Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 24th May 2008, 23:14
craig baker craig baker is offline
Senior Member
 
Join Date: Mar 2008
Posts: 147
Thanks: 0
Thanked 6 Times in 6 Posts
Default semi-newb q: saslauthd is segfaulting out - postfix/dovecot cant SMTP AUTH reply fail

as title said - I installed centos 5.1 ala Perfect Server
installed postfix, cyrus-sasl2, dovecot.

postfix gave the expected good results, dovecot works fine for retrieving mail.

but when the user tries to reply, all replies are denied 554 relay denied.

I noticed (more than once) that saslauthd was not running - I started it manually again, tried to test the SMTP AUTH, and shortly thereafter it was not running (again).

logs say:
message: snipped where it segs
May 24 14:52:42 ns5 saslauthd[17951]: detach_tty : master pid is: 17951
May 24 14:52:42 ns5 saslauthd[17951]: ipc_init : listening on socket: /var/run/saslauthd/mux
May 24 14:52:51 ns5 kernel: saslauthd[17952]: segfault at 0000000024a33160 rip 0000003017e76170 rsp 00007ffffb7f58a8 error 4
May 24 15:01:15 ns5 kernel: saslauthd[17955]: segfault at 0000000024a33160 rip 0000003017e76170 rsp 00007ffffb7f58a8 error 4
May 24 15:01:26 ns5 kernel: saslauthd[17951]: segfault at 0000000024a33160 rip 0000003017e76170 rsp 00007ffffb7f58a8 error 4
May 24 15:01:35 ns5 kernel: saslauthd[17953]: segfault at 0000000024a33160 rip 0000003017e76170 rsp 00007ffffb7f58a8 error 4
May 24 15:01:50 ns5 kernel: saslauthd[17956]: segfault at 0000000024a33160 rip 0000003017e76170 rsp 00007ffffb7f58a8 error 4

when I'm trying to reply and using SMTP-AUTH:
maillog:
May 23 14:04:19 ns5 postfix/smtpd[27373]: connect from unknown[192.168.2.1]
May 23 14:04:19 ns5 postfix/smtpd[27373]: warning: SASL authentication failure: size read failed
May 23 14:04:19 ns5 postfix/smtpd[27373]: warning: unknown[192.168.2.1]: SASL LOGIN authentication failed: generic failure
May 23 14:04:19 ns5 postfix/smtpd[27373]: NOQUEUE: reject: RCPT from unknown[192.168.2.1]: 554 5.7.1 <craigbwatson@bellsouth.net>: Relay access denied; from=<cdb@totalauctionmanagement.com> to=<craigbwatson@bellsouth.net> proto=ESMTP helo=<[192.168.15.101]>
May 23 14:04:20 ns5 postfix/smtpd[27371]: connect from gistly-dudgeon.volia.net[77.121.129.217]

----end snippet-----

any clues what might be going on?
cdb.
Reply With Quote
Sponsored Links
  #2  
Old 25th May 2008, 18:37
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Did you disable SELinux?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 25th May 2008, 19:01
craig baker craig baker is offline
Senior Member
 
Join Date: Mar 2008
Posts: 147
Thanks: 0
Thanked 6 Times in 6 Posts
Default selinux? yes, disabled

yep, selinux was disabled during install.

cdb.
Reply With Quote
  #4  
Old 26th May 2008, 15:56
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

What's the output of
Code:
ls -la /var/run/saslauthd
?
Do you get any errors when you restart saslauthd?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 26th May 2008, 16:09
craig baker craig baker is offline
Senior Member
 
Join Date: Mar 2008
Posts: 147
Thanks: 0
Thanked 6 Times in 6 Posts
Default more information

/var/run/saslauthd.pid does not exist because its not running (or does not run for long)
the contents of /var/run saslauthd when saslauthd is running is:

[root@ns5 run]# cd saslauthd
[root@ns5 saslauthd]# dir -al
total 20
drwxr-xr-x 2 root root 4096 May 26 10:02 .
drwxr-xr-x 22 root root 4096 May 26 10:09 ..
srwxrwxrwx 1 root root 0 May 26 10:02 mux
-rw------- 1 root root 0 May 26 10:02 mux.accept
-rw------- 1 root root 6 May 26 10:02 saslauthd.pid

when I start saslauthd up, I see:
[root@ns5 rc5.d]# tail /var/log/messages
May 26 10:02:48 ns5 saslauthd[23501]: detach_tty : master pid is: 23501
May 26 10:02:48 ns5 saslauthd[23501]: ipc_init : listening on socket: /var/run/saslauthd/mux
[root@ns5 rc5.d]#
it will run for a while and then segfault out as I indicate above.

unfortunately, I'm up against a real time crunch.

but I initially tried to get SENDMAIL running and could not get SENDMAIL AUTH working at all.
then I switched to postfix and installed cyrus as in your excellent perfect server howto.
I'm running centos 5.1 on an HP opteron server, so its x64.

