Upgrading from 2.5.1 to 2.5.4 (sasl error????).

 Hi.

 I tried to upgrade from a perfectly running postfix system
(2.5.1 + SASL1) to 2.5.4, and got an strange error.

 I compiled 2.5.1 (tar.gz from postfix's website) 3 months ago with:

make makefiles CCARGS="-DUSE_SASL_AUTH" -lsasl
make
make install
(answered the install questions and installed postfix in /postfix/
directory)

 It's been working nicely since then, but due to CVE-2008-2936 I
downloaded 2.5.4 (tar.gz from postfix's website) and wrote:

tar xvzf postfix-2.5.4.tar.gz
cd postfix-2.5.4
make makefiles CCARGS="-DUSE_SASL_AUTH" -lsasl
make
/etc/init.d/postfix stop
make upgrade
/etc/init.d/postfix start

 Telnetting port 25 results in (mail.log):

 postfix/smtpd[8368]: warning: unsupported SASL server implementation: cyrus
 postfix/smtpd[8368]: fatal: SASL per-process initialization failed
 postfix/master[28601]: warning: process /postfix/usr/libexec/postfix/smtpd
                                       pid 8368 exit status 1
 postfix/master[28601]: warning: /postfix/usr/libexec/postfix/smtpd: bad
                                       command startup -- throttling

 Going back to /root/sources/postfix-2.5.1 and remaking a "make upgrade"
solved the problem temporary.

 Now I'm trying to know what I'm doing wrong, because I'm using the same
 "configure/make" setup and the same main.cf/master.cf files...

# postconf -n | grep -i sasl | grep -v authenticated
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd

# cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: pwcheck
#mech_list: PLAIN LOGIN

# dpkg -l | grep -i sasl
ii  libsasl-dev    1.5.27-3.1wood Development files for authentication
abstrac
ii  libsasl-module 1.5.27-3.1wood Basic Pluggable Authentication Modules
for S
ii  libsasl7       1.5.27-3.1wood Authentication abstraction library.
ii  sasl-bin       1.5.27-3.1wood Programs for manipulating the SASL
users dat


 Any idea? What I'm doing wrong?

 Thanks for any help.

--
Santiago Romero

Santiago Romero wrote:
CCARGS='-DUSE_SASL_AUTH \
-DUSE_CYRUS_SASL'

When Dovecot authentication was introduced the arguments were changed. Now you
have to use -DUSE_CYRUS_SASL explicitely in order to compile support for Cyrus
sasl in.

> Now I'm trying to know what I'm doing wrong, because I'm using the same
> "configure/make" setup and the same main.cf/master.cf files...
>
> # postconf -n | grep -i sasl | grep -v authenticated
> broken_sasl_auth_clients = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = smtpd

# postconf -a
cyrus
dovecot

--
Sandy

List replies only please!
Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com

> CCARGS='-DUSE_SASL_AUTH \
> -DUSE_CYRUS_SASL'
>
> When Dovecot authentication was introduced the arguments were changed.
> Now you have to use -DUSE_CYRUS_SASL explicitely in order to compile
> support for Cyrus sasl in.

 It does not compile this way:

(...)
gcc -Wmissing-prototypes -Wformat -DUSE_SASL_AUTH -DUSE_CYRUS_SASL
-DNO_EPOLL -DHAS_PCRE  -g -O -I. -I../../include -DLINUX2 -o smtpd smtpd.o
smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o smtpd_peer.o
smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o smtpd_xforward.o
smtpd_dsn_fix.o smtpd_milter.o ../../lib/libmaster.a ../../lib/libtls.a
../../lib/libdns.a
 ../../lib/libxsasl.a ../../lib/libmilter.a ../../lib/libglobal.a
../../lib/libutil.a -lpcre
 -ldb -lnsl -lresolv

../../lib/libxsasl.a(xsasl_cyrus_server.o): In function
`xsasl_cyrus_server_init':
/root/sources/postfix/postfix-2.5.4/src/xsasl/xsasl_cyrus_server.c:235:
undefined reference to `sasl_server_init'
/root/sources/postfix/postfix-2.5.4/src/xsasl/xsasl_cyrus_server.c:236:
undefined reference to `sasl_errstring'
(...)

 But 2.5.1 compiles and works perfectly without -DUSE_CYRUS_SASL, and:

# postconf -a
cyrus
dovecot

(in my 2.5.1 without the -DUSE_CYRUS_SASL)

 Any idea?

--
Santiago Romero

Santiago Romero wrote:
At the moment I am scratching my head. Something is apparently different in
the sasl implementation. I assume that you compile both versions in the same
environment?

Did you start the compilation from a clean extracted tarball? "make clean"
sometimes wasn't enough to get rid of some previous build remains.

--
Sandy

List replies only please!
Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com

> At the moment I am scratching my head. Something is apparently
> different in the sasl implementation. I assume that you compile both
> versions in the same environment?

