'Send only' postfix configuration works on Ubuntu but not on Rasberry Pi - missing TLS library?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

'Send only' postfix configuration works on Ubuntu but not on Rasberry Pi - missing TLS library?

Chris Green-11
I am setting up a 'send only' Postfix configuration on a number of
machines so that they can send error messages to me on my desktop
machine.

The main.cf file is:-

    compatibility_level = 2
    #
    #
    # TLS parameters
    #
    smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

    smtp_tls_CApath=/etc/ssl/certs
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    #
    #
    # This is the actual 'custom' configuration
    #
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    mydomain = zbmc.eu
    myorigin = $mydomain
    relayhost = [mail.gandi.net]:465
    #
    #
    # We don't accept any incoming connections
    #
    mydestination =
    inet_interfaces = loopback-only
    #
    #
    # SASL configuration for connecting to Gandi (or TsoHost)
    #
    smtp_sasl_auth_enable = yes
    smtp_tls_wrappermode = yes
    smtp_tls_security_level = encrypt
    smtp_sasl_tls_security_options = noanonymous
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd


I'm running postfix 3.4.13 on the Ubuntu laptop, 3.4.14 on the
Raspberry Pi.

It's working fine on the Ubuntu laptop but on the Raspberry Pi I'm
getting the following error reported in mail.warn :-

    Dec  7 12:52:16 dns postfix/smtp[15473]: warning: SASL authentication failure: No worthy mechs found

Presumably this means there's a SASL/TLS library I need to install on
the Pi, can anyone tell me what it is please.  Oh, I have run 'postmap
/etc/postfix/sasl_passwd' on both systems.



While I'm about it why am I getting identical mail.log and mail.info
files created in /var/log on the Pi?

--
Chris Green
Reply | Threaded
Open this post in threaded view
|

Re: 'Send only' postfix configuration works on Ubuntu but not on Rasberry Pi - missing TLS library?

Chris Green-11
On Mon, Dec 07, 2020 at 01:01:16PM +0000, Chris Green wrote:
[snip]
>
> Presumably this means there's a SASL/TLS library I need to install on
> the Pi, can anyone tell me what it is please.  Oh, I have run 'postmap
> /etc/postfix/sasl_passwd' on both systems.
>

Typical! Almost immediately after posting the question I found the
solution.  Careful comparison of what's installed on the Pi compared
with the Ubuntu system showed that libsasl2-modules was needed (I had
libsasl2-modules-db already).  Installing libsasl2-modules has fixed
my problem.

>
>
> While I'm about it why am I getting identical mail.log and mail.info
> files created in /var/log on the Pi?
>
I could still do with an answer to this.

--
Chris Green
Reply | Threaded
Open this post in threaded view
|

Re: 'Send only' postfix configuration works on Ubuntu but not on Rasberry Pi - missing TLS library?

Wietse Venema
Chris Green:
> > While I'm about it why am I getting identical mail.log and mail.info
> > files created in /var/log on the Pi?
> >
> I could still do with an answer to this.

Postfix does not write those files. They are written by diffferent
programs: rsyslog, syslogd, or the like.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: 'Send only' postfix configuration works on Ubuntu but not on Rasberry Pi - missing TLS library?

Dominic Raferd
In reply to this post by Chris Green-11
On 07/12/2020 13:11, Chris Green wrote:
> On Mon, Dec 07, 2020 at 01:01:16PM +0000, Chris Green wrote:
> [snip]
>
>>
>> While I'm about it why am I getting identical mail.log and mail.info
>> files created in /var/log on the Pi?
>> I could still do with an answer to this.
>>
Check contents of /etc/rsyslog.d (e.g. 50-default.conf) and docs at
www.rsyslog.com/doc/
Reply | Threaded
Open this post in threaded view
|

Re: 'Send only' postfix configuration works on Ubuntu but not on Rasberry Pi - missing TLS library?

Chris Green-11
On Mon, Dec 07, 2020 at 02:34:14PM +0000, Dominic Raferd wrote:

> On 07/12/2020 13:11, Chris Green wrote:
> > On Mon, Dec 07, 2020 at 01:01:16PM +0000, Chris Green wrote:
> > [snip]
> >
> > >
> > > While I'm about it why am I getting identical mail.log and mail.info
> > > files created in /var/log on the Pi?
> > > I could still do with an answer to this.
> > >
> Check contents of /etc/rsyslog.d (e.g. 50-default.conf) and docs at
> www.rsyslog.com/doc/

Yes, thanks (and Wietse), the Raspberry Pi default rsyslog
configuration has:-

    mail.*                          -/var/log/mail.log
    ...
    ...
    mail.info                       -/var/log/mail.info
    mail.warn                       -/var/log/mail.warn
    mail.err                        /var/log/mail.err

Sorry for the noise.  I'll go quiet again soon when I've got Postfix
properly configured on these systems I've just added it to.

--
Chris Green
Reply | Threaded
Open this post in threaded view
|

OT: syslog output files (Re: 'Send only' postfix configuration works on Ubuntu but not on Rasberry Pi - missing TLS library?)

Kris Deugau
In reply to this post by Chris Green-11
Chris Green wrote:
> While I'm about it why am I getting identical mail.log and mail.info
> files created in /var/log on the Pi?

It's not inherently Pi-specific.

The root cause is some wise-guy upstream package maintainer who has
(mis?)configured (r)syslog to output multiple log files for different
priority messages sent to the MAIL facilty by default.  Whether this is
actually useful is entirely a matter of opinion.

One of the first things I do in a new Debian install is to revert this
to the standard single file.  Personally I have yet to find a use case
where this split would be useful, notwithstanding the packager's
comments in the rsyslog configuration.

-kgd
Reply | Threaded
Open this post in threaded view
|

Re: 'Send only' postfix configuration works on Ubuntu but not on Rasberry Pi - missing TLS library?

Dominic Raferd
In reply to this post by Chris Green-11

On 07/12/2020 14:58, Chris Green wrote:

> On Mon, Dec 07, 2020 at 02:34:14PM +0000, Dominic Raferd wrote:
>> On 07/12/2020 13:11, Chris Green wrote:
>>> On Mon, Dec 07, 2020 at 01:01:16PM +0000, Chris Green wrote:
>>> [snip]
>>>
>>>> While I'm about it why am I getting identical mail.log and mail.info
>>>> files created in /var/log on the Pi?
>>>> I could still do with an answer to this.
>>>>
>> Check contents of /etc/rsyslog.d (e.g. 50-default.conf) and docs at
>> www.rsyslog.com/doc/
> Yes, thanks (and Wietse), the Raspberry Pi default rsyslog
> configuration has:-
>
>      mail.*                          -/var/log/mail.log
>      ...
>      ...
>      mail.info                       -/var/log/mail.info
>      mail.warn                       -/var/log/mail.warn
>      mail.err                        /var/log/mail.err
>
> Sorry for the noise.  I'll go quiet again soon when I've got Postfix
> properly configured on these systems I've just added it to.

If immediately after the line beginning 'mail.*'  you insert a line:

& stop

this will stop any further mail facility logging. Or delete the later lines.

You will have to restart rsyslogd afterwards e.g. systemctl restart rsyslog