HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   semi-newb q: saslauthd is segfaulting out - postfix/dovecot cant SMTP AUTH reply fail (http://www.howtoforge.com/forums/showthread.php?t=23585)

craig baker 24th May 2008 23:14

semi-newb q: saslauthd is segfaulting out - postfix/dovecot cant SMTP AUTH reply fail
 
as title said - I installed centos 5.1 ala Perfect Server
installed postfix, cyrus-sasl2, dovecot.

postfix gave the expected good results, dovecot works fine for retrieving mail.

but when the user tries to reply, all replies are denied 554 relay denied.

I noticed (more than once) that saslauthd was not running - I started it manually again, tried to test the SMTP AUTH, and shortly thereafter it was not running (again).

logs say:
message: snipped where it segs
May 24 14:52:42 ns5 saslauthd[17951]: detach_tty : master pid is: 17951
May 24 14:52:42 ns5 saslauthd[17951]: ipc_init : listening on socket: /var/run/saslauthd/mux
May 24 14:52:51 ns5 kernel: saslauthd[17952]: segfault at 0000000024a33160 rip 0000003017e76170 rsp 00007ffffb7f58a8 error 4
May 24 15:01:15 ns5 kernel: saslauthd[17955]: segfault at 0000000024a33160 rip 0000003017e76170 rsp 00007ffffb7f58a8 error 4
May 24 15:01:26 ns5 kernel: saslauthd[17951]: segfault at 0000000024a33160 rip 0000003017e76170 rsp 00007ffffb7f58a8 error 4
May 24 15:01:35 ns5 kernel: saslauthd[17953]: segfault at 0000000024a33160 rip 0000003017e76170 rsp 00007ffffb7f58a8 error 4
May 24 15:01:50 ns5 kernel: saslauthd[17956]: segfault at 0000000024a33160 rip 0000003017e76170 rsp 00007ffffb7f58a8 error 4

when I'm trying to reply and using SMTP-AUTH:
maillog:
May 23 14:04:19 ns5 postfix/smtpd[27373]: connect from unknown[192.168.2.1]
May 23 14:04:19 ns5 postfix/smtpd[27373]: warning: SASL authentication failure: size read failed
May 23 14:04:19 ns5 postfix/smtpd[27373]: warning: unknown[192.168.2.1]: SASL LOGIN authentication failed: generic failure
May 23 14:04:19 ns5 postfix/smtpd[27373]: NOQUEUE: reject: RCPT from unknown[192.168.2.1]: 554 5.7.1 <craigbwatson@bellsouth.net>: Relay access denied; from=<cdb@totalauctionmanagement.com> to=<craigbwatson@bellsouth.net> proto=ESMTP helo=<[192.168.15.101]>
May 23 14:04:20 ns5 postfix/smtpd[27371]: connect from gistly-dudgeon.volia.net[77.121.129.217]

----end snippet-----

any clues what might be going on?
cdb.

falko 25th May 2008 18:37

Did you disable SELinux?

craig baker 25th May 2008 19:01

selinux? yes, disabled
 
yep, selinux was disabled during install.

cdb.

falko 26th May 2008 15:56

What's the output of
Code:

ls -la /var/run/saslauthd
?
Do you get any errors when you restart saslauthd?

craig baker 26th May 2008 16:09

more information
 
/var/run/saslauthd.pid does not exist because its not running (or does not run for long)
the contents of /var/run saslauthd when saslauthd is running is:

[root@ns5 run]# cd saslauthd
[root@ns5 saslauthd]# dir -al
total 20
drwxr-xr-x 2 root root 4096 May 26 10:02 .
drwxr-xr-x 22 root root 4096 May 26 10:09 ..
srwxrwxrwx 1 root root 0 May 26 10:02 mux
-rw------- 1 root root 0 May 26 10:02 mux.accept
-rw------- 1 root root 6 May 26 10:02 saslauthd.pid

when I start saslauthd up, I see:
[root@ns5 rc5.d]# tail /var/log/messages
May 26 10:02:48 ns5 saslauthd[23501]: detach_tty : master pid is: 23501
May 26 10:02:48 ns5 saslauthd[23501]: ipc_init : listening on socket: /var/run/saslauthd/mux
[root@ns5 rc5.d]#
it will run for a while and then segfault out as I indicate above.

unfortunately, I'm up against a real time crunch.

but I initially tried to get SENDMAIL running and could not get SENDMAIL AUTH working at all.
then I switched to postfix and installed cyrus as in your excellent perfect server howto.
I'm running centos 5.1 on an HP opteron server, so its x64.

