR set. Glen I do this the very moment with the RELEASE CD I found at allbsd.org for the most recent FBSD 10.0-CURRENT as from 16.08.2012. I try to build the sources and install them into the mounted DESTDIR. Oliver ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: HELP! core dumps: install, mtree, et cetera all of the sudden after portmaster security/cyrus-sasl2
On Fri, Aug 17, 2012 at 09:44:40AM +0200, Hartmann, O. wrote: An installation failed due to pkg(ng) was missing libarchive.so via There is pkg-static for recovering in this type of situation. Oh ... I'm new to pkg(ng). No worries. It is a nice thing to know about, since after a big shlib bump during an upgrade, if all else is broken, you can still at least get /rescue stuff and pkg-static to upgrade third party software. If someone has some hints how to recompile the sources with an emergency booted disk, I highly appreciate some desater advice. Maybe the release of FreeBSD-10-CURRENT sources I compiled do have accidentally a nasty bug, so it would be nice to update the sources and have a complete recompilation done. If you can get booted into a recovery medium, you can mount /usr/src and /usr/obj from the hosed system, and should be able to installworld/installkernel into the hosed system with DESTDIR set. I do this the very moment with the RELEASE CD I found at allbsd.org for the most recent FBSD 10.0-CURRENT as from 16.08.2012. I try to build the sources and install them into the mounted DESTDIR. I have lately been creating memstick images for this exact type of thing. On -CURRENT and 9-STABLE, you can do: # make -C /usr/src buildworld buildkernel # make -C /usr/src/release NOSRC=yes NODOCS=yes NOPORTS=yes memstick Then take the resulting memory stick image to use for recovery. Glen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
HELP! core dumps: install, mtree, et cetera all of the sudden after portmaster security/cyrus-sasl2
I ran into a very delicate and nasty situation. On several boxes, FreeBSD 9.1-PRE and FreeBSD 10-CURRENT (build of CURRENT sources from yesterday, r239295 Wed August 15 17:04:51 CEST 2012 amd64, I had to recompile all requirements of port Apache22, since after the port update it core dumped. On FreeBSD 9.1-PRE, with pkg(ng), things went well. Recompilation and installation of all portmaster -f apache-2.2 requirements went perfect. On both FreeBSD 10-CURRENT boxes it ended up in a mess, all of a sudden(!), while reinstalling port security/cyrus-sasl2, things started to fail in a dramatik way! On both FBSD 10 boxes, the installation of the port security/cyrus-sasl2 got corrupted by install and/or mtree dumping core and signalling SIGNAL 11. Booting into multiuser mode is impossible, login core dumps SIGNAL 11, many other daemons, too. The only way is to boot into single user mode. An installation failed due to pkg(ng) was missing libarchive.so via portmaster or via core dumping install(1). By installing on one box, my home box, port security/cyrus-sasl2 manually, luckily install(1) and mtree(1) didn't coredump and it worked - and this precedure rescued me. But on my lab's development box, it doesn't work! On this specific box, where this nasty problem also occured the same way by simply recompiling everything for port www/apache22, including the reinstallation of port security/cyrus-sasl2. Nearly every binary is suddenly coredumping (as on the home box). login, vi, install, devfs, syslogd, mtree, id, find ... a whole lot of binaries seem to be compromised by something I do not see (libsasl2.so perhaps?). I tried to help myself via copying /rescue/vi to /usr/bin/vi to have at least a working vi. But in /rescue, I can not find install or mtree. I'm not familiar with the sophisticated ways of /rescue. Where are install(1) and mtree(1)? Trying to reinstall security/cyrus-sasl2 from single-user fails due install coredumps. pkg(ng) fails due to missing libpkg.so.5 and even rejects being reinstalled. But /usr/local/lib/libpkg.so.0 is even there! Disabling the use of pkg with commenting out WITH_PKGNG=yes in /etc/make.conf leads to the above issues with mtree and install. Disabling this pkgng tag leads to reinstallation of missing packages, which are store in the pkgng sqlite format and not as ASCII anymore, but then I get /var/runld-elf.so.hints: No such file or directory Error: shared library iconv.3 does not exist. But most of the libs have never been touch! So what is the loader complaining about? Well, I'm floating like a dead man in the water and I'm glad that one box survided although suffering from the same symptomes. I tried to find rescue images and a rescue DVD of a snap shot server, but there is no way to crawl through the informations on the web pages towards a snapshot. All folders end up in 2011 and highly outdated (www.freebsd.org, I didn't look at mirrors since I thought the main server carries the most recent stuff). This isn't funny. No lead, no hint, even in the download section. If someone has some hints how to recompile the sources with an emergency booted disk, I highly appreciate some desater advice. Maybe the release of FreeBSD-10-CURRENT sources I compiled do have accidentally a nasty bug, so it would be nice to update the sources and have a complete recompilation done. Thanks in advance, oh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: HELP! core dumps: install, mtree, et cetera all of the sudden after portmaster security/cyrus-sasl2
On Thu, Aug 16, 2012 at 05:33:20PM +0200, Hartmann, O. wrote: I ran into a very delicate and nasty situation. On several boxes, FreeBSD 9.1-PRE and FreeBSD 10-CURRENT (build of CURRENT sources from yesterday, r239295 Wed August 15 17:04:51 CEST 2012 amd64, I had to recompile all requirements of port Apache22, since after the port update it core dumped. On FreeBSD 9.1-PRE, with pkg(ng), things went well. Recompilation and installation of all portmaster -f apache-2.2 requirements went perfect. On both FreeBSD 10-CURRENT boxes it ended up in a mess, all of a sudden(!), while reinstalling port security/cyrus-sasl2, things started to fail in a dramatik way! On both FBSD 10 boxes, the installation of the port security/cyrus-sasl2 got corrupted by install and/or mtree dumping core and signalling SIGNAL 11. Booting into multiuser mode is impossible, login core dumps SIGNAL 11, many other daemons, too. The only way is to boot into single user mode. An installation failed due to pkg(ng) was missing libarchive.so via There is pkg-static for recovering in this type of situation. portmaster or via core dumping install(1). By installing on one box, my home box, port security/cyrus-sasl2 manually, luckily install(1) and mtree(1) didn't coredump and it worked - and this precedure rescued me. But on my lab's development box, it doesn't work! On this specific box, where this nasty problem also occured the same way by simply recompiling everything for port www/apache22, including the reinstallation of port security/cyrus-sasl2. Nearly every binary is suddenly coredumping (as on the home box). login, vi, install, devfs, syslogd, mtree, id, find ... a whole lot of binaries seem to be compromised by something I do not see (libsasl2.so perhaps?). I tried to help myself via copying /rescue/vi to /usr/bin/vi to have at least a working vi. But in /rescue, I can not find install or mtree. I'm not familiar with the sophisticated ways of /rescue. Where are install(1) and mtree(1)? Trying to reinstall security/cyrus-sasl2 from single-user fails due install coredumps. pkg(ng) fails due to missing libpkg.so.5 and even rejects being reinstalled. But /usr/local/lib/libpkg.so.0 is even there! Disabling the use of pkg with commenting out WITH_PKGNG=yes in /etc/make.conf leads to the above issues with mtree and install. Disabling this pkgng tag leads to reinstallation of missing packages, which are store in the pkgng sqlite format and not as ASCII anymore, but then I get /var/runld-elf.so.hints: No such file or directory Is this a typo, or literal transcription? (The missing / between 'run' and 'ld-elf.so.hints', that is.) Error: shared library iconv.3 does not exist. But most of the libs have never been touch! So what is the loader complaining about? Well, I'm floating like a dead man in the water and I'm glad that one box survided although suffering from the same symptomes. I tried to find rescue images and a rescue DVD of a snap shot server, but there is no way to crawl through the informations on the web pages towards a snapshot. All folders end up in 2011 and highly outdated (www.freebsd.org, I didn't look at mirrors since I thought the main server carries the most recent stuff). This isn't funny. No lead, no hint, even in the download section. Yes, I have been complaining about this for a while now... If someone has some hints how to recompile the sources with an emergency booted disk, I highly appreciate some desater advice. Maybe the release of FreeBSD-10-CURRENT sources I compiled do have accidentally a nasty bug, so it would be nice to update the sources and have a complete recompilation done. If you can get booted into a recovery medium, you can mount /usr/src and /usr/obj from the hosed system, and should be able to installworld/installkernel into the hosed system with DESTDIR set. Glen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: HELP! core dumps: install, mtree, et cetera all of the sudden after portmaster security/cyrus-sasl2
On 8/16/2012 10:33 AM, Hartmann, O. wrote: I tried to find rescue images and a rescue DVD of a snap shot server, but there is no way to crawl through the informations on the web pages towards a snapshot. All folders end up in 2011 and highly outdated (www.freebsd.org, I didn't look at mirrors since I thought the main server carries the most recent stuff). This isn't funny. No lead, no hint, even in the download section. http://pub.allbsd.org/FreeBSD-snapshots/ Bryan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
HELP! core dumps: install, mtree, et cetera all of the sudden after portmaster security/cyrus-sasl2
I ran into a very delicate and nasty situation. On several boxes, FreeBSD 9.1-PRE and FreeBSD 10-CURRENT (build of CURRENT sources from yesterday, r239295 Wed August 15 17:04:51 CEST 2012 amd64, I had to recompile all requirements of port Apache22, since after the port update it core dumped. On FreeBSD 9.1-PRE, with pkg(ng), things went well. Recompilation and installation of all portmaster -f apache-2.2 requirements went perfect. On both FreeBSD 10-CURRENT boxes it ended up in a mess, all of a sudden(!), while reinstalling port security/cyrus-sasl2, things started to fail in a dramatik way! On both FBSD 10 boxes, the installation of the port security/cyrus-sasl2 got corrupted by install and/or mtree dumping core and signalling SIGNAL 11. Booting into multiuser mode is impossible, login core dumps SIGNAL 11, many other daemons, too. The only way is to boot into single user mode. An installation failed due to pkg(ng) was missing libarchive.so via portmaster or via core dumping install(1). By installing on one box, my home box, port security/cyrus-sasl2 manually, luckily install(1) and mtree(1) didn't coredump and it worked - and this precedure rescued me. But on my lab's development box, it doesn't work! On this specific box, where this nasty problem also occured the same way by simply recompiling everything for port www/apache22, including the reinstallation of port security/cyrus-sasl2. Nearly every binary is suddenly coredumping (as on the home box). login, vi, install, devfs, syslogd, mtree, id, find ... a whole lot of binaries seem to be compromised by something I do not see (libsasl2.so perhaps?). I tried to help myself via copying /rescue/vi to /usr/bin/vi to have at least a working vi. But in /rescue, I can not find install or mtree. I'm not familiar with the sophisticated ways of /rescue. Where are install(1) and mtree(1)? Trying to reinstall security/cyrus-sasl2 from single-user fails due install coredumps. pkg(ng) fails due to missing libpkg.so.5 and even rejects being reinstalled. But /usr/local/lib/libpkg.so.0 is even there! Disabling the use of pkg with commenting out WITH_PKGNG=yes in /etc/make.conf leads to the above issues with mtree and install. Disabling this pkgng tag leads to reinstallation of missing packages, which are store in the pkgng sqlite format and not as ASCII anymore, but then I get /var/runld-elf.so.hints: No such file or directory Error: shared library iconv.3 does not exist. But most of the libs have never been touch! So what is the loader complaining about? Well, I'm floating like a dead man in the water and I'm glad that one box survided although suffering from the same symptomes. I tried to find rescue images and a rescue DVD of a snap shot server, but there is no way to crawl through the informations on the web pages towards a snapshot. All folders end up in 2011 and highly outdated (www.freebsd.org, I didn't look at mirrors since I thought the main server carries the most recent stuff). This isn't funny. No lead, no hint, even in the download section. If someone has some hints how to recompile the sources with an emergency booted disk, I highly appreciate some desater advice. Maybe the release of FreeBSD-10-CURRENT sources I compiled do have accidentally a nasty bug, so it would be nice to update the sources and have a complete recompilation done. Thanks in advance, oh signature.asc Description: OpenPGP digital signature
Re: HELP! core dumps: install, mtree, et cetera all of the sudden after portmaster security/cyrus-sasl2
On Thu, Aug 16, 2012 at 11:33 AM, O. Hartmann ohart...@zedat.fu-berlin.de wrote: I ran into a very delicate and nasty situation. Please don't cross-post / double-post. Thanks, -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: HELP! core dumps: install, mtree, et cetera all of the sudden after portmaster security/cyrus-sasl2
On Thu, Aug 16, 2012 at 8:33 AM, Hartmann, O. ohart...@zedat.fu-berlin.de wrote: I ran into a very delicate and nasty situation. ... On both FBSD 10 boxes, the installation of the port security/cyrus-sasl2 got corrupted by install and/or mtree dumping core and signalling SIGNAL 11. Booting into multiuser mode is impossible, login core dumps SIGNAL 11, many other daemons, too. The only way is to boot into single user mode. I'm not drawing a correlation between this and unrelated coredumping processes. An installation failed due to pkg(ng) was missing libarchive.so via portmaster or via core dumping install(1). By installing on one box, my home box, port security/cyrus-sasl2 manually, luckily install(1) and mtree(1) didn't coredump and it worked - and this precedure rescued me. But on my lab's development box, it doesn't work! Don't make delete-old-lib unless you have it moved off to compat directories, or have rebuilt everything using the new libarchive. On this specific box, where this nasty problem also occured the same way by simply recompiling everything for port www/apache22, including the reinstallation of port security/cyrus-sasl2. Nearly every binary is suddenly coredumping (as on the home box). login, vi, install, devfs, syslogd, mtree, id, find ... a whole lot of binaries seem to be compromised by something I do not see (libsasl2.so perhaps?). truss the binaries to figure out exactly what's going wrong. A lot of this lost effort could be avoided (like others have posted on the list more than once), by having a centralized package distribution server, and by having VMs or jails and keeping snapshots with pre-upgrade state on the package building machine to avoid dead in the water scenarios like you're in right now. I tried to help myself via copying /rescue/vi to /usr/bin/vi to have at least a working vi. But in /rescue, I can not find install or mtree. I'm not familiar with the sophisticated ways of /rescue. Where are install(1) and mtree(1)? I ran into this issue too a little while ago. I basically gave up on recovering a VM and nuked and repaved it using a LiveCD with a chroot, some cp -p'ing, etc. But yes.. it would be nice if I could have recovered the system at least with a static toolchain: cc, binutils [equivalent], mtree, install, etc. ... Disabling this pkgng tag leads to reinstallation of missing packages, which are store in the pkgng sqlite format and not as ASCII anymore, but then I get /var/runld-elf.so.hints: No such file or directory Error: shared library iconv.3 does not exist. service ldconfig start ? But most of the libs have never been touch! So what is the loader complaining about? ... I tried to find rescue images and a rescue DVD of a snap shot server, but there is no way to crawl through the informations on the web pages towards a snapshot. All folders end up in 2011 and highly outdated (www.freebsd.org, I didn't look at mirrors since I thought the main server carries the most recent stuff). This isn't funny. No lead, no hint, even in the download section. If someone has some hints how to recompile the sources with an emergency booted disk, I highly appreciate some desater advice. Maybe the release of FreeBSD-10-CURRENT sources I compiled do have accidentally a nasty bug, so it would be nice to update the sources and have a complete recompilation done. Thanks in advance, Simply put: fix your infrastructure (as this isn't the first time you have complained about infrastructure issues on the MLs). A lot of these issues should not be issues if you set up your infrastructure properly to deal with building things only once, backup packages before installation, you had snapshots of your system, etc. This will help you avoid administration pain, and hopefully will result in less duplicated work. Cheers, -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
anyone familiar with cyrus-sasl2? Allocating sasl connection state: generic failure
Hi, I am in the process of upgrading my laptop from 8- to 9-STABLE, thus also rebuilding a LOT of ports. I now notice that Postfix stopped to work with SASL AUTH (TLS and unencrypted is fine), and it appears that the problem is with cyrus-sasl2. I've gotten as far as building the sample server and client and when I try to start sample-server it returns sample-server: Allocating sasl connection state: generic failure Could someone please with better knowledge take a look at the trace below (follow the link) and possible find out where the problem lies? Most likely something I screwed up myself... Thanks! - Attachments https://webmail.inter-sonic.com/imp/attachment.php?u=peobsdt=1329166070f=cyrus-sasl2-ktrace ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
anyone familiar with cyrus-sasl2? Allocating sasl connection state: generic failure
Hi, I am in the process of upgrading my laptop from 8- to 9-STABLE, thus also rebuilding a LOT of ports. I now notice that Postfix stopped to work with SASL AUTH (TLS and unencrypted is fine), and it appears that the problem is with cyrus-sasl2. I've gotten as far as building the sample server and client and when I try to start sample-server it returns sample-server: Allocating sasl connection state: generic failure Could someone please with better knowledge take a look at the ktrace below (follow the link) and possible find out where the problem lies? Most likely something I screwed up myself... The command was ktrace -f ./ktrace ./sample-server -p 8000 -s rcmd -m PLAIN Thanks! - Attachments http://webmail.inter-sonic.com/imp/attachment.php?u=peobsdt=1329166070f=cyrus-sasl2-ktrace ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ldap with GSSAPI using security/cyrus-sasl2 with security/heimdal?
Earlier I tried GSSAPI authentication for ldap against heimdal in 8.1-RELEASE base and failed. Now I tried again with security/heimdal. I got: security/heimdal security/cyrus-sasl2 with HEIMDAL_HOME=/usr/local/ net/openldap24-server with WITH_SASL When I first tried ldapmodify -Z -Y GSSAPI -I -D CRED -H ldap://FQDN, I got: ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: No worthy mechs found In /var/log/auth.log, I found for slapd and ldapmodify: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: /usr/local/lib/sasl2/libgssapiv2.so.2: Undefined symbol gss_nt_service_name I found this discussion: http://www.mail-archive.com/heimdal-discuss@sics.se/msg00126.html Not sure what might be wrong with configure, I added the following line to config.h after running make configure and before make: #define HAVE_GSS_C_NT_HOSTBASED_SERVICE 1 With security/cyrus-sasl2 compiled that way, I do not get the Undefined symbol starting slapd anymore. Now ldapmodify gives me: ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80) additional info: SASL(-1): generic failure: GSSAPI Error: No credentials were supplied, or the credentials were unavailable or inaccessible. (unknown mech-code 0 for mech unknown) I am out of ideas. Do I even have the ldapmodify command correct? (I tried with -U u:USER and -X u:USER, too.) Is security/cyrus-sasl2 supposed to work with GSSAPI from security/heimdal? How should the undefined symbol be fixed properly? Is there anything more to fix with cyrus-sasl configure? Thanks for any ideas, Jan Henrik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
What Is the PATH to cyrus-sasl2?
Hi; I'm building openldap from source since I can't figure out how to pass arguments to the port. I need to build with cyrus-sasl2, which is built. However, I don't know what the path is, and my build can't find it by itself. Please help. TIA, Rachel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What Is the PATH to cyrus-sasl2?
On Wed, 15 Nov 2006, Rachel Florentine wrote: Hi; I'm building openldap from source since I can't figure out how to pass arguments to the port. I need to build with cyrus-sasl2, which is built. However, I don't know what the path is, and my build can't find it by itself. Please help. TIA, Rachel The generic approach to determining what a port has installed and where is this: pkg_info -L {package name} jan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What Is the PATH to cyrus-sasl2?
737373- Original Message From: Jan Grant [EMAIL PROTECTED] The generic approach to determining what a port has installed and where is this: pkg_info -L {package name} Thanks. It said it couldn't find it. I just decided to unistall it and install it from the tarball. Rachel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cyrus-sasl2
Hello Mike Attached you'll find the mail from Anish an me last year. Hope this helps. Do you use only sasldb2 or saslauthd? If not drop me a line. Am Fri, Oct 20, 2006 at 08:35:39AM -0400 Mike Spenard schrieb: Just looking to get sendmail auth working with pwcheck Martin Schweizer wrote: Hello Mike What do you need concretly? I use sendmail/cyrus imap (also replication on a second derver)/sieve (also websieve)/apache (incl. ssl). Am Fri, Oct 20, 2006 at 03:20:33PM -0400 Mike Spenard schrieb: Hey Martin, I saw this post, could I get those hints too? Thanks! Mike Spenard Hello Gerard I ran in the same trouble. With some changes you can use the article in the handbook. Should I send you my hints? Am Tue, Nov 08, 2005 at 08:36:32AM -0500 Gerard Seibert schrieb: / I found this notation on regarding cyrus-sasl on the FreeBSD site // http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html. /[snip] / Does this apply to cyrus-sasl2 as well? I tried 'make config' but that // produced nothing. I do not see any option for the 'pwcheck' option in // the Makefile. What, if any compile options should I include on the // command line? I am running FreeBSD 5.4 at present. My goal is to use sendmail and cyrus impad 2.3. The problem is if I change the mailer in sendmail.mc nothing appears. I also checked sendmail.cf. There are no other mailers the the default ones. I'm very confused about the problem. Any ideas are very welcome. I'm using cyrus-imapd22 in production on a few servers with the base=20 sendmail. I'm assuming you have cyrus-imapd23 setup correctly. # set the sendmail password check method touch /usr/local/lib/sasl2/Sendmail.conf # add pwcheck_method: saslauthd to use sasl database # or pwcheck_method: passwd for normal login password checking # add to /etc/make.conf SENDMAIL_CFLAGS+=3D -I/usr/local/include -DSASL=3D2 \ -D_FFR_SMTP_SSL -DSOCKETMAP SENDMAIL_LDFLAGS+=3D-L/usr/local/lib SENDMAIL_LDADD+=3D-lsasl2 # set box specific .mc file in /etc/make.conf so upgrades # don't wipe out our existing settings SENDMAIL_MC=3D/etc/mail/host.mydomain.com.mc # build shared sendmail libs cd /usr/src/lib/libsm \ make cleandir make depend make obj make cd /usr/src/lib/libsmutil \ make cleandir make depend make obj make # now rebuild sendmail in the base cd /usr/src/usr.sbin/sendmail \ make cleandir make depend make obj make make install # in for box specific .mc add dnl set SASL options define(`confAUTH_OPTIONS', `A p y')dnl dnl define(`confDEF_AUTH_INFO', /etc/mail/auth-info')dnl DAEMON_OPTIONS(`Port=3Dsmtp, Name=3DMSA, M=3DE')dnl DAEMON_OPTIONS(`Port=3Dsmtps, Name=3DTLSMSA, M=3DEs')dnl define(`confLOG_LEVEL', `13')dnl TRUST_AUTH_MECH(`LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS',`LOGIN PLAIN')dnl define(`confLOCAL_MAILER',`cyrusv2') # stop and restart sendmail cd /etc/mail make make install make stop make start # check if it worked! telnet localhost 25 ehlo localhost If you're trying to host mail for multiple domains you'll need to hack=20 the local ruleset to not strip the @domain.tld from the address=20 before it's passed to cyrus. The -DSOCKETMAP in the SENDMAIL_CFLAGS=20 is needed, but I use it with a special rule to verify the From:=20 address that comes from a locally hosted domain is actually valid by=20 looking it up via cyrus. =2D-=20 Anish Mistry --nextPart1950586.76sVkRoCBK Content-Type: application/pgp-signature -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQBD3Q4sxqA5ziudZT0RAr60AJ9peG8y/2Sw3CsOeWejr06v/GcmyQCaA6Nf QDiynagLlk2ngBGbhcUdUXQ= =2AAh -END PGP SIGNATURE- --nextPart1950586.76sVkRoCBK-- -- Regards Martin Schweizer [EMAIL PROTECTED] PC-Service M. Schweizer GmbH; Bannholzstrasse 6; CH-8608 Bubikon Tel. +41 55 243 30 00; Fax: +41 55 243 33 22; http://www.pc-service.ch; public key : http://www.pc-service.ch/pgp/public_key.asc; fingerprint: EC21 CA4D 5C78 BC2D 73B7 10F9 C1AE 1691 D30F D239; pgp6zaTsCMxEC.pgp Description: PGP signature
RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems
First, thank you for your reply. Second, I have figured out the problem of not being able to delete IMAP folders in Thunderbird. Apparently this is a client-side issue, not a server one. The answer is to unsubscribe the trash folder in Thunderbird. After unsubscribing, it still appears and operates normally, and you are then able to delete folders. I found the answer in forums regarding older versions of Mozilla Mail, which is why nothing turned up on a search for Thunderbird. Not sure of the exact cause, or if this indeed a bug or just something I missed in the documentation, but it works now. From: Ted Mittelstaedt [EMAIL PROTECTED] To: Greg Groth [EMAIL PROTECTED], [EMAIL PROTECTED] CC: freebsd-questions@freebsd.org Subject: RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems Date: Fri, 17 Feb 2006 04:11:15 -0800 Hi Greg, It is true there's a lot of software available but I have found over the years that a lot of the packages are good, and will work equally well on the back end. Most of the older ones have matured to the point that a rather common selection criteria is I chose that because that's what all my friends are running You really won't know what works the best unless you try all of the packages, and nobody has the time for that. So what you have to do is just pick one based on whatever sketchy research you turn up and spend some time on it, after a few months you will know if it's going to work for you or not. Most times it will work OK for you so your choice becomes one of which is better: knowing a few packages well, or a lot of packages not very well. A hobbiest/amateur is better off knowing a lot of packages not very well, because their fun is in trying out new things and learning how different things are done. But a manager of a production system is in the other boat, they need to know a few packages very, very well. You need to be aware of which kind of person your taking advice from. IMHO RedHat isn't much good unless you go the full meal deal and buy a support contract from RedHat. If you are upgrading from old 7/9 RH and you want to keep the RH universe, and you don't want to buy into support, then go to CentOS. RedHat was becoming a pain to deal with. It seemed to me, and this is just my opinion and worth the paper this email is printed on, that a lot of the software had been tweaked to where common solutions to common problems didn't work, and solutions had to be found for the specific version of RedHat I was using. Not that there's anything morally wrong with RedHat doing this, I just found it a pain when looking for answers to problems. Frankly I feel that one of the big problems with Linux right now is they are missing the boat on SATA RAID big time, and I mean really, really big time. Most server-quality motherboards these days come with RAID0/1 SATA chipsets, and disk drives are so cheap now that even people putting together little crummy servers are going mirrored SATA disks. But Linux has ignored this, claiming it's the responsibility of the manufacturers to write drivers, and most of them haven't. The Linux people all seem to think it's perfectly OK to go buy an Intel motherboard with onboard ICH7R RAID and disable that and drop $200 into a 3ware RAID card and plug that into the motherboard if you have the nerve to run RAID on anything other than a Real SCSI RAID array. Fine, let them delude themselves, it just puts Linux further and further away from the server arena. Most Linux distros have terrible or nonexistent support for Promise RAID cards as well, once again, really short-sighted. I don't know much on this subject I'm afraid, but I'm about to get into this because KnoppMyth apparently has issues running a SATA drive as a primary boot device. (Off the subject, but I tried getting MythTV running on RedHat FC4, and ran into too many issues getting it running to continue on that route). Anyway, getting back to your situation. We run SSL imap and pop3, with uw-imap. I recommend this route since it allows people to hit their maibox with both pop3 and imap and not get a lot of funny messages about popping down the placeholder message. uw-imap used to have a problem with really big e-mails years ago, it would swap itself to death building the tempfiles, this was fixed years ago. I did solve my SSL problem by recompiling UW-IMAP and Sendmail without SSL, and installing stunnel. Everything is working the way I want it configured. Hopefully there won't be any scalability issues, but I don't expect any in our tiny environment. We run SMTP AUTH but we don't run SSL SMTP. Why? Because way too many customers out there still run elderly versions of e-mail clients that can't handle SSL SMTP. If I was doing up a mailserver for a corporation I might consider SSL SMTP, but frankly, I think the idea that someone's going to sniff your password is highly overrated. Most people set their e-mail
RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems
the saved password from outlooks ini files, it's not like Microsoft encrypts it or anything. The worm leaves a back door and you scan the internet looking for the back doors. You will find plenty to keep yourself busy. We see customers that have had this done to them almost every day. By contrast I've never once seen a customer with an employee who wasn't a network administrator that knew what a packet sniffer was and how to use it. As far as WEP is concerned the trade rags constantly claim how insecure it is and how easy it is to brute force crack and obtain keys - once again, this is laboratory stuff, it's not visible in the real world. In the real world there are so many unsecured wireless networks in the average city that a cracker that turns on a wireless promiscious sniffer is going to see 3-4 networks, 3/4 of which are wide open, no matter where they go. What incentive is there to crack? And that's just the people dumb enough to leave SSID broadcasting turned on. Anyway, one last note for you. No matter what you use, just about all the instructions out there tell you to create a self-signed certificate for imap/ssl smtp/etc. do not do this! The Microsoft e-mail clients can't handle this. What you want to do is create a root certificate, then create certificates for all your https servers, your secure imap and pop servers, your ssl smtp, you name it. Sign all of them with the root CA. Then, insert the root CA into the list of trusted root CA's in the Microsoft browser on the client, and from that point on the Microsoft clients don't think you are running self-signed certificates anymore and do not whine, bitch and complain and you don't have to fumble around inserting a bunch of self-signed certificates for every little service you run into all your clients. That is for example how you get Outlook to speak SSL without paying Verisign. A lot of people fooling with self-signed certs have discovered to their dismay that only outlook express can have a self-signed cert installed, regular outlook from ms office cannot. Ted -Original Message- From: Greg Groth [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 14, 2006 8:14 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Subject: RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems From: Ted Mittelstaedt [EMAIL PROTECTED] To: Joe Auty [EMAIL PROTECTED], Kirk Davis [EMAIL PROTECTED] CC: Greg Groth [EMAIL PROTECTED], freebsd-questions@freebsd.org Subject: RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems Date: Tue, 14 Feb 2006 00:34:28 -0800 I'm sure glad that this message didn't pass through my work mailserver so that it's didn't see it, since my work e-mail inbox has 16383 messages in it (the limit that Outlook can display in IMAP mode) and is 412 megabytes in size, and performance is perfectly fine both with Outlook and Horde/IMP. I wouldn't want my mailserver reading it and thinking that it's OK to slack off. And yes I know I need to delete some messages, speak to the hand if your going to make that crack. This is imap-uw/sendmail. Perhaps you might consider that since you haven't run imap-uw in a while that your no longer qualified to make claims about it? Or perhaps you never had it setup properly? Or perhaps your hardware was slow? Nothing is wrong with Postfix / Courier-IMAP but nothing is wrong either with sendmail / uw-imap. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joe Auty Sent: Monday, February 13, 2006 1:53 PM To: Kirk Davis Cc: Greg Groth; freebsd-questions@freebsd.org Subject: Re: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems Hey Greg, Sorry if this completely throws a monkey wrench into your plans, but I feel inspired to interject since I once had a nearly identical setup as you... I switched to Postfix and Courier-IMAP since I found that performance of large mailboxes in IMAP-UW was pretty poor, especially over web- based email where messages are not cached. I switched to Postfix because it is so much more simple and straight forward than Sendmail. You should have no problems switching to Postfix, since it is basically Sendmail with a nicer wrapper/configuration. Just food for thought. I appreciate both of your comments, as I have stated I am new to BSD. Part of my problem is the huge amount of software available, and no good way to determine what will work better for my situation. Perhaps if I explain my situation, it would help some. We've been running Sendmail and a POP-Before-SMTP script for the last 6 years on a Redhat box. I think it started out on 5.2, and was up to 7.3 when it crashed 3 weeks ago. I had been planning to upgrade the server, and had a new box ready to go, but I had stalled on the OS. I didn't want to go down the Redhat route because of strictly personal issues that are more opinions than fact, and a friend suggest FreeBSD. The server crash pretty much
RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems
I'm sure glad that this message didn't pass through my work mailserver so that it's didn't see it, since my work e-mail inbox has 16383 messages in it (the limit that Outlook can display in IMAP mode) and is 412 megabytes in size, and performance is perfectly fine both with Outlook and Horde/IMP. I wouldn't want my mailserver reading it and thinking that it's OK to slack off. And yes I know I need to delete some messages, speak to the hand if your going to make that crack. This is imap-uw/sendmail. Perhaps you might consider that since you haven't run imap-uw in a while that your no longer qualified to make claims about it? Or perhaps you never had it setup properly? Or perhaps your hardware was slow? Nothing is wrong with Postfix / Courier-IMAP but nothing is wrong either with sendmail / uw-imap. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joe Auty Sent: Monday, February 13, 2006 1:53 PM To: Kirk Davis Cc: Greg Groth; freebsd-questions@freebsd.org Subject: Re: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems Hey Greg, Sorry if this completely throws a monkey wrench into your plans, but I feel inspired to interject since I once had a nearly identical setup as you... I switched to Postfix and Courier-IMAP since I found that performance of large mailboxes in IMAP-UW was pretty poor, especially over web- based email where messages are not cached. I switched to Postfix because it is so much more simple and straight forward than Sendmail. You should have no problems switching to Postfix, since it is basically Sendmail with a nicer wrapper/configuration. Just food for thought. On Feb 13, 2006, at 4:25 PM, Kirk Davis wrote: Hi Greg, I'm trying to set up a FreeBSD 6.0 box as a mail server, and while everything seems to be working OK for the most part, I have run into two issues that I cannot resolve (I'm new to BSD, please bear with me). Install went as follows: Installed via FTP last night along with src - Sources for everything, IMAP-UW was compiled via ports with WITH_SSL_AND_PLAINTEXT enabled (same for cclient), OpenSSL, Cyrus-SASL2 Cyrus-SASL2-saslauthd were compiled via ports with no flags. Sendmail was installed with the base install and recompiled (after SASL2 was up and running) with the following options added to make.conf: # SASL (cyrus-sasl v2) sendmail build flags... SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 # Adding to enable alternate port (smtps) for sendmail... SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL I followed the instructions I found at http://www.bsdconspiracy.net/howto/sendmail.html, and had no problems with the install except for Sendmail. After recompiling sendmail, I added the following lines to the mail.server.mc file: define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl TRUST_AUTH_MECH(`PLAIN LOGIN')dnl define(`CERT_DIR', `/etc/mail/certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl This is your problem. The above line sets up the Sendmail daemon to listen on port 25 but the standard mc file distributed with FreeBSD also sets up a DAEMON port (it's at the end of the MC file). Here is what my DAEMON_OPTIONS lines look like. These should be the only DAEMON_OPTIONS lines in the mc file. dnl Enable for both IPv4 and IPv6 (optional) DAEMON_OPTIONS(`Name=IPv4, Family=inet') DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl After running (in /etc/mail) make clean, make cf, make install, make restart, SMTP no longer works, and I find the following in maillog and messages Feb 12 20:25:55 mail sm-mta[1213]: daemon IPv4: problem creating SMTP socket Feb 12 20:26:00 mail sm-mta[1213]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon IPv4: cannot bind: Address already in use When I try and stop sendmail, I get a message that the pid for Sendmail cannot be found. I end up killing the missing Sendmail daemon using KSysGuard If I remove this line - DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl from the mail.server.mc file, make cf, make install, make restart, sendmail starts normally. When trying to access from another machine on my network, I can only connect on port 25 without a secure connection (I'm using Thunderbird for this), although SMTP-AUTH is working correctly. Have you tried to setup your mail client to connect to port 465? This is the smtps (SMTP SSL) port. Any ideas on what I might need to do to get SSL / SMTP-AUTH working on SMTP? I took a look at the instructions in the handbook
RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems
From: Kirk Davis [EMAIL PROTECTED] To: Greg Groth [EMAIL PROTECTED] CC: freebsd-questions@freebsd.org Subject: RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems Date: Mon, 13 Feb 2006 14:25:04 -0700 Hi Greg, I'm trying to set up a FreeBSD 6.0 box as a mail server, and while everything seems to be working OK for the most part, I have run into two issues that I cannot resolve (I'm new to BSD, please bear with me). Install went as follows: Installed via FTP last night along with src - Sources for everything, IMAP-UW was compiled via ports with WITH_SSL_AND_PLAINTEXT enabled (same for cclient), OpenSSL, Cyrus-SASL2 Cyrus-SASL2-saslauthd were compiled via ports with no flags. Sendmail was installed with the base install and recompiled (after SASL2 was up and running) with the following options added to make.conf: # SASL (cyrus-sasl v2) sendmail build flags... SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 # Adding to enable alternate port (smtps) for sendmail... SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL I followed the instructions I found at http://www.bsdconspiracy.net/howto/sendmail.html, and had no problems with the install except for Sendmail. After recompiling sendmail, I added the following lines to the mail.server.mc file: define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl TRUST_AUTH_MECH(`PLAIN LOGIN')dnl define(`CERT_DIR', `/etc/mail/certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl This is your problem. The above line sets up the Sendmail daemon to listen on port 25 but the standard mc file distributed with FreeBSD also sets up a DAEMON port (it's at the end of the MC file). Here is what my DAEMON_OPTIONS lines look like. These should be the only DAEMON_OPTIONS lines in the mc file. dnl Enable for both IPv4 and IPv6 (optional) DAEMON_OPTIONS(`Name=IPv4, Family=inet') DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl That is what I was guessing, however I couldn't find a Sendmail for Dummies book that could explain The DAEMON_OPTIONS in language I understand. It's very easy to get lost in the online docs and the O'Reilly book, for me anyway. DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl After running (in /etc/mail) make clean, make cf, make install, make restart, SMTP no longer works, and I find the following in maillog and messages Feb 12 20:25:55 mail sm-mta[1213]: daemon IPv4: problem creating SMTP socket Feb 12 20:26:00 mail sm-mta[1213]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon IPv4: cannot bind: Address already in use When I try and stop sendmail, I get a message that the pid for Sendmail cannot be found. I end up killing the missing Sendmail daemon using KSysGuard If I remove this line - DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl from the mail.server.mc file, make cf, make install, make restart, sendmail starts normally. When trying to access from another machine on my network, I can only connect on port 25 without a secure connection (I'm using Thunderbird for this), although SMTP-AUTH is working correctly. Have you tried to setup your mail client to connect to port 465? This is the smtps (SMTP SSL) port. Yes I have. The above mentioned How-To states to have MS products connect on port 25, which didn't make a whole lot of sense to me, so I tried both 25 and 465 using Thunderbird. Thunderbird returned with a message that the SMTP server was not accepting connections. Now that I know what's wrong with my MC file, I'm guessing I havge to take a stronger look at my certificates and make sure that they're working correctly. I might have a path screwed up somewhere. Seems that if it's listening on 465, everything should be OK with Sendmail, but there might be a problem with SSL. Any ideas on what I might need to do to get SSL / SMTP-AUTH working on SMTP? I took a look at the instructions in the handbook, but they were written for SASL1. Running netstat shows smtps listening on 465, but when I try to telnet to that port, the server drops the connection. Hmm... It should connect but you will not see anything since it is expecting an SSL connection. My second problem is rather simple, after I create an IMAP folder, I am unable to delete it using a remote client. Thunderbird responds with The mail server responded: RENAME failed: Can't create mailbox node /home/User/Trash/: File exists. Nothing shows up in any of the server logs though. I have not seen this problem although I have it setup for an office of Outlook users. I would check the permissions on the folders
RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems
From: Ted Mittelstaedt [EMAIL PROTECTED] To: Joe Auty [EMAIL PROTECTED], Kirk Davis [EMAIL PROTECTED] CC: Greg Groth [EMAIL PROTECTED], freebsd-questions@freebsd.org Subject: RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems Date: Tue, 14 Feb 2006 00:34:28 -0800 I'm sure glad that this message didn't pass through my work mailserver so that it's didn't see it, since my work e-mail inbox has 16383 messages in it (the limit that Outlook can display in IMAP mode) and is 412 megabytes in size, and performance is perfectly fine both with Outlook and Horde/IMP. I wouldn't want my mailserver reading it and thinking that it's OK to slack off. And yes I know I need to delete some messages, speak to the hand if your going to make that crack. This is imap-uw/sendmail. Perhaps you might consider that since you haven't run imap-uw in a while that your no longer qualified to make claims about it? Or perhaps you never had it setup properly? Or perhaps your hardware was slow? Nothing is wrong with Postfix / Courier-IMAP but nothing is wrong either with sendmail / uw-imap. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joe Auty Sent: Monday, February 13, 2006 1:53 PM To: Kirk Davis Cc: Greg Groth; freebsd-questions@freebsd.org Subject: Re: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems Hey Greg, Sorry if this completely throws a monkey wrench into your plans, but I feel inspired to interject since I once had a nearly identical setup as you... I switched to Postfix and Courier-IMAP since I found that performance of large mailboxes in IMAP-UW was pretty poor, especially over web- based email where messages are not cached. I switched to Postfix because it is so much more simple and straight forward than Sendmail. You should have no problems switching to Postfix, since it is basically Sendmail with a nicer wrapper/configuration. Just food for thought. I appreciate both of your comments, as I have stated I am new to BSD. Part of my problem is the huge amount of software available, and no good way to determine what will work better for my situation. Perhaps if I explain my situation, it would help some. We've been running Sendmail and a POP-Before-SMTP script for the last 6 years on a Redhat box. I think it started out on 5.2, and was up to 7.3 when it crashed 3 weeks ago. I had been planning to upgrade the server, and had a new box ready to go, but I had stalled on the OS. I didn't want to go down the Redhat route because of strictly personal issues that are more opinions than fact, and a friend suggest FreeBSD. The server crash pretty much forced my hand, and my goal was to replicate what we had in place ASAP. Because of my (limited) knowledge of Sendmail, I went that route as I know nothing of the alternatives. I went with IMAP-UW because not because of anything I had read, but because I was attempting to get the POP-Before-SMTP port to work (which it didn't - long story), and IMAP-UW seemed a good alternative as it is a POP and IMAP server and was easily configured in POP-Before-SMTP. Since I could not find a POP-Before-SMTP solution that I could get to operate (I had problems with POP-Before-SMTP, and DRAC before throwing in the towel), I decided to switch to SMTP-AUTH. So here's my situation, we have about 25 users on the server. I need POP and IMAP that will operate with and without SSL, and SMTP that can handle SMTP-AUTH with and without SSL. Out of the 25 users, I have 3 that are email packrats, and have between 2-4 gigs of email apiece. They are currently using POP on Outlook Express, but will be switching over to IMAP on Thunderbird in the near future (I also have 5 users that I'm not sure what client they are using, we're hosting their domain - long story). Our office peronnel will be migrating to IMAP, using SSL when out of the office, and plain text when in. The five users in which we are hosting their email will remain on POP, and although SSL would be nice, I want the ability to offer plain text in case I run into client issues. Similar circumstances for SMTP, I can relay by domain for users on our network, and would like to use SMTP-AUTH for off-ste users. SSL preferred, but offer plain text in case of client issues. Last issue would be something that will play nice with SquirrelMail. Although I'm very familiar with administering Sendmail (starting, stopping, backing up, running makemaps), configuring is another story. While SMTP is pretty much running as stable as it ever has, I still have issues from time to time. For instance I am sending this from Hotmail as this list is currently bouncing email from my server because of some error I have not investigated yet. At this moment I am pretty much open to anything, but I don't have a good way of evaluating different options other than trial and error (and I'm kind of short on time). I know that a lot of times it comes
RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems
Sorry for the double submission, I totally screwed up. I have added my response this time... From: Ted Mittelstaedt [EMAIL PROTECTED] To: Joe Auty [EMAIL PROTECTED], Kirk Davis [EMAIL PROTECTED] CC: Greg Groth [EMAIL PROTECTED], freebsd-questions@freebsd.org Subject: RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems Date: Tue, 14 Feb 2006 00:34:28 -0800 I'm sure glad that this message didn't pass through my work mailserver so that it's didn't see it, since my work e-mail inbox has 16383 messages in it (the limit that Outlook can display in IMAP mode) and is 412 megabytes in size, and performance is perfectly fine both with Outlook and Horde/IMP. I wouldn't want my mailserver reading it and thinking that it's OK to slack off. And yes I know I need to delete some messages, speak to the hand if your going to make that crack. This is imap-uw/sendmail. Perhaps you might consider that since you haven't run imap-uw in a while that your no longer qualified to make claims about it? Or perhaps you never had it setup properly? Or perhaps your hardware was slow? Nothing is wrong with Postfix / Courier-IMAP but nothing is wrong either with sendmail / uw-imap. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joe Auty Sent: Monday, February 13, 2006 1:53 PM To: Kirk Davis Cc: Greg Groth; freebsd-questions@freebsd.org Subject: Re: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems Hey Greg, Sorry if this completely throws a monkey wrench into your plans, but I feel inspired to interject since I once had a nearly identical setup as you... I switched to Postfix and Courier-IMAP since I found that performance of large mailboxes in IMAP-UW was pretty poor, especially over web- based email where messages are not cached. I switched to Postfix because it is so much more simple and straight forward than Sendmail. You should have no problems switching to Postfix, since it is basically Sendmail with a nicer wrapper/configuration. Just food for thought. I appreciate both of your comments, as I have stated I am new to BSD. Part of my problem is the huge amount of software available, and no good way to determine what will work better for my situation. Perhaps if I explain my situation, it would help some. We've been running Sendmail and a POP-Before-SMTP script for the last 6 years on a Redhat box. I think it started out on 5.2, and was up to 7.3 when it crashed 3 weeks ago. I had been planning to upgrade the server, and had a new box ready to go, but I had stalled on the OS. I didn't want to go down the Redhat route because of strictly personal issues that are more opinions than fact, and a friend suggest FreeBSD. The server crash pretty much forced my hand, and my goal was to replicate what we had in place ASAP. Because of my (limited) knowledge of Sendmail, I went that route as I know nothing of the alternatives. I went with IMAP-UW because not because of anything I had read, but because I was attempting to get the POP-Before-SMTP port to work (which it didn't - long story), and IMAP-UW seemed a good alternative as it is a POP and IMAP server and was easily configured in POP-Before-SMTP. Since I could not find a POP-Before-SMTP solution that I could get to operate (I had problems with POP-Before-SMTP, and DRAC before throwing in the towel), I decided to switch to SMTP-AUTH. So here's my situation, we have about 25 users on the server. I need POP and IMAP that will operate with and without SSL, and SMTP that can handle SMTP-AUTH with and without SSL. Out of the 25 users, I have 3 that are email packrats, and have between 2-4 gigs of email apiece. They are currently using POP on Outlook Express, but will be switching over to IMAP on Thunderbird in the near future (I also have 5 users that I'm not sure what client they are using, we're hosting their domain - long story). Our office peronnel will be migrating to IMAP, using SSL when out of the office, and plain text when in. The five users in which we are hosting their email will remain on POP, and although SSL would be nice, I want the ability to offer plain text in case I run into client issues. Similar circumstances for SMTP, I can relay by domain for users on our network, and would like to use SMTP-AUTH for off-ste users. SSL preferred, but offer plain text in case of client issues. Last issue would be something that will play nice with SquirrelMail. Although I'm very familiar with administering Sendmail (starting, stopping, backing up, running makemaps), configuring is another story. While SMTP is pretty much running as stable as it ever has, I still have issues from time to time. For instance I am sending this from Hotmail as this list is currently bouncing email from my server because of some error I have not investigated yet. At this moment I am pretty much open to anything, but I don't have a good way of evaluating different options other
Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems
I'm trying to set up a FreeBSD 6.0 box as a mail server, and while everything seems to be working OK for the most part, I have run into two issues that I cannot resolve (I'm new to BSD, please bear with me). Install went as follows: Installed via FTP last night along with src - Sources for everything, IMAP-UW was compiled via ports with WITH_SSL_AND_PLAINTEXT enabled (same for cclient), OpenSSL, Cyrus-SASL2 Cyrus-SASL2-saslauthd were compiled via ports with no flags. Sendmail was installed with the base install and recompiled (after SASL2 was up and running) with the following options added to make.conf: # SASL (cyrus-sasl v2) sendmail build flags... SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 # Adding to enable alternate port (smtps) for sendmail... SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL I followed the instructions I found at http://www.bsdconspiracy.net/howto/sendmail.html, and had no problems with the install except for Sendmail. After recompiling sendmail, I added the following lines to the mail.server.mc file: define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl TRUST_AUTH_MECH(`PLAIN LOGIN')dnl define(`CERT_DIR', `/etc/mail/certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl After running (in /etc/mail) make clean, make cf, make install, make restart, SMTP no longer works, and I find the following in maillog and messages Feb 12 20:25:55 mail sm-mta[1213]: daemon IPv4: problem creating SMTP socket Feb 12 20:26:00 mail sm-mta[1213]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon IPv4: cannot bind: Address already in use When I try and stop sendmail, I get a message that the pid for Sendmail cannot be found. I end up killing the missing Sendmail daemon using KSysGuard If I remove this line - DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl from the mail.server.mc file, make cf, make install, make restart, sendmail starts normally. When trying to access from another machine on my network, I can only connect on port 25 without a secure connection (I'm using Thunderbird for this), although SMTP-AUTH is working correctly. Any ideas on what I might need to do to get SSL / SMTP-AUTH working on SMTP? I took a look at the instructions in the handbook, but they were written for SASL1. Running netstat shows smtps listening on 465, but when I try to telnet to that port, the server drops the connection. My second problem is rather simple, after I create an IMAP folder, I am unable to delete it using a remote client. Thunderbird responds with The mail server responded: RENAME failed: Can't create mailbox node /home/User/Trash/: File exists. Nothing shows up in any of the server logs though. Hopefully this is the right list for these questions, if not, could someone please direct me to the correct one? Any advice anyone can give me on either of these problems would be greatly appreciated. Greg Groth _ Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems
Hi Greg, I'm trying to set up a FreeBSD 6.0 box as a mail server, and while everything seems to be working OK for the most part, I have run into two issues that I cannot resolve (I'm new to BSD, please bear with me). Install went as follows: Installed via FTP last night along with src - Sources for everything, IMAP-UW was compiled via ports with WITH_SSL_AND_PLAINTEXT enabled (same for cclient), OpenSSL, Cyrus-SASL2 Cyrus-SASL2-saslauthd were compiled via ports with no flags. Sendmail was installed with the base install and recompiled (after SASL2 was up and running) with the following options added to make.conf: # SASL (cyrus-sasl v2) sendmail build flags... SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 # Adding to enable alternate port (smtps) for sendmail... SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL I followed the instructions I found at http://www.bsdconspiracy.net/howto/sendmail.html, and had no problems with the install except for Sendmail. After recompiling sendmail, I added the following lines to the mail.server.mc file: define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl TRUST_AUTH_MECH(`PLAIN LOGIN')dnl define(`CERT_DIR', `/etc/mail/certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl This is your problem. The above line sets up the Sendmail daemon to listen on port 25 but the standard mc file distributed with FreeBSD also sets up a DAEMON port (it's at the end of the MC file). Here is what my DAEMON_OPTIONS lines look like. These should be the only DAEMON_OPTIONS lines in the mc file. dnl Enable for both IPv4 and IPv6 (optional) DAEMON_OPTIONS(`Name=IPv4, Family=inet') DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl After running (in /etc/mail) make clean, make cf, make install, make restart, SMTP no longer works, and I find the following in maillog and messages Feb 12 20:25:55 mail sm-mta[1213]: daemon IPv4: problem creating SMTP socket Feb 12 20:26:00 mail sm-mta[1213]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon IPv4: cannot bind: Address already in use When I try and stop sendmail, I get a message that the pid for Sendmail cannot be found. I end up killing the missing Sendmail daemon using KSysGuard If I remove this line - DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl from the mail.server.mc file, make cf, make install, make restart, sendmail starts normally. When trying to access from another machine on my network, I can only connect on port 25 without a secure connection (I'm using Thunderbird for this), although SMTP-AUTH is working correctly. Have you tried to setup your mail client to connect to port 465? This is the smtps (SMTP SSL) port. Any ideas on what I might need to do to get SSL / SMTP-AUTH working on SMTP? I took a look at the instructions in the handbook, but they were written for SASL1. Running netstat shows smtps listening on 465, but when I try to telnet to that port, the server drops the connection. Hmm... It should connect but you will not see anything since it is expecting an SSL connection. My second problem is rather simple, after I create an IMAP folder, I am unable to delete it using a remote client. Thunderbird responds with The mail server responded: RENAME failed: Can't create mailbox node /home/User/Trash/: File exists. Nothing shows up in any of the server logs though. I have not seen this problem although I have it setup for an office of Outlook users. I would check the permissions on the folders in the user home directory. This is where the IMAP user forlders are by default. I usually setup the clients to use the base imap if Mail and then create a Mail directory in the user home directory. That way the mail folders don't get messed up with the user stuff. Hopefully this is the right list for these questions, if not, could someone please direct me to the correct one? Any advice anyone can give me on either of these problems would be greatly appreciated. Kirk Kirk Davis Senior Network Analyst, ITS Edmonton Public Schools 1-780-429-8308 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems
Hey Greg, Sorry if this completely throws a monkey wrench into your plans, but I feel inspired to interject since I once had a nearly identical setup as you... I switched to Postfix and Courier-IMAP since I found that performance of large mailboxes in IMAP-UW was pretty poor, especially over web- based email where messages are not cached. I switched to Postfix because it is so much more simple and straight forward than Sendmail. You should have no problems switching to Postfix, since it is basically Sendmail with a nicer wrapper/configuration. Just food for thought. On Feb 13, 2006, at 4:25 PM, Kirk Davis wrote: Hi Greg, I'm trying to set up a FreeBSD 6.0 box as a mail server, and while everything seems to be working OK for the most part, I have run into two issues that I cannot resolve (I'm new to BSD, please bear with me). Install went as follows: Installed via FTP last night along with src - Sources for everything, IMAP-UW was compiled via ports with WITH_SSL_AND_PLAINTEXT enabled (same for cclient), OpenSSL, Cyrus-SASL2 Cyrus-SASL2-saslauthd were compiled via ports with no flags. Sendmail was installed with the base install and recompiled (after SASL2 was up and running) with the following options added to make.conf: # SASL (cyrus-sasl v2) sendmail build flags... SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 # Adding to enable alternate port (smtps) for sendmail... SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL I followed the instructions I found at http://www.bsdconspiracy.net/howto/sendmail.html, and had no problems with the install except for Sendmail. After recompiling sendmail, I added the following lines to the mail.server.mc file: define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl TRUST_AUTH_MECH(`PLAIN LOGIN')dnl define(`CERT_DIR', `/etc/mail/certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl This is your problem. The above line sets up the Sendmail daemon to listen on port 25 but the standard mc file distributed with FreeBSD also sets up a DAEMON port (it's at the end of the MC file). Here is what my DAEMON_OPTIONS lines look like. These should be the only DAEMON_OPTIONS lines in the mc file. dnl Enable for both IPv4 and IPv6 (optional) DAEMON_OPTIONS(`Name=IPv4, Family=inet') DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl After running (in /etc/mail) make clean, make cf, make install, make restart, SMTP no longer works, and I find the following in maillog and messages Feb 12 20:25:55 mail sm-mta[1213]: daemon IPv4: problem creating SMTP socket Feb 12 20:26:00 mail sm-mta[1213]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon IPv4: cannot bind: Address already in use When I try and stop sendmail, I get a message that the pid for Sendmail cannot be found. I end up killing the missing Sendmail daemon using KSysGuard If I remove this line - DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl from the mail.server.mc file, make cf, make install, make restart, sendmail starts normally. When trying to access from another machine on my network, I can only connect on port 25 without a secure connection (I'm using Thunderbird for this), although SMTP-AUTH is working correctly. Have you tried to setup your mail client to connect to port 465? This is the smtps (SMTP SSL) port. Any ideas on what I might need to do to get SSL / SMTP-AUTH working on SMTP? I took a look at the instructions in the handbook, but they were written for SASL1. Running netstat shows smtps listening on 465, but when I try to telnet to that port, the server drops the connection. Hmm... It should connect but you will not see anything since it is expecting an SSL connection. My second problem is rather simple, after I create an IMAP folder, I am unable to delete it using a remote client. Thunderbird responds with The mail server responded: RENAME failed: Can't create mailbox node /home/User/Trash/: File exists. Nothing shows up in any of the server logs though. I have not seen this problem although I have it setup for an office of Outlook users. I would check the permissions on the folders in the user home directory. This is where the IMAP user forlders are by default. I usually setup the clients to use the base imap if Mail and then create a Mail directory in the user home directory. That way the mail folders don't get messed up with the user stuff. Hopefully this is the right list for these questions, if not, could someone please direct me to the correct one? Any advice anyone can give me on either of these problems would
Re: cyrus-sasl2 compile option
Hello Gerard I ran in the same trouble. With some changes you can use the article in the handbook. Should I send you my hints? Am Tue, Nov 08, 2005 at 08:36:32AM -0500 Gerard Seibert schrieb: I found this notation on regarding cyrus-sasl on the FreeBSD site http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html. [snip] Does this apply to cyrus-sasl2 as well? I tried 'make config' but that produced nothing. I do not see any option for the 'pwcheck' option in the Makefile. What, if any compile options should I include on the command line? I am running FreeBSD 5.4 at present. -- Regards Martin Schweizer [EMAIL PROTECTED] PC-Service M. Schweizer GmbH; Bannholzstrasse 6; CH-8608 Bubikon Tel. +41 55 243 30 00; Fax: +41 55 243 33 22; http://www.pc-service.ch; public key : http://www.pc-service.ch/pgp/public_key.asc; fingerprint: EC21 CA4D 5C78 BC2D 73B7 10F9 C1AE 1691 D30F D239; pgpVO995gpwTH.pgp Description: PGP signature
Re[2]: cyrus-sasl2 compile option
On Sunday, November 20, 2005 12:50:33 PM, Martin Schweizer [EMAIL PROTECTED] Subject: Re: cyrus-sasl2 compile option Wrote these words of wisdom: Hello Gerard I ran in the same trouble. With some changes you can use the article in the handbook. Should I send you my hints? Am Tue, Nov 08, 2005 at 08:36:32AM -0500 Gerard Seibert schrieb: I found this notation on regarding cyrus-sasl on the FreeBSD site http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html. [snip] Does this apply to cyrus-sasl2 as well? I tried 'make config' but that produced nothing. I do not see any option for the 'pwcheck' option in the Makefile. What, if any compile options should I include on the command line? I am running FreeBSD 5.4 at present. -- Regards Martin Schweizer [EMAIL PROTECTED] PC-Service M. Schweizer GmbH; Bannholzstrasse 6; CH-8608 Bubikon Tel. +41 55 243 30 00; Fax: +41 55 243 33 22; http://www.pc-service.ch; public key : http://www.pc-service.ch/pgp/public_key.asc; fingerprint: EC21 CA4D 5C78 BC2D 73B7 10F9 C1AE 1691 D30F D239; * REPLY SEPARATOR * On 10/11/2005 5:29:42 PM, Gerard Replied: Send away! -- Gerard Seibert [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cyrus-sasl2 compile option
I found this notation on regarding cyrus-sasl on the FreeBSD site http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html. This is a snippet of the article: Install security/cyrus-sasl from the ports. You can find this port in security/cyrus-sasl. security/cyrus-sasl has a number of compile time options to choose from and, for the method we will be using here, make sure to select the pwcheck option. Does this apply to cyrus-sasl2 as well? I tried 'make config' but that produced nothing. I do not see any option for the 'pwcheck' option in the Makefile. What, if any compile options should I include on the command line? I am running FreeBSD 5.4 at present. -- Gerard Seibert [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Problems with cyrus-sasl2 port
Hi all, I'm in trouble with the sasl2 port. Calling saslpasswd2 I obtain allways the same error mesage : saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found #saslpasswd2 -c admin I do a single test If I delete the sasl database /usr/local/etc/sasldb2 saslpasswd2 create a new database file with the good access rights According to the newsgroups mailing lists this is a hot topic, can anyone help me? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cyrus-sasl2 configuration
Gerard Seibert wrote: This document is available on the FreeBSD site: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html However, this doc references security/cyrus-sasl version 1.x. Is it still relevant to version2.x? If so, are there any specific changes that should be made to the installation? I think the modification I made in the following statements is correct, but I am not sure. SENDMAIL_CFLAGS=-I/usr/local/include/sasl2 -DSASL SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl One last question. In the above document, there is a reference to 'pwcheck'. Is the port suppose to be built with that option and if so, how do I go about setting it? From the Sendmail.README file of the cyrus-sasl2 port. # Add SMTP AUTH support to Sendmail SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS+= -L/usr/local/lib SENDMAIL_LDADD+=-lsasl2 Take a look at this readme to start. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cyrus-sasl2 configuration
This document is available on the FreeBSD site: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html However, this doc references security/cyrus-sasl version 1.x. Is it still relevant to version2.x? If so, are there any specific changes that should be made to the installation? I think the modification I made in the following statements is correct, but I am not sure. SENDMAIL_CFLAGS=-I/usr/local/include/sasl2 -DSASL SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl One last question. In the above document, there is a reference to 'pwcheck'. Is the port suppose to be built with that option and if so, how do I go about setting it? -- Gerard Seibert [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cyrus-sasl2 error
Updating the everything in my 5.4 installation, during portupgrade -arR the system stops because cannot find a file ('cyrus-sasl-2.1.20_1'): ... === Registering installation for kdelibs-3.4.0_4 === SECURITY REPORT: This port has installed the following binaries which execute with increased privileges. /usr/local/bin/kpac_dhcp_helper /usr/local/bin/fileshareset /usr/local/bin/kgrantpty === Cleaning for xorg-libraries-6.8.2 === Cleaning for xterm-202 === Cleaning for kdelibs-3.4.0_4 --- Cleaning out obsolete shared libraries [Updating the pkgdb format:bdb1_btree in /var/db/pkg ... - 233 packages found (-0 +1) . done] --- Skipping 'deskutils/kdepim3' (kdepim-3.4.0) because a requisite package 'cyrus-sasl-2.1.20_1' (security/cyrus-sasl2) failed (specify -k to force) --- Skipping 'x11/kdebase3' (kdebase-3.4.0_1) because a requisite package 'cyrus-sasl-2.1.20_1' (security/cyrus-sasl2) failed (specify -k to force) --- Skipping 'misc/kdeutils3' (kdeutils-3.4.0) because a requisite package 'kdebase-3.4.0_1' (x11/kdebase3) failed (specify -k to force) --- Skipping 'x11-themes/kdeartwork3' (kdeartwork-3.4.0) because a requisite package 'kdebase-3.4.0_1' (x11/kdebase3) failed (specify -k to force) --- Skipping 'x11/kde-lite' (kde-lite-3.4.0) because a requisite package 'kdepim-3.4.0' (deskutils/kdepim3) failed (specify -k to force) ** Listing the failed packages (*:skipped / !:failed) ! security/cyrus-sasl2 (cyrus-sasl-2.1.20_1)(fetch error) ! x11-servers/xorg-server (xorg-server-6.8.2_1) (fetch error) * x11/xorg (xorg-6.8.2) * deskutils/kdepim3 (kdepim-3.4.0) * x11/kdebase3 (kdebase-3.4.0_1) * misc/kdeutils3 (kdeutils-3.4.0) * x11-themes/kdeartwork3 (kdeartwork-3.4.0) * x11/kde-lite (kde-lite-3.4.0) --- Packages processed: 10 done, 214 ignored, 6 skipped and 2 failed What should I do? Vittorio ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cyrus-sasl2-saslauthd no LDAP
Hi, On Wed, 19 Jan 2005 00:00:04 +0700 Muhammad Reza [EMAIL PROTECTED] said: reza I try to install /usr/port/security/cyrus-sasl2-saslauthd and expect reza LDAP auth_mech is enable by default. No, cyrus-sasl2-saslauthd doesn't include LDAP support by default. reza there is no LDAP auth_mech.. reza What should i do to enable it ? You need WITH_OPENLDAP=yes. Sincerely, -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan [EMAIL PROTECTED] [EMAIL PROTECTED],jp.}FreeBSD.org http://www.imasy.org/~ume/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cyrus-sasl2-saslauthd no LDAP
Muhammad Reza wrote: Muhammad Reza wrote: Dear List I try to install /usr/port/security/cyrus-sasl2-saslauthd and expect LDAP auth_mech is enable by default. but when i try to test with: beastie# /usr/local/sbin/saslauthd -v saslauthd 2.1.19 authentication mechanisms: sasldb getpwent kerberos5 pam rimap there is no LDAP auth_mech.. What should i do to enable it ? regard reza ___ I even upgrade my port, but it still not work @ my 5.3 STABLE but wok fine @ my 4.10 RELEASE. please help me regards reza ___ make clean make install -DWITH_OPENLDAP solve it.. regards reza ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cyrus-sasl2-saslauthd no LDAP
Dear List I try to install /usr/port/security/cyrus-sasl2-saslauthd and expect LDAP auth_mech is enable by default. but when i try to test with: beastie# /usr/local/sbin/saslauthd -v saslauthd 2.1.19 authentication mechanisms: sasldb getpwent kerberos5 pam rimap there is no LDAP auth_mech.. What should i do to enable it ? regard reza ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cyrus-sasl2-saslauthd no LDAP
Muhammad Reza wrote: Dear List I try to install /usr/port/security/cyrus-sasl2-saslauthd and expect LDAP auth_mech is enable by default. but when i try to test with: beastie# /usr/local/sbin/saslauthd -v saslauthd 2.1.19 authentication mechanisms: sasldb getpwent kerberos5 pam rimap there is no LDAP auth_mech.. What should i do to enable it ? regard reza ___ I even upgrade my port, but it still not work @ my 5.3 STABLE but wok fine @ my 4.10 RELEASE. please help me regards reza ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Cyrus-SASL2-2.1.20 MySQL crypt'ed passwords
Hi, Could anyone make this setup work? The patch for 2.1.19 applies cleanly to the ports tree and I can build sasl, but it ignores the settings on smtpd.conf (mainly password_format: crypt). I can auth @ SMTP using the encrypted password I find at the database, but no luck using the plaintext password (which cyrus-sasl should then crypt and check vs the database). -- Meaning the patch is having no effect, it is only checking the password feeded vs the database... Is there any way to have SMTP auth working with MySQL / crypt-stored passwords using postfix+cyrus-sasl2 ? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Cyrus-SASL2-2.1.20 MySQL crypt'ed passwords
Could anyone make this setup work? The patch for 2.1.19 applies cleanly to the ports tree and I can build sasl, but it ignores the settings on smtpd.conf (mainly password_format: crypt). I can auth @ SMTP using the encrypted password I find at the database, but no luck using the plaintext password (which cyrus-sasl should then crypt and check vs the database). -- Meaning the patch is having no effect, it is only checking the password feeded vs the database... Is there any way to have SMTP auth working with MySQL / crypt-stored passwords using postfix+cyrus-sasl2 ? smtpd.conf pwcheck_method: auxprop mech_list: PLAIN LOGIN auxprop_plugin: sql srp_mda: md5 password_format: crypt sql_engine: mysql sql_hostnames: localhost sql_database: postfix sql_user: X sql_passwd: X sql_verbose: yes sql_select: SELECT password FROM mailbox WHERE username = '[EMAIL PROTECTED]' - ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Cyrus-SASL2-2.1.20 MySQL crypt'ed passwords
That is exactly my smtpd.conf , I don't understand why it doesn't work :/ The password_format directive was incorporated on 2.1.20 ? Could anyone make this setup work? The patch for 2.1.19 applies cleanly to the ports tree and I can build sasl, but it ignores the settings on smtpd.conf (mainly password_format: crypt). I can auth @ SMTP using the encrypted password I find at the database, but no luck using the plaintext password (which cyrus-sasl should then crypt and check vs the database). -- Meaning the patch is having no effect, it is only checking the password feeded vs the database... Is there any way to have SMTP auth working with MySQL / crypt-stored passwords using postfix+cyrus-sasl2 ? smtpd.conf pwcheck_method: auxprop mech_list: PLAIN LOGIN auxprop_plugin: sql srp_mda: md5 password_format: crypt sql_engine: mysql sql_hostnames: localhost sql_database: postfix sql_user: X sql_passwd: X sql_verbose: yes sql_select: SELECT password FROM mailbox WHERE username = '[EMAIL PROTECTED]' - ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Cyrus-SASL2-2.1.20 MySQL crypt'ed passwords
It is accessing the database properly. SASL isn't even trying to check vs an encrypted password, if I feed it (at the SMTP auth) with the encrypted password I find at the database, it will accept it (like if it was a plaintext-password) That is exactly my smtpd.conf , I don't understand why it doesn't work :/ The password_format directive was incorporated on 2.1.20 ? smtpd.conf pwcheck_method: auxprop mech_list: PLAIN LOGIN auxprop_plugin: sql srp_mda: md5 password_format: crypt sql_engine: mysql sql_hostnames: localhost sql_database: postfix sql_user: X sql_passwd: X sql_verbose: yes sql_select: SELECT password FROM mailbox WHERE username = '[EMAIL PROTECTED]' - In this setup Sasl expects the passwords MD5 encrypted, not standaard UNIX crypt. Restart MySQL with the parameter --log and see what activity is logged. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Error after installing cyrus-sasl2-saslauthd
Trying to inststall cyrus-sasl2-saslauthd on Fresh 4.10-Release machine. Did make WITH_BDB_VER=42 install clean After that gets done with no errors, console and syslog pop up with this error saslpasswd2:error deleting entry from sasldb: DBNOTFOUND: No matching key/data pair found Trying to get this working as part of following cdr(from bsdforums.org) Postfix/Cyrus-sasl-cyrus-imap howto. Thanks for the help ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Error after installing cyrus-sasl2-saslauthd
--On Tuesday, August 17, 2004 03:03:51 PM -0500 Alex Thomas [EMAIL PROTECTED] wrote: Trying to inststall cyrus-sasl2-saslauthd on Fresh 4.10-Release machine. Did make WITH_BDB_VER=42 install clean After that gets done with no errors, console and syslog pop up with this error saslpasswd2:error deleting entry from sasldb: DBNOTFOUND: No matching key/data pair found Were there any key/data pairs in the sasldb2 database? Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Error after installing cyrus-sasl2-saslauthd
No. Had not added any. This popped up on console as soon as port was finished installing. Paul Schmehl wrote: --On Tuesday, August 17, 2004 03:03:51 PM -0500 Alex Thomas [EMAIL PROTECTED] wrote: Trying to inststall cyrus-sasl2-saslauthd on Fresh 4.10-Release machine. Did make WITH_BDB_VER=42 install clean After that gets done with no errors, console and syslog pop up with this error saslpasswd2:error deleting entry from sasldb: DBNOTFOUND: No matching key/data pair found Were there any key/data pairs in the sasldb2 database? Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Error Compiling cyrus-sasl2-saslauthd
Please don't top-post. Alex Thomas [EMAIL PROTECTED] writes: I found my problem. Current version of OpenSSL is 0.9.7d. Downloaded package of it off FreeBSD.org. Question now is, Why is my ports list so out of date? Just installed system today. Your ports list has nothing to do with it. Alex Thomas wrote: Trying to complie cyrus-sasl2-saslauthd from ports. Ports collection is up to date. --- Dependency warning: used OpenSSL version contains known vulnerabilities Please update or define either WITH_OPENSSL_BASE or WITH_OPENSSL_PORT *** Error code 1 Stop in /usr/ports/security/cyrus-sasl2-saslauthd. --- Checked version of OpenSSL that is installed to /usr/bin/openssl : OpenSSL 0.9.7c 30 Sep 2003 The most recent version in ports shows the same version. System is FreeBSD 5.2.1 fresh install. That's your base system. That *was* the latest version at the time FreeBSD 5.2.1 was created. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Error Compiling cyrus-sasl2-saslauthd
Trying to complie cyrus-sasl2-saslauthd from ports. Ports collection is up to date. --- Dependency warning: used OpenSSL version contains known vulnerabilities Please update or define either WITH_OPENSSL_BASE or WITH_OPENSSL_PORT *** Error code 1 Stop in /usr/ports/security/cyrus-sasl2-saslauthd. --- Checked version of OpenSSL that is installed to /usr/bin/openssl : OpenSSL 0.9.7c 30 Sep 2003 The most recent version in ports shows the same version. System is FreeBSD 5.2.1 fresh install. Thanks ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Error Compiling cyrus-sasl2-saslauthd
I found my problem. Current version of OpenSSL is 0.9.7d. Downloaded package of it off FreeBSD.org. Question now is, Why is my ports list so out of date? Just installed system today. Alex Thomas wrote: Trying to complie cyrus-sasl2-saslauthd from ports. Ports collection is up to date. --- Dependency warning: used OpenSSL version contains known vulnerabilities Please update or define either WITH_OPENSSL_BASE or WITH_OPENSSL_PORT *** Error code 1 Stop in /usr/ports/security/cyrus-sasl2-saslauthd. --- Checked version of OpenSSL that is installed to /usr/bin/openssl : OpenSSL 0.9.7c 30 Sep 2003 The most recent version in ports shows the same version. System is FreeBSD 5.2.1 fresh install. Thanks ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cyrus-sasl2 with DB3 support
I've been wrestling with cyrus-sasl2 for quite some time. It appears that it's not linking properly with DB-3 support. I have tried a number of options of building the port. What are the proper switches to link to DB-3? make --with-bdb=db3 install clean make --with-bdb=db3 --with-dblib=berkeley install clean etc... when I do an LDD on libsasldb.so all I get is one library. server# ldd /usr/local/lib/sasl2/libsasldb.so /usr/local/lib/sasl2/libsasldb.so: libc.so.4 = /usr/lib/libc.so.4 (0x28069000) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
build of cyrus-sasl2-saslauthd fails
4.9-RELEASE Building from ports tree fails with: cc -DHAVE_CONFIG_H -DSASLAUTHD_CONF_FILE_DEFAULT=\/usr/local/etc/saslauthd.conf\ -I. -I. -I.. -I./include -I../include -I/usr/include -Wall -W -Wall -O -pipe -c md5.c cc -Wall -W -Wall -O -pipe -L/usr/local/lib -R/usr/local/lib -L/usr/lib -L/usr/lib -o saslauthd mechanisms.o auth_dce.o auth_getpwent.o auth_krb5.o auth_krb4.o auth_pam.o auth_rimap.o auth_shadow.o auth_sia.o auth_sasldb.o lak.o auth_ldap.o cache.o utils.o ipc_unix.o ipc_doors.o saslauthd-main.o md5.o -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lcrypt ../sasldb/.libs/libsasldb.al -lpam /usr/libexec/elf/ld: cannot find -lgssapi_krb5 *** Error code 1 Stop in /usr/ports/security/cyrus-sasl2-saslauthd/work/cyrus-sasl-2.1.15/saslauthd. *** Error code 1 Stop in /usr/ports/security/cyrus-sasl2-saslauthd. Clues anybody? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: build of cyrus-sasl2-saslauthd fails
Per olof Ljungmark wrote: 4.9-RELEASE Building from ports tree fails with: cc -DHAVE_CONFIG_H -DSASLAUTHD_CONF_FILE_DEFAULT=\/usr/local/etc/saslauthd.conf\ -I. -I. -I.. -I./include -I../include -I/usr/include -Wall -W -Wall -O -pipe -c md5.c cc -Wall -W -Wall -O -pipe -L/usr/local/lib -R/usr/local/lib -L/usr/lib -L/usr/lib -o saslauthd mechanisms.o auth_dce.o auth_getpwent.o auth_krb5.o auth_krb4.o auth_pam.o auth_rimap.o auth_shadow.o auth_sia.o auth_sasldb.o lak.o auth_ldap.o cache.o utils.o ipc_unix.o ipc_doors.o saslauthd-main.o md5.o -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lcrypt ../sasldb/.libs/libsasldb.al -lpam /usr/libexec/elf/ld: cannot find -lgssapi_krb5 *** Error code 1 Stop in /usr/ports/security/cyrus-sasl2-saslauthd/work/cyrus-sasl-2.1.15/saslauthd. *** Error code 1 Stop in /usr/ports/security/cyrus-sasl2-saslauthd. Never mind, I was just in the wrong place, sorry. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cyrus-sasl2 setup failing
On Wed, Jun 04, 2003 at 08:35:50PM -0800, admin wrote: wait I figured this out. I changed the saslauthd flags to if [ -z ${sasl_saslauthd_flags} ]; then sasl_saslauthd_flags=-a getpwent fi got the daemon running and things are fine now. are there any security issues here. looks liek I cannot send mail unless I have SSL enabled on the client side. SO I think I have things running properly. No security issues here... Cheers, gregory -- Grzegorz Czaplinski gregory at prioris.mini.pw.edu.pl The Power to Serve, Right for the Power Users! - http://www.FreeBSD.org/ Fingerprint: EB77 E19D CFA2 5736 810F 847C A70F A275 2489 469F pgp0.pgp Description: PGP signature
Re: cyrus-sasl2 setup failing
On Thu, 05 Jun 2003 05:54:45 +0200, Dirk Meyer wrote Sendmail 8.12.9-sasl2 (compiled from /usr/ports/mail/sendmail-sasl) cyrus-sasl-2.1.13 (compiled from /usr/ports/security/cyrus-sasl2-saslauthd) A client is still not able to authenticate via SASL - looks like is it not happy but I am not sure how to fix it. Anybody got a clue what I am doing wrong here? --- from the logs when some attempts to authenticate Jun 4 20:09:46 typhoon sm-mta[78399]: AUTH: available mech=NTLM LOGIN PLAIN OTP DIGEST-MD5 CRAM-MD5, allowed mech=LOGIN PLAIN Jun 4 20:09:46 typhoon sm-mta[78399]: h5539jJQ078399: AUTH failure (LOGIN): no mechanism available (-4) SASL(-4): no mechanism available: checkpass failed define(`confAUTH_OPTIONS', `A p y')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl TRUST_AUTH_MECH(`LOGIN PLAIN')dnl checkpass failed, is the saslauthd started? thanks for the quick response. no, what should my saslauthd flags be since the sendmail configuration I am asking for LOGIN PLAIN in my sendmail .mc - is this correct? if [ -z ${sasl_saslauthd_flags} ]; then sasl_saslauthd_flags=-a pam fi do you needd the A Option? from: /usr/local/share/sendmail/cf/README confAUTH_OPTIONSAuthOptions [undefined] If this option is 'A'then the AUTH= parameter for theMAIL FROM command is only issuedwhen authentication succeeded. [...] See doc/op/op.me for details. from: /usr/local/share/doc/sendmail/op.txt [no short name] List of options for SMTP AUTH consisting of single characters with intervening white space or commas. A Use the AUTH= parameter for the MAIL FROM command only when authentication succeeded. This can be used as a workaround for broken MTAs that do not implement RFC 2554 correctly.a protection from active (non- dictionary) attacksduring authentication exchange. c require mechanisms which pass client credentials,and allow mechanisms which can pass credentialsto do so. d don't permit mechanisms susceptible to passive dictionary attack.f require forward secrecy between sessions (breaking one won't help break next). p don't permit mechanisms susceptible to simple passive attack (e.g., PLAIN, LOGIN), unless a security layer is active.y don't permit mechanisms that allow anonymous login. The first option applies to sendmail as a client, the others to a server. Example: O AuthOptions=p,y more links: http://www.sendmail.org/~gshapiro/ http://www.sendmail.org/~ca/email/auth.html http://www.asp.ogi.edu/people/paja/linux/sendmail/ http://blue-labs.org/clue/sendmail.php http://www.digitalanswers.org/sendmail/ kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cyrus-sasl2 setup failing
On Thu, 05 Jun 2003 05:54:45 +0200, Dirk Meyer wrote Sendmail 8.12.9-sasl2 (compiled from /usr/ports/mail/sendmail-sasl) cyrus-sasl-2.1.13 (compiled from /usr/ports/security/cyrus-sasl2-saslauthd) A client is still not able to authenticate via SASL - looks like is it not happy but I am not sure how to fix it. Anybody got a clue what I am doing wrong here? --- from the logs when some attempts to authenticate Jun 4 20:09:46 typhoon sm-mta[78399]: AUTH: available mech=NTLM LOGIN PLAIN OTP DIGEST-MD5 CRAM-MD5, allowed mech=LOGIN PLAIN Jun 4 20:09:46 typhoon sm-mta[78399]: h5539jJQ078399: AUTH failure (LOGIN): no mechanism available (-4) SASL(-4): no mechanism available: checkpass failed define(`confAUTH_OPTIONS', `A p y')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl TRUST_AUTH_MECH(`LOGIN PLAIN')dnl checkpass failed, is the saslauthd started? do you needd the A Option? wait I figured this out. I changed the saslauthd flags to if [ -z ${sasl_saslauthd_flags} ]; then sasl_saslauthd_flags=-a getpwent fi got the daemon running and things are fine now. are there any security issues here. looks liek I cannot send mail unless I have SSL enabled on the client side. SO I think I have things running properly. - Noah from: /usr/local/share/sendmail/cf/README confAUTH_OPTIONSAuthOptions [undefined] If this option is 'A'then the AUTH= parameter for theMAIL FROM command is only issuedwhen authentication succeeded. [...] See doc/op/op.me for details. from: /usr/local/share/doc/sendmail/op.txt [no short name] List of options for SMTP AUTH consisting of single characters with intervening white space or commas. A Use the AUTH= parameter for the MAIL FROM command only when authentication succeeded. This can be used as a workaround for broken MTAs that do not implement RFC 2554 correctly.a protection from active (non- dictionary) attacksduring authentication exchange. c require mechanisms which pass client credentials,and allow mechanisms which can pass credentialsto do so. d don't permit mechanisms susceptible to passive dictionary attack.f require forward secrecy between sessions (breaking one won't help break next). p don't permit mechanisms susceptible to simple passive attack (e.g., PLAIN, LOGIN), unless a security layer is active.y don't permit mechanisms that allow anonymous login. The first option applies to sendmail as a client, the others to a server. Example: O AuthOptions=p,y more links: http://www.sendmail.org/~gshapiro/ http://www.sendmail.org/~ca/email/auth.html http://www.asp.ogi.edu/people/paja/linux/sendmail/ http://blue-labs.org/clue/sendmail.php http://www.digitalanswers.org/sendmail/ kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cyrus-sasl2 setup failing
okay heres what I got: FreeBSD 4.8 Stable Sendmail 8.12.9-sasl2 (compiled from /usr/ports/mail/sendmail-sasl) cyrus-sasl-2.1.13 (compiled from /usr/ports/security/cyrus-sasl2-saslauthd) A client is still not able to authenticate via SASL - looks like is it not happy but I am not sure how to fix it. Anybody got a clue what I am doing wrong here? note: there is no 250-AUTH line --- shell output typhoon# sendmail -d0.1 -bv root | grep SASL NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 typhoon# telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to localhost.enabled.com. Escape character is '^]'. 220 typhoon.enabled.com ESMTP Sendmail 8.12.9/8.12.9; Wed, 4 Jun 2003 19:20:33 - 0700 (PDT) ehlo localhost 250-typhoon.enabled.com Hello localhost.enabled.com [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-STARTTLS 250-DELIVERBY 250 HELP --- snip - from .mc file --- ### password authentication for relaying only define(`confAUTH_OPTIONS', `A p y')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl TRUST_AUTH_MECH(`LOGIN PLAIN')dnl -- from /usr/local/lib/sasl2/Sendmail.conf - typhoon# less /usr/local/lib/sasl2/Sendmail.conf pwcheck_method: passwd -- --- from the maillog sendmail startup Jun 4 20:06:15 typhoon sm-mta[43601]: restarting /usr/local/sbin/sendmail due to signal Jun 4 20:06:15 typhoon sm-mta[78359]: starting daemon (8.12.9): [EMAIL PROTECTED]:10:00 Jun 4 20:06:15 typhoon sm-mta[78359]: STARTTLS=server, init=1 Jun 4 20:06:15 typhoon sm-mta[78359]: started as: /usr/local/sbin/sendmail -L sm-mta -bd -q10m - --- from the logs when some attempts to authenticate Jun 4 20:09:46 typhoon sm-mta[78399]: STARTTLS=server, relay=volcano.enabled.com [131.161.240.131], version=TLSv1/SSLv3, verify=NO, cipher=RC4-MD5, bits=128/128 Jun 4 20:09:46 typhoon sm-mta[78399]: STARTTLS=server, cert-subject=, cert-issuer= Jun 4 20:09:46 typhoon sm-mta[78399]: AUTH: available mech=NTLM LOGIN PLAIN OTP DIGEST-MD5 CRAM-MD5, allowed mech=LOGIN PLAIN Jun 4 20:09:46 typhoon sm-mta[78399]: h5539jJQ078399: AUTH failure (LOGIN): no mechanism available (-4) SASL(-4): no mechanism available: checkpass failed Jun 4 20:09:46 typhoon sm-mta[78399]: h5539jJQ078399: volcano.enabled.com [131.161.240.131] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA --- - Noah ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
pam-pgsql + saslauthd[cyrus-sasl2]
Hi, Does anyone use pam-pgsql + saslauthd? I did everything according to the given instructions in pam-pqsql readme file but it doesn't work anyway. This is what is writes in auth.log file: == May 29 14:10:15 auth.err hm saslauthd[69967]: in openpam_load_module(): no /usr/lib/pam_pgsql.so found May 29 14:10:15 auth.info hm saslauthd[69967]: do_auth : auth failure: [user=andrew] [service=pop] [realm=] [mech=pam] == $ls -l /usr/lib/pam_pgsql.so -r--r--r-- 1 root wheel 14052 26 12:30 /usr/lib/pam_pgsql.so I switched on the debug option in PostgreSQL but it says that noone tried to connect ... :(. I've read all those short manuals but I can't understand what's wrong. Has anyone solved the similar problem or do you have any ideas of how to localize this problem solution? P.S: FreeBSD 5.0-p7, pam-pgsql-0.5.2_7, cyrus-sasl-2.1.13_2. cat /etc/pam_pgsql.conf== host = 127.0.0.1 database = mail user = cyrus password = mycoolpasword table = accounts user_column = name pwd_column = password expired_column = acc_expired newtok_column = acc_new_pwreq pw_type = clear debug cat /etc/pam_pgsql.conf== cat /etc/pam.d/pop== authrequired/usr/lib/pam_pgsql.so debug account required/usr/lib/pam_pgsql.so debug passwordrequired/usr/lib/pam_pgsql.so debug cat /etc/pam.d/pop3== -- Best regards, Andrew A. Khlebutin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems building cyrus-sasl2 on FREEBSD-4.7-RELEASE
On Sat, Jan 11, 2003 at 12:06:11AM -0500, Jim Trigg wrote: (Note: the first two tries at sending this apparently got eaten by the ether... in case they show up, please know that I am now subscribed to the list.) I am having problems building the cyrus-sasl2 port on 4.7-RELEASE; no matter how I attempt to override it, it keeps deciding that the gssapi-dir should be /usr/local instead of /usr. (When I built world for 4.7, it placed the Heimdal-style gssapi libraries in /usr/lib, but the cyrus-sasl2 port keeps trying to link with nonexistent MIT-style gssapi libraries in /usr/local/lib.) How can I convince cyrus-sasl2 that I really do have Heimdal-style libraries in /usr/lib? I have found the answer; unfortunately, there's no easy way to fix it at the port level. (I have submitted the fix to the cyrus-sasl2 folks.) Short form: configure needs to be regenerated in the top-level and saslauthd directories after adding two lines to the aclocal.m4 files, to have LIB_CRYPT defined before the GSSAPI checks are made. Jim Trigg -- Jim Trigg, Lord High Everything Else O- /\ \ / ASCII RIBBON CAMPAIGN Hostmaster, Huie Kin family websiteXHELP CURE HTML MAIL Verger, All Saints Church - Sharon Chapel / \ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Problems building cyrus-sasl2 on FREEBSD-4.7-RELEASE
(Note: the first two tries at sending this apparently got eaten by the ether... in case they show up, please know that I am now subscribed to the list.) I am having problems building the cyrus-sasl2 port on 4.7-RELEASE; no matter how I attempt to override it, it keeps deciding that the gssapi-dir should be /usr/local instead of /usr. (When I built world for 4.7, it placed the Heimdal-style gssapi libraries in /usr/lib, but the cyrus-sasl2 port keeps trying to link with nonexistent MIT-style gssapi libraries in /usr/local/lib.) How can I convince cyrus-sasl2 that I really do have Heimdal-style libraries in /usr/lib? Thanks, Jim Trigg -- Jim Trigg, Lord High Everything Else O- /\ \ / ASCII RIBBON CAMPAIGN Hostmaster, Huie Kin Family websiteX HELP CURE HTML MAIL Verger, All Saints - Sharon Chapel/ \ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message