 Yes. Same machine:

truth:~/sources/postfix# ls -l
total 6188
drwxr-xr-x   16 postfix  postfix      4096 ago 20 10:03 postfix-2.5.1
drwxr-xr-x   16 root root         4096 ago 20 11:28 postfix-2.5.4
-rw-r--r--    1 postfix  postfix   3153629 feb 16  2008 postfix-2.5.1.tar.gz
-rw-r--r--    1 root     root      3157713 ago 14 08:13 postfix-2.5.4.tar.gz

# dpkg -l | grep -i sasl
ii  libsasl-dev    1.5.27-3.1wood Development files for authentication
abstrac
ii  libsasl-module 1.5.27-3.1wood Basic Pluggable Authentication Modules
for S
ii  libsasl7       1.5.27-3.1wood Authentication abstraction library.
ii  sasl-bin       1.5.27-3.1wood Programs for manipulating the SASL
users dat

 Y compile 2.5.1 with:

make makefiles CCARGS="-DUSE_SASL_AUTH" -lsasl
make

 And SASL works. The same "make" sentences with 2.5.4 compiles and after the
make upgrade it gives the sasl error in the logs.

 If I add the -DUSE_CYRUS_SASL, 2.5.4 does not compile.

 Thanks.

>
> Did you start the compilation from a clean extracted tarball? "make
> clean" sometimes wasn't enough to get rid of some previous build remains.
>

 Yes, just after the "tar xvzf"...

--
Santiago Romero

Santiago Romero wrote:
 And "compiled postfconf" says:

truth:~/sources/postfix/postfix-2.5.4# ./bin/postconf -a
dovecot

 It seems I need a "-D" flag to use SASL1 ... but that you gave me gives
linking errors ... :?

--
Santiago Romero

Santiago Romero wrote:
Are you absolutely sure that you need SASL1 and not SASL2? Please check what
versions of sasl.h are installed on your system. It could be that an
incompatible version is used during compilation.

Is that a RedHad or Fedora system?

--
Sandy

List replies only please!
Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com

> Are you absolutely sure that you need SASL1 and not SASL2? Please
> check what versions of sasl.h are installed on your system. It could
> be that an incompatible version is used during compilation.

 Yes, I need it. I don't have available SASL2 and when I tried to
download and compile sasl2 in such an old system I had real problems
with other sasl-compiled applications. I must continue using SASL1...
 
>
> Is that a RedHad or Fedora system?
>

 Debian Woody (quite old, Debian 2.2).

--
Santiago Romero

Santiago Romero wrote:

 Solved! I noticed that the undefined symbols were correctly defined in
libsasl1, so I thought that the problem was the library not being linked
in. So:

 I changed:


make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL" -lsasl
make


 To:


make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -lsasl" -lsasl
make


 Noticed I included (again) the -lsasl into the CCARGS. This way
compiles and works.

 I don't understand why I needed this change to compile this version :-?

 Thanks a lot for all the help.

--
Santiago Romero

Santiago Romero:
That is not the correct syntax. See the INSTALL file.
>
>  To:
>
>
> make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -lsasl" -lsasl
> make

That is also incorrect. See the INSTALL file.

        Wietse

>> make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL" -lsasl
>> make
>>    
>
> That is not the correct syntax. See the INSTALL file.
>  

 What's wrong? The "-lsasl" statement?

 In the INSTALL file I see you use "single quotation marks" instead of
double. Besides of that, what I'm doing wrong?

 Thanks.

PS: It compiled and worked with the -DUSE_SASL_AUTH -DUSE_CYRUS_SASL
-lsasl" ... just luck?

--
Santiago Romero

Santiago Romero:
>
> >> make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL" -lsasl
> >> make
> >>    
> >
> > That is not the correct syntax. See the INSTALL file.
> >  
>
>  What's wrong? The "-lsasl" statement?

See the INSTALL file. Also on-line as http://www.postfix.org/INSTALL.html

See also the SASL_README file for SASL-specific command syntax.

        Wietse

Santiago Romero wrote:
>
>>> make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL" -lsasl
>>> make
>>>    
>>
>> That is not the correct syntax. See the INSTALL file.
>>  
>
> What's wrong? The "-lsasl" statement?

Wrong parameter. Here's the part from the SASL_README:

% make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL \
     -I/usr/local/include" AUXLIBS="-L/usr/local/lib -lsasl"

--
Sandy

List replies only please!
Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com

 >
 > Santiago Romero:
 >>>> make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL" -lsasl
 >>>> make
 >
 > See the INSTALL file. Also on-line as http://www.postfix.org/INSTALL.html
 >
 > See also the SASL_README file for SASL-specific command syntax.

 Ok, I see it:

 make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL" AUXLIBS="-lsasl"

 Thanks a lot :)

--
Santiago Romero