I got dovecot etc up and going, but as I observer above the saslauthd is segfaulting out so I cannot authorize.


could I give you root access and pay you to correct the situation? I have got a hundred other tasks etc.

also, do you all know how practical it is to attempt to recover data from an ext3 raid array?
I had 3 drives as an array and the hosting firm (dedicated server) tells me that fedora core 2 (yes, I've had it a LONG time) cant find any ext3 filesystem
I dont believe there has been mechanical failure - the array was set to notify me by email of any array status change and I checked that - so I dont believe any of the drives physically failed.
.
I thought ext3 was pretty fault tolerant with scattered superblocks etc... any chance of recovering it?

reason I ask is that I paid the f*ckers to maintain an internal backup and I just got access to it and they didnt bother to rsync the most critical directories

your help would be most appreciated. or maybe I just need to be a permantent subscriber

cdb.

Last edited by craig baker; 26th May 2008 at 16:11.
Reply With Quote
  #6  
Old 26th May 2008, 16:56
craig baker craig baker is offline
Senior Member
 
Join Date: Mar 2008
Posts: 147
Thanks: 0
Thanked 6 Times in 6 Posts
Default when saslauthd is running:

when its running I see (ps ax)

[root@ns5 saslauthd]# ps ax | grep sasl
23501 ? Ss 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
23502 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
23503 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
23504 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
23506 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
23860 pts/3 S+ 0:00 grep sasl

occurs to me I should add that I've tried several changes in desperation. current main.cf postfix file end:
(I have tried to implement the sasl_passwd file as a simpler authentication method.
this pw file contains:
vanguard-rugged.com vanguard:mysecretpasswd
kozan.us kozan:anothersecretpassword
baylit.com baylit:yetanotherpw

rebuilt with postmap. I had hoped that dovecot would just authenticate all mail from these domains with the user/pw given.
I found folks saying this worked fine, but I could get nothing authenticated at all!

at wits end!
Oh - I saw your references to smtp_ and others to smtpd_ before the lines so I duplicated some and had both smtpd_ and smtp_
why are there two sets of these variables anyway?
thanks.

-----snip from end of main.cf-----

#readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
smtpd_sasl_local_domain =
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain,login
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sender_dependent_authentication = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_mechanism_filter = plain,login
smtpd_sasl_security_options = noanonymous
smtpd_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sender_dependent_authentication = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
mynetworks = 127.0.0.0/8
smtpd_tls_auth_only = no
smtpd_use_tls = yes
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
myhostname = ns5.cdbsystems.com
home_mailbox = Maildir/
mailbox_command =

Last edited by craig baker; 26th May 2008 at 17:22. Reason: more information
Reply With Quote
  #7  
Old 26th May 2008, 17:55
craig baker craig baker is offline
Senior Member
 
Join Date: Mar 2008
Posts: 147
Thanks: 0
Thanked 6 Times in 6 Posts
Default additional information testsaslauthd fails - seems 32/64bit issues

I have also noticed.

testsaslauthd -u whatever -p whatever always fails gives
size read failed

I noticed discussion on this error under SuSE10 - someone observed that when they reinstalled 32bit OS (I'm running CentOS 5.1 x64), the error went away!

so apparently this is a 64bit problem....

any help to anyone? any ideas? I installed as per perfect server and edited the smtpd.conf in usr/lib64

cdb.
Reply With Quote
  #8  
Old 26th May 2008, 18:17
craig baker craig baker is offline
Senior Member
 
Join Date: Mar 2008
Posts: 147
Thanks: 0
Thanked 6 Times in 6 Posts
Default 64bit the problem? anyone with a quick-and-dirty on how to use dovecot-auth?

since it looks like cyrus is a no-go. I know dovecot also can SMTP- AUTH itself. anyone favor me with a quick 1-2-3 on turning on dovecot auth from the config that I have now?
and where does dovecot store its pw information? can I use the same hash files that I'm using now???

thanks
cdb.
Reply With Quote
  #9  
Old 26th May 2008, 21:24
craig baker craig baker is offline
Senior Member
 
Join Date: Mar 2008
Posts: 147
Thanks: 0
Thanked 6 Times in 6 Posts
 
Default converted to dovecot - SMTP-AUTH functional.

I changed from cyrus to dovecot-sasl -
per:

/etc/postfix/main.cf:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

On the Dovecot side you also need to specify the Dovecot authentication daemon socket. In this case we specify an absolute pathname. In the example we assume that the Postfix queue is under /var/spool/postfix/.

/some/where/dovecot.conf:
auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}


deleted the sasl_passwd stuff etc from main.cf

reloaded and everything seems happy!

cdb.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sending e-mail using mail() function linuxuser1 HOWTO-Related Questions 38 21st April 2009 12:20
proFTPd passive mode problems bisbell Server Operation 8 6th August 2008 21:12
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47
Sendmail SMTP Auth and cyrus-sasl-2.1.17 glitch dan28088 HOWTO-Related Questions 3 6th August 2006 19:03
postfix smtp sasl auth problem hammer Installation/Configuration 1 13th July 2006 18:19


All times are GMT +2. The time now is 00:59.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.