I got dovecot etc up and going, but as I observer above the saslauthd is segfaulting out so I cannot authorize.


could I give you root access and pay you to correct the situation? I have got a hundred other tasks etc.

also, do you all know how practical it is to attempt to recover data from an ext3 raid array?
I had 3 drives as an array and the hosting firm (dedicated server) tells me that fedora core 2 (yes, I've had it a LONG time) cant find any ext3 filesystem
I dont believe there has been mechanical failure - the array was set to notify me by email of any array status change and I checked that - so I dont believe any of the drives physically failed.
.
I thought ext3 was pretty fault tolerant with scattered superblocks etc... any chance of recovering it?

reason I ask is that I paid the f*ckers to maintain an internal backup and I just got access to it and they didnt bother to rsync the most critical directories :(

your help would be most appreciated. or maybe I just need to be a permantent subscriber :)

cdb.

craig baker 26th May 2008 16:56

when saslauthd is running:
 
when its running I see (ps ax)

[root@ns5 saslauthd]# ps ax | grep sasl
23501 ? Ss 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
23502 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
23503 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
23504 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
23506 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
23860 pts/3 S+ 0:00 grep sasl

occurs to me I should add that I've tried several changes in desperation. current main.cf postfix file end:
(I have tried to implement the sasl_passwd file as a simpler authentication method.
this pw file contains:
vanguard-rugged.com vanguard:mysecretpasswd
kozan.us kozan:anothersecretpassword
baylit.com baylit:yetanotherpw

rebuilt with postmap. I had hoped that dovecot would just authenticate all mail from these domains with the user/pw given.
I found folks saying this worked fine, but I could get nothing authenticated at all!

at wits end!
Oh - I saw your references to smtp_ and others to smtpd_ before the lines so I duplicated some and had both smtpd_ and smtp_
why are there two sets of these variables anyway?
thanks.

-----snip from end of main.cf-----

#readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
smtpd_sasl_local_domain =
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain,login
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sender_dependent_authentication = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_mechanism_filter = plain,login
smtpd_sasl_security_options = noanonymous
smtpd_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sender_dependent_authentication = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
mynetworks = 127.0.0.0/8
smtpd_tls_auth_only = no
smtpd_use_tls = yes
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
myhostname = ns5.cdbsystems.com
home_mailbox = Maildir/
mailbox_command =

craig baker 26th May 2008 17:55

additional information testsaslauthd fails - seems 32/64bit issues
 
I have also noticed.

testsaslauthd -u whatever -p whatever always fails gives
size read failed

I noticed discussion on this error under SuSE10 - someone observed that when they reinstalled 32bit OS (I'm running CentOS 5.1 x64), the error went away!

so apparently this is a 64bit problem....

any help to anyone? any ideas? I installed as per perfect server and edited the smtpd.conf in usr/lib64

cdb.

craig baker 26th May 2008 18:17

64bit the problem? anyone with a quick-and-dirty on how to use dovecot-auth?
 
since it looks like cyrus is a no-go. I know dovecot also can SMTP- AUTH itself. anyone favor me with a quick 1-2-3 on turning on dovecot auth from the config that I have now?
and where does dovecot store its pw information? can I use the same hash files that I'm using now???

thanks
cdb.

craig baker 26th May 2008 21:24

converted to dovecot - SMTP-AUTH functional.
 
I changed from cyrus to dovecot-sasl -
per:

/etc/postfix/main.cf:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

On the Dovecot side you also need to specify the Dovecot authentication daemon socket. In this case we specify an absolute pathname. In the example we assume that the Postfix queue is under /var/spool/postfix/.

/some/where/dovecot.conf:
auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}


deleted the sasl_passwd stuff etc from main.cf

reloaded and everything seems happy!

cdb.


All times are GMT +2. The time now is 19:20.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.