Hi. I tried to upgrade from a perfectly running postfix system (2.5.1 + SASL1) to 2.5.4, and got an strange error. I compiled 2.5.1 (tar.gz from postfix's website) 3 months ago with: make makefiles CCARGS="-DUSE_SASL_AUTH" -lsasl make make install (answered the install questions and installed postfix in /postfix/ directory) It's been working nicely since then, but due to CVE-2008-2936 I downloaded 2.5.4 (tar.gz from postfix's website) and wrote: tar xvzf postfix-2.5.4.tar.gz cd postfix-2.5.4 make makefiles CCARGS="-DUSE_SASL_AUTH" -lsasl make /etc/init.d/postfix stop make upgrade /etc/init.d/postfix start Telnetting port 25 results in (mail.log): postfix/smtpd[8368]: warning: unsupported SASL server implementation: cyrus postfix/smtpd[8368]: fatal: SASL per-process initialization failed postfix/master[28601]: warning: process /postfix/usr/libexec/postfix/smtpd pid 8368 exit status 1 postfix/master[28601]: warning: /postfix/usr/libexec/postfix/smtpd: bad command startup -- throttling Going back to /root/sources/postfix-2.5.1 and remaking a "make upgrade" solved the problem temporary. Now I'm trying to know what I'm doing wrong, because I'm using the same "configure/make" setup and the same main.cf/master.cf files... # postconf -n | grep -i sasl | grep -v authenticated broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_path = smtpd # cat /etc/postfix/sasl/smtpd.conf pwcheck_method: pwcheck #mech_list: PLAIN LOGIN # dpkg -l | grep -i sasl ii libsasl-dev 1.5.27-3.1wood Development files for authentication abstrac ii libsasl-module 1.5.27-3.1wood Basic Pluggable Authentication Modules for S ii libsasl7 1.5.27-3.1wood Authentication abstraction library. ii sasl-bin 1.5.27-3.1wood Programs for manipulating the SASL users dat Any idea? What I'm doing wrong? Thanks for any help. -- Santiago Romero |
Santiago Romero wrote:
> > Hi. > > I tried to upgrade from a perfectly running postfix system > (2.5.1 + SASL1) to 2.5.4, and got an strange error. > > I compiled 2.5.1 (tar.gz from postfix's website) 3 months ago with: > > make makefiles CCARGS="-DUSE_SASL_AUTH" -lsasl > make > make install > (answered the install questions and installed postfix in /postfix/ > directory) > > It's been working nicely since then, but due to CVE-2008-2936 I > downloaded 2.5.4 (tar.gz from postfix's website) and wrote: > > tar xvzf postfix-2.5.4.tar.gz > cd postfix-2.5.4 > make makefiles CCARGS="-DUSE_SASL_AUTH" -lsasl CCARGS='-DUSE_SASL_AUTH \ -DUSE_CYRUS_SASL' When Dovecot authentication was introduced the arguments were changed. Now you have to use -DUSE_CYRUS_SASL explicitely in order to compile support for Cyrus sasl in. > Now I'm trying to know what I'm doing wrong, because I'm using the same > "configure/make" setup and the same main.cf/master.cf files... > > # postconf -n | grep -i sasl | grep -v authenticated > broken_sasl_auth_clients = yes > smtpd_sasl_auth_enable = yes > smtpd_sasl_path = smtpd # postconf -a cyrus dovecot -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com |
> CCARGS='-DUSE_SASL_AUTH \ > -DUSE_CYRUS_SASL' > > When Dovecot authentication was introduced the arguments were changed. > Now you have to use -DUSE_CYRUS_SASL explicitely in order to compile > support for Cyrus sasl in. It does not compile this way: (...) gcc -Wmissing-prototypes -Wformat -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -DNO_EPOLL -DHAS_PCRE -g -O -I. -I../../include -DLINUX2 -o smtpd smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o smtpd_xforward.o smtpd_dsn_fix.o smtpd_milter.o ../../lib/libmaster.a ../../lib/libtls.a ../../lib/libdns.a ../../lib/libxsasl.a ../../lib/libmilter.a ../../lib/libglobal.a ../../lib/libutil.a -lpcre -ldb -lnsl -lresolv ../../lib/libxsasl.a(xsasl_cyrus_server.o): In function `xsasl_cyrus_server_init': /root/sources/postfix/postfix-2.5.4/src/xsasl/xsasl_cyrus_server.c:235: undefined reference to `sasl_server_init' /root/sources/postfix/postfix-2.5.4/src/xsasl/xsasl_cyrus_server.c:236: undefined reference to `sasl_errstring' (...) But 2.5.1 compiles and works perfectly without -DUSE_CYRUS_SASL, and: # postconf -a cyrus dovecot (in my 2.5.1 without the -DUSE_CYRUS_SASL) Any idea? -- Santiago Romero |
Santiago Romero wrote:
> >> CCARGS='-DUSE_SASL_AUTH \ >> -DUSE_CYRUS_SASL' >> >> When Dovecot authentication was introduced the arguments were changed. >> Now you have to use -DUSE_CYRUS_SASL explicitely in order to compile >> support for Cyrus sasl in. > > It does not compile this way: > > (...) > gcc -Wmissing-prototypes -Wformat -DUSE_SASL_AUTH -DUSE_CYRUS_SASL > -DNO_EPOLL -DHAS_PCRE -g -O -I. -I../../include -DLINUX2 -o smtpd smtpd.o > smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o smtpd_peer.o > smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o smtpd_xforward.o > smtpd_dsn_fix.o smtpd_milter.o ../../lib/libmaster.a ../../lib/libtls.a > ../../lib/libdns.a > ../../lib/libxsasl.a ../../lib/libmilter.a ../../lib/libglobal.a > ../../lib/libutil.a -lpcre > -ldb -lnsl -lresolv > > ../../lib/libxsasl.a(xsasl_cyrus_server.o): In function > `xsasl_cyrus_server_init': > /root/sources/postfix/postfix-2.5.4/src/xsasl/xsasl_cyrus_server.c:235: > undefined reference to `sasl_server_init' > /root/sources/postfix/postfix-2.5.4/src/xsasl/xsasl_cyrus_server.c:236: > undefined reference to `sasl_errstring' > (...) > > But 2.5.1 compiles and works perfectly without -DUSE_CYRUS_SASL, and: > > # postconf -a > cyrus > dovecot > > (in my 2.5.1 without the -DUSE_CYRUS_SASL) > > Any idea? At the moment I am scratching my head. Something is apparently different in the sasl implementation. I assume that you compile both versions in the same environment? Did you start the compilation from a clean extracted tarball? "make clean" sometimes wasn't enough to get rid of some previous build remains. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com |
> At the moment I am scratching my head. Something is apparently > different in the sasl implementation. I assume that you compile both > versions in the same environment? Yes. Same machine: truth:~/sources/postfix# ls -l total 6188 drwxr-xr-x 16 postfix postfix 4096 ago 20 10:03 postfix-2.5.1 drwxr-xr-x 16 root root 4096 ago 20 11:28 postfix-2.5.4 -rw-r--r-- 1 postfix postfix 3153629 feb 16 2008 postfix-2.5.1.tar.gz -rw-r--r-- 1 root root 3157713 ago 14 08:13 postfix-2.5.4.tar.gz # dpkg -l | grep -i sasl ii libsasl-dev 1.5.27-3.1wood Development files for authentication abstrac ii libsasl-module 1.5.27-3.1wood Basic Pluggable Authentication Modules for S ii libsasl7 1.5.27-3.1wood Authentication abstraction library. ii sasl-bin 1.5.27-3.1wood Programs for manipulating the SASL users dat Y compile 2.5.1 with: make makefiles CCARGS="-DUSE_SASL_AUTH" -lsasl make And SASL works. The same "make" sentences with 2.5.4 compiles and after the make upgrade it gives the sasl error in the logs. If I add the -DUSE_CYRUS_SASL, 2.5.4 does not compile. Thanks. > > Did you start the compilation from a clean extracted tarball? "make > clean" sometimes wasn't enough to get rid of some previous build remains. > Yes, just after the "tar xvzf"... -- Santiago Romero |
Santiago Romero wrote:
> > I compile 2.5.1 with: > > make makefiles CCARGS="-DUSE_SASL_AUTH" -lsasl > make > > And SASL works. The same "make" sentences with 2.5.4 compiles and > after the > make upgrade it gives the sasl error in the logs. > And "compiled postfconf" says: truth:~/sources/postfix/postfix-2.5.4# ./bin/postconf -a dovecot It seems I need a "-D" flag to use SASL1 ... but that you gave me gives linking errors ... :? -- Santiago Romero |
Santiago Romero wrote:
> Santiago Romero wrote: >> >> I compile 2.5.1 with: >> >> make makefiles CCARGS="-DUSE_SASL_AUTH" -lsasl >> make >> >> And SASL works. The same "make" sentences with 2.5.4 compiles and >> after the >> make upgrade it gives the sasl error in the logs. >> > > And "compiled postfconf" says: > > truth:~/sources/postfix/postfix-2.5.4# ./bin/postconf -a > dovecot > > It seems I need a "-D" flag to use SASL1 ... but that you gave me gives > linking errors ... :? Are you absolutely sure that you need SASL1 and not SASL2? Please check what versions of sasl.h are installed on your system. It could be that an incompatible version is used during compilation. Is that a RedHad or Fedora system? -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com |
> Are you absolutely sure that you need SASL1 and not SASL2? Please > check what versions of sasl.h are installed on your system. It could > be that an incompatible version is used during compilation. Yes, I need it. I don't have available SASL2 and when I tried to download and compile sasl2 in such an old system I had real problems with other sasl-compiled applications. I must continue using SASL1... > > Is that a RedHad or Fedora system? > Debian Woody (quite old, Debian 2.2). -- Santiago Romero |
Santiago Romