Re: telnet hangs when I enable sasl
On 06/06/17 05:08, Wietse Venema wrote: > It says: "yum install cyrus-sasl-plain". Nowadays one would use "dnf". CentOS 7 (being several years old now) still uses yum. Peter
Re: telnet hangs when I enable sasl
Op 5-6-2017 om 18:58 schreef wilfried.es...@essignetz.de: Am 05.06.2017 um 18:51 schrieb Roelof Wobben: Op 5-6-2017 om 18:35 schreef wilfried.es...@essignetz.de: Internal Error -4 in server.c I did already and google does not have a answer Roelof Sorry, got the wrong out of my history. This is the correct one: https://serverfault.com/questions/618229/postfix-on-centos-7-cannot-authenticate-against-cyrus-saslauthd Willi Thanks, For the first time in 4 days it worked. Roelof
Re: telnet hangs when I enable sasl
Roelof Wobben: > Op 5-6-2017 om 18:35 schreef wilfried.es...@essignetz.de: > > Internal Error -4 in server.c > > > I did already and google does not have a answer First result with "Internal Error 4 in server.c" Postfix on CentOS 7 cannot authenticate against cyrus ... - Server Fault https://serverfault.com/.../postfix-on-centos-7-cannot-authenticate-against-cyrus-saslau... Aug 5, 2014 - ... 14:47:34 centos7-msa-test postfix/submission/smtpd[20291]: warning: SASL authentication failure: Internal Error -4 in server.c near line 1757 ... It says: "yum install cyrus-sasl-plain". Nowadays one would use "dnf". Wietse
Re: telnet hangs when I enable sasl
Am 05.06.2017 um 18:51 schrieb Roelof Wobben: > Op 5-6-2017 om 18:35 schreef wilfried.es...@essignetz.de: >> Internal Error -4 in server.c > > > I did already and google does not have a answer > > Roelof > Sorry, got the wrong out of my history. This is the correct one: https://serverfault.com/questions/618229/postfix-on-centos-7-cannot-authenticate-against-cyrus-saslauthd Willi
Re: telnet hangs when I enable sasl
Op 5-6-2017 om 18:35 schreef wilfried.es...@essignetz.de: Internal Error -4 in server.c I did already and google does not have a answer Roelof
Re: telnet hangs when I enable sasl
Op 5-6-2017 om 18:28 schreef Fernando Maior: Hello, Roelof, From this: totaal 16 drwxr-xr-x. 2 rootroot 24 5 jun 13:42 . drwxr-xr-x. 76 rootroot 8192 5 jun 15:26 .. -rw-r--r--. 1 postfix root 47 5 jun 13:42 smtpd.conf I believe you do not need to change owner/group of smtpd.conf; because postfix user already has access to read the file. You see, you have read+execute on the directory, and read on the file, for all users. So, postfix user *will* access and read the file. The problem is not that. Find it on another place. By the way, which is your distro? Regards! Atenciosamente, --- Fernando Maciel Souto Maior Projetos e Soluções de Tecnologia (31) 99226-9440 TIM 2017-06-05 12:58 GMT-03:00 Roelof Wobben: Op 5-6-2017 om 16:31 schreef wilfried.es...@essignetz.de: Am 05.06.2017 um 14:42 schrieb Roelof Wobben: ... Is the postfix user allowed to read /etc/sasl/smtpd.conf? At this moment, not. smtpd.conf has as owner root:root Schould I change it to postfix:root ? Yes, if it's not already world readable. BTW: Can the postfix user traverse into /etc/sasl? We can see it on output of "ls -al /etc/sasl". Are the logs showing still the same errors? Willi Changed it. output of ls -al /etc/sasl2 totaal 16 drwxr-xr-x. 2 rootroot 24 5 jun 13:42 . drwxr-xr-x. 76 rootroot 8192 5 jun 15:26 .. -rw-r--r--. 1 postfix root 47 5 jun 13:42 smtpd.conf And the maillogs still give this error message : warning : sasl authentication failure: Internal Error -4 in server.c near line 1757 fatal : no sasl authentication mechanisms Roelof my distro is Centos 7 . Roelof
Re: telnet hangs when I enable sasl
Am 05.06.2017 um 17:58 schrieb Roelof Wobben: > Op 5-6-2017 om 16:31 schreef wilfried.es...@essignetz.de: >> Am 05.06.2017 um 14:42 schrieb Roelof Wobben: >> ... Is the postfix user allowed to read /etc/sasl/smtpd.conf? >>> At this moment, not. smtpd.conf has as owner root:root >>> Schould I change it to postfix:root ? >> Yes, if it's not already world readable. >> >> BTW: Can the postfix user traverse into /etc/sasl? >> >> We can see it on output of "ls -al /etc/sasl". >> >> Are the logs showing still the same errors? >> >> >> Willi >> > > Changed it. > output of ls -al /etc/sasl2 > > totaal 16 > drwxr-xr-x. 2 rootroot 24 5 jun 13:42 . > drwxr-xr-x. 76 rootroot 8192 5 jun 15:26 .. > -rw-r--r--. 1 postfix root 47 5 jun 13:42 smtpd.conf I assume, postfix had seen the config all the time ;-) > And the maillogs still give this error message : > > warning : sasl authentication failure: Internal Error -4 in server.c near > line 1757 > fatal : no sasl authentication mechanisms The error message changed, compared to your mail from 01.06.2017 18:23 +0200. Look for "Internal Error -4 in server.c" in the searchengine of your confidence. Good luck. Willi
Re: telnet hangs when I enable sasl
Hello, Roelof, >From this: totaal 16 drwxr-xr-x. 2 rootroot 24 5 jun 13:42 . drwxr-xr-x. 76 rootroot 8192 5 jun 15:26 .. -rw-r--r--. 1 postfix root 47 5 jun 13:42 smtpd.conf I believe you do not need to change owner/group of smtpd.conf; because postfix user already has access to read the file. You see, you have read+execute on the directory, and read on the file, for all users. So, postfix user *will* access and read the file. The problem is not that. Find it on another place. By the way, which is your distro? Regards! Atenciosamente, --- Fernando Maciel Souto Maior Projetos e Soluções de Tecnologia (31) 99226-9440 TIM 2017-06-05 12:58 GMT-03:00 Roelof Wobben: > Op 5-6-2017 om 16:31 schreef wilfried.es...@essignetz.de: > > Am 05.06.2017 um 14:42 schrieb Roelof Wobben: > ... > > Is the postfix user allowed to read /etc/sasl/smtpd.conf? > > At this moment, not. smtpd.conf has as owner root:root > Schould I change it to postfix:root ? > > Yes, if it's not already world readable. > > BTW: Can the postfix user traverse into /etc/sasl? > > We can see it on output of "ls -al /etc/sasl". > > Are the logs showing still the same errors? > > > Willi > > > > Changed it. > output of ls -al /etc/sasl2 > > totaal 16 > drwxr-xr-x. 2 rootroot 24 5 jun 13:42 . > drwxr-xr-x. 76 rootroot 8192 5 jun 15:26 .. > -rw-r--r--. 1 postfix root 47 5 jun 13:42 smtpd.conf > > > > And the maillogs still give this error message : > > warning : sasl authentication failure: Internal Error -4 in server.c near > line 1757 > fatal : no sasl authentication mechanisms > > Roelof > > >
Re: telnet hangs when I enable sasl
Op 5-6-2017 om 16:31 schreef wilfried.es...@essignetz.de: Am 05.06.2017 um 14:42 schrieb Roelof Wobben: ... Is the postfix user allowed to read /etc/sasl/smtpd.conf? At this moment, not. smtpd.conf has as owner root:root Schould I change it to postfix:root ? Yes, if it's not already world readable. BTW: Can the postfix user traverse into /etc/sasl? We can see it on output of "ls -al /etc/sasl". Are the logs showing still the same errors? Willi Changed it. output of ls -al /etc/sasl2 totaal 16 drwxr-xr-x. 2 rootroot 24 5 jun 13:42 . drwxr-xr-x. 76 rootroot 8192 5 jun 15:26 .. -rw-r--r--. 1 postfix root 47 5 jun 13:42 smtpd.conf And the maillogs still give this error message : warning : sasl authentication failure: Internal Error -4 in server.c near line 1757 fatal : no sasl authentication mechanisms Roelof
Re: telnet hangs when I enable sasl
Op 5-6-2017 om 15:27 schreef Viktor Dukhovni: On Mon, Jun 05, 2017 at 02:39:50PM +0200, Roelof Wobben wrote: Postfix is build with SASL support. postconf -a gives cyrus dovecot postconf -A gives dovecot That's impossible. -a List the available SASL server plug-in types. The SASL plug-in type is selected with the smtpd_sasl_type configuration parame- ter by specifying one of the names listed below. cyrus This server plug-in is available when Postfix is built with Cyrus SASL support. dovecot This server plug-in uses the Dovecot authentication server, and is available when Postfix is built with any form of SASL support. This feature is available with Postfix 2.3 and later. -A List the available SASL client plug-in types. The SASL plug-in type is selected with the smtp_sasl_type or lmtp_sasl_type con- figuration parameters by specifying one of the names listed below. cyrus This client plug-in is available when Postfix is built with Cyrus SASL support. This feature is available with Postfix 2.3 and later. Don't report settings from memory, cut/paste *verbatim* command output that reports the settings in question. Also post the output of: postconf smtpd_sasl_type smtp_sasl_type First I did not report from memory. I type all the commands and copy the outcome here. Second output of postconf smtpd_sasl_type smtp_sasl_type is : smtpd_sasl_type = cyrus smtp_sasl_type = cyrus Roelof
Re: telnet hangs when I enable sasl
Am 05.06.2017 um 14:42 schrieb Roelof Wobben: ... >> Is the postfix user allowed to read /etc/sasl/smtpd.conf? > > At this moment, not. smtpd.conf has as owner root:root > Schould I change it to postfix:root ? Yes, if it's not already world readable. BTW: Can the postfix user traverse into /etc/sasl? We can see it on output of "ls -al /etc/sasl". Are the logs showing still the same errors? Willi
Re: telnet hangs when I enable sasl
On Mon, Jun 05, 2017 at 02:39:50PM +0200, Roelof Wobben wrote: > Postfix is build with SASL support. > > postconf -a gives cyrus dovecot > postconf -A gives dovecot That's impossible. -a List the available SASL server plug-in types. The SASL plug-in type is selected with the smtpd_sasl_type configuration parame- ter by specifying one of the names listed below. cyrus This server plug-in is available when Postfix is built with Cyrus SASL support. dovecot This server plug-in uses the Dovecot authentication server, and is available when Postfix is built with any form of SASL support. This feature is available with Postfix 2.3 and later. -A List the available SASL client plug-in types. The SASL plug-in type is selected with the smtp_sasl_type or lmtp_sasl_type con- figuration parameters by specifying one of the names listed below. cyrus This client plug-in is available when Postfix is built with Cyrus SASL support. This feature is available with Postfix 2.3 and later. Don't report settings from memory, cut/paste *verbatim* command output that reports the settings in question. Also post the output of: postconf smtpd_sasl_type smtp_sasl_type -- Viktor.
Re: telnet hangs when I enable sasl
Op 5-6-2017 om 14:28 schreef wilfried.es...@essignetz.de: Hi, some thoughts: Is the postfix user allowed to read /etc/sasl/smtpd.conf? At this moment, not. smtpd.conf has as owner root:root Schould I change it to postfix:root ? You could set cyrus_sasl_config_path to /etc/sasl/. How are the access rights of the postfix user to your sasldb-file (/etc/sasldb2?)? yep, that one has as owner postfix:user In my machines (mostly debian 8) i have the postfix user in sasl group. And, as Viktor mentioned, look if your postfix is build with sasl support. How can I check that on a centos box ? Willi
Re: telnet hangs when I enable sasl
Op 5-6-2017 om 14:28 schreef wilfried.es...@essignetz.de: Hi, some thoughts: Is the postfix user allowed to read /etc/sasl/smtpd.conf? You could set cyrus_sasl_config_path to /etc/sasl/. How are the access rights of the postfix user to your sasldb-file (/etc/sasldb2?)? In my machines (mostly debian 8) i have the postfix user in sasl group. And, as Viktor mentioned, look if your postfix is build with sasl support. Willi Postfix is build with sasl support. postconf -a gives cyrus dovecot postconf -A gives dovecot Roelof
Re: telnet hangs when I enable sasl
Op 2-6-2017 om 07:20 schreef Roelof Wobben: Op 2-6-2017 om 01:49 schreef Wietse Venema: Roelof Wobben: Thanks, Changed it but the error stays even after restarting postfix. I suppose the contents of the file are incorrect. However, the Cyrus SASL library is not a Postfix project. Cyrus SASL has its own mailing list. Wietse oke, you mean this config file : /etc/sasl/smtpd.conf pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM Otherwise I did not change any file. Roelof I asked the cyrus-sasl people and they said there is nothing wrong with my sasl. So I hope someone here can help me further. I still have the problem if I use dovecot-sasl or cyrus-sasl there is no respons after I do ehlo localhost and no error messages in maillog or messages. Roelof
Re: telnet hangs when I enable sasl
> On Jun 2, 2017, at 1:20 AM, Roelof Wobbenwrote: > > oke, you mean this config file : > > /etc/sasl/smtpd.conf > > pwcheck_method: auxprop > auxprop_plugin: sasldb > mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM If your Postfix build supports Cyrus SASL, and that's the configured SASL driver, and that's the right directory, then yes that file. As a wild guess of one possible issue, the "postfix" user might need read access to the sasldb database. Typically, one uses saslauthd, rather than direct sasldb access. Also storing cleartext passwords is unwise, so I'd go with PAM as a backend for saslauthd and not support CRAM-MD5 or DIGEST-MD5, relying instead on TLS for keeping the passwords safe from network wiretapping. By far the greater risk is usually password database disclosure. Find a good SASL guide and forum, the issues here are largely not Postfix-specific. -- Viktor.
Re: telnet hangs when I enable sasl
Op 2-6-2017 om 01:49 schreef Wietse Venema: Roelof Wobben: Thanks, Changed it but the error stays even after restarting postfix. I suppose the contents of the file are incorrect. However, the Cyrus SASL library is not a Postfix project. Cyrus SASL has its own mailing list. Wietse oke, you mean this config file : /etc/sasl/smtpd.conf pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM Otherwise I did not change any file. Roelof
Re: telnet hangs when I enable sasl
Roelof Wobben: > Thanks, > > Changed it but the error stays even after restarting postfix. I suppose the contents of the file are incorrect. However, the Cyrus SASL library is not a Postfix project. Cyrus SASL has its own mailing list. Wietse
Re: telnet hangs when I enable sasl
Thanks, Changed it but the error stays even after restarting postfix. Roelof Op 1-6-2017 om 20:54 schreef Wietse Venema: Roelof Wobben: Jun 1 18:08:12 localhost postfix/smtpd[9652]: warning: SASL per-process initialization failed: error when parsing configuration file Jun 1 18:08:12 localhost postfix/smtpd[9652]: fatal: SASL per-process initialization failed You need to fix your SASL configuration file. smtp_sasl_path = smtpd smtpd_sasl_path = smtpd The above settings should use different names. http://www.postfix.org/SASL_README.html#server_cyrus_name http://www.postfix.org/SASL_README.html#server_cyrus_location http://www.postfix.org/postconf.5.html#smtpd_sasl_path http://www.postfix.org/postconf.5.html#smtp_sasl_path Wietse
Re: telnet hangs when I enable sasl
Roelof Wobben: > Jun 1 18:08:12 localhost postfix/smtpd[9652]: warning: SASL per-process > initialization failed: error when parsing configuration file > Jun 1 18:08:12 localhost postfix/smtpd[9652]: fatal: SASL per-process > initialization failed You need to fix your SASL configuration file. > smtp_sasl_path = smtpd > smtpd_sasl_path = smtpd The above settings should use different names. http://www.postfix.org/SASL_README.html#server_cyrus_name http://www.postfix.org/SASL_README.html#server_cyrus_location http://www.postfix.org/postconf.5.html#smtpd_sasl_path http://www.postfix.org/postconf.5.html#smtp_sasl_path Wietse
Re: telnet hangs when I enable sasl
I could reproduce the error on another machine so here the logs : errors from maillog : Jun 1 18:07:11 localhost postfix/smtpd[9650]: warning: SASL per-process initialization failed: error when parsing configuration file Jun 1 18:07:11 localhost postfix/smtpd[9650]: fatal: SASL per-process initialization failed Jun 1 18:07:12 localhost postfix/master[2315]: warning: process /usr/libexec/postfix/smtpd pid 9650 exit status 1 Jun 1 18:07:12 localhost postfix/master[2315]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling Jun 1 18:08:12 localhost postfix/smtpd[9652]: warning: SASL per-process initialization failed: error when parsing configuration file Jun 1 18:08:12 localhost postfix/smtpd[9652]: fatal: SASL per-process initialization failed Jun 1 18:08:13 localhost postfix/master[2315]: warning: process /usr/libexec/postfix/smtpd pid 9652 exit status 1 Jun 1 18:08:13 localhost postfix/master[2315]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling Jun 1 18:09:13 localhost postfix/smtpd[9653]: warning: SASL per-process initialization failed: error when parsing configuration file Jun 1 18:09:13 localhost postfix/smtpd[9653]: fatal: SASL per-process initialization failed Jun 1 18:09:14 localhost postfix/master[2315]: warning: process /usr/libexec/postfix/smtpd pid 9653 exit status 1 Jun 1 18:09:14 localhost postfix/master[2315]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling Jun 1 18:11:09 localhost postfix/postfix-script[1540]: starting the Postfix mail system Jun 1 18:11:09 localhost postfix/master[1542]: daemon started -- version 2.10.1, configuration /etc/postfix postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 html_directory = no inet_interfaces = localhost inet_protocols = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = srv.world myhostname = mail.srv.world mynetworks = 168.100.189.0/28, 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES sample_directory = /usr/share/doc/postfix-2.10.1/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_sasl_path = smtpd smtpd_sasl_auth_enable = yes unknown_local_recipient_reject_code = 550 postconf -Mf : smtp inet n - n - - smtpd pickup unix n - n 60 1 pickup cleanupunix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewriteunix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discardunix - - n - - discard local unix - n n - - local virtualunix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache I hope this is enough otherwise I will try to make the logs which are requested. Roelof Op 1-6-2017 om 11:47 schreef wilfried.es...@essignetz.de: Hi, it's rather less information. Please provide information described under http://www.postfix.org/DEBUG_README.html#mail Willi Am 01.06.2017 um 11:36 schrieb Roelof Wobben: Hello, I have this in my main.cf : smtpd_sasl_path = smtpd smtpd_sasl_auth_enable = yes in my sasl2 config file I have this : pwcheck_method = auxprop auxprop_plugin = sasldb mech_list = plain login cram-md5 digest-md5
Re: telnet hangs when I enable sasl
Both thanks, I will make the logs as soon as I work with that server. I think it will be on Tuesday. Regards, Roelof Op 1-6-2017 om 15:27 schreef Wietse Venema: Roelof Wobben: Hello, I have this in my main.cf : smtpd_sasl_path = smtpd smtpd_sasl_auth_enable = yes in my sasl2 config file I have this : pwcheck_method = auxprop auxprop_plugin = sasldb mech_list = plain login cram-md5 digest-md5 ntlm but when I do telnet 127.0.0.1 25 and I do then ehlo locahost I see now respons at all. Look in your mail log for error messages. http://www.postfix.org/DEBUG_README.html#logging Wietse
Re: telnet hangs when I enable sasl
Roelof Wobben: > Hello, > > I have this in my main.cf : > > smtpd_sasl_path = smtpd > smtpd_sasl_auth_enable = yes > > in my sasl2 config file I have this : > > pwcheck_method = auxprop > auxprop_plugin = sasldb > mech_list = plain login cram-md5 digest-md5 ntlm > > but when I do telnet 127.0.0.1 25 and I do then ehlo locahost I see now > respons > at all. Look in your mail log for error messages. http://www.postfix.org/DEBUG_README.html#logging Wietse
Re: telnet hangs when I enable sasl
Hi, it's rather less information. Please provide information described under http://www.postfix.org/DEBUG_README.html#mail Willi Am 01.06.2017 um 11:36 schrieb Roelof Wobben: > Hello, > > I have this in my main.cf : > > smtpd_sasl_path = smtpd > smtpd_sasl_auth_enable = yes > > in my sasl2 config file I have this : > > pwcheck_method = auxprop > auxprop_plugin = sasldb > mech_list = plain login cram-md5 digest-md5 ntlm > > but when I do telnet 127.0.0.1 25 and I do then ehlo locahost I see now > respons > at all. > > When I disable the smtpd_sasl_auth_enable_line telnet works but I do not see > the > auth headers back. > > > What can be the culprit here > > Roelof >
telnet hangs when I enable sasl
Hello, I have this in my main.cf : smtpd_sasl_path = smtpd smtpd_sasl_auth_enable = yes in my sasl2 config file I have this : pwcheck_method = auxprop auxprop_plugin = sasldb mech_list = plain login cram-md5 digest-md5 ntlm but when I do telnet 127.0.0.1 25 and I do then ehlo locahost I see now respons at all. When I disable the smtpd_sasl_auth_enable_line telnet works but I do not see the auth headers back. What can be the culprit here Roelof