Re: Throttling, trivial-rewrite and problem talking to service errors when using LDAP
Thanks for your help. I created the /dev/urandom device file and recompiled Postfix with SSL instead of TLS and now everything works like a charm! Warm regards, Jon Kristensen
Re: Throttling, trivial-rewrite and problem talking to service errors when using LDAP
Jon Kristensen: cybersec:~# tail -f /var/log/mail.log Jul 13 14:28:52 cybersec postfix/master[2422]: warning: process /usr/lib/postfix/trivial-rewrite pid 2457 killed by signal 6 You need to search your logfiles for lines with the word panic. Wietse
Re: Throttling, trivial-rewrite and problem talking to service errors when using LDAP
On 7/13/2010 5:42 PM, Wietse Venema wrote: Jon Kristensen: cybersec:~# tail -f /var/log/mail.log Jul 13 14:28:52 cybersec postfix/master[2422]: warning: process /usr/lib/postfix/trivial-rewrite pid 2457 killed by signal 6 You need to search your logfiles for lines with the word panic. Wietse That word is not in any log file. Postfix uses /var/log/mail.{log,info,err,warn}. cybersec:~# cat /var/log/* | grep panic cat: /var/log/apache2: Is a directory cat: /var/log/apt: Is a directory cat: /var/log/fsck: Is a directory cat: /var/log/news: Is a directory cat: /var/log/ntpstats: Is a directory Do I need to enable debug or something? I'm using Debian and the official repository... Best, Jon Kristensen
Re: Throttling, trivial-rewrite and problem talking to service errors when using LDAP
On Tue, Jul 13, 2010 at 05:58:53PM +0200, Jon Kristensen wrote: On 7/13/2010 5:42 PM, Wietse Venema wrote: Jon Kristensen: cybersec:~# tail -f /var/log/mail.log Jul 13 14:28:52 cybersec postfix/master[2422]: warning: process /usr/lib/postfix/trivial-rewrite pid 2457 killed by signal 6 You need to search your logfiles for lines with the word panic. Wietse That word is not in any log file. Postfix uses /var/log/mail.{log,info,err,warn}. If signal 6 is SIGABRT on your system, it is likely what trivial-rewrite called the abort() system call. If it was called from Postfix code, and not a library module, there should be a panic syslog message. Otherwise, perhaps your LDAP is using GNUTLS (it used to exit() in the library when entropy was not available, perhaps it now aborts...), or you have other library issues. Do I need to enable debug or something? I'm using Debian and the official repository... Debian does I believe have SIGABRT == 6. So check out the dependencies of the LDAP library, check for chroot jails that lack /dev/urandom, ... -- Viktor.
Re: Throttling, trivial-rewrite and problem talking to service errors when using LDAP
On 7/13/2010 6:07 PM, Victor Duchovni wrote: perhaps your LDAP is using GNUTLS (it used to exit() in the library when entropy was not available The LDAP library does indeed use GNU TLS: cybersec:~# ldd /usr/sbin/slapd | grep tls libgnutls.so.26 = /usr/lib/libgnutls.so.26 (0xb7526000) it used to exit() in the library when entropy was not available, perhaps it now aborts... Do I need to recompile LDAP with OpenSSL instead in order for Postfix to work, or is there some way I can make an entropy available? /dev/urandom seems to work fine. Thanks for your help! Best, Jon Kristensen
Re: Throttling, trivial-rewrite and problem talking to service errors when using LDAP
On Tue, Jul 13, 2010 at 06:19:19PM +0200, Jon Kristensen wrote: On 7/13/2010 6:07 PM, Victor Duchovni wrote: perhaps your LDAP is using GNUTLS (it used to exit() in the library when entropy was not available The LDAP library does indeed use GNU TLS: cybersec:~# ldd /usr/sbin/slapd | grep tls libgnutls.so.26 = /usr/lib/libgnutls.so.26 (0xb7526000) You should probably avoid GNUTLS, if possible, especially if Postfix is using OpenSSL. it used to exit() in the library when entropy was not available, perhaps it now aborts... Do I need to recompile LDAP with OpenSSL instead in order for Postfix to work, or is there some way I can make an entropy available? /dev/urandom seems to work fine. Is trivial-rewrite running in a chroot jail? Does said jail, if any, have /dev/urandom, ... Test with chroot off, if that fixes it, either GNUTLS or Postfix is unhappy in the jail, and given lack of panic log entries, I am guessing GNUTLS, but the evidence is not yet conclusive. -- Viktor.
Re: Throttling, trivial-rewrite and problem talking to service errors when using LDAP
--On Tuesday, July 13, 2010 12:49 PM -0400 Victor Duchovni victor.ducho...@morganstanley.com wrote: Test with chroot off, if that fixes it, either GNUTLS or Postfix is unhappy in the jail, and given lack of panic log entries, I am guessing GNUTLS, but the evidence is not yet conclusive. As a side note, the OpenLDAP team does not recommend using OpenLDAP with GnuTLS due to various issues encountered with GnuTLS, and the fact it is considered harmful(*). The version of OpenLDAP found in Debian, if you are using the release packaged with Lenny, is also not considered a viable release to use (2.4.11). Current stable is 2.4.21, current release is 2.4.23. --Quanah (*) http://www.openldap.org/lists/openldap-devel/200802/msg00072.html http://www.openldap.org/lists/openldap-devel/200909/msg00025.html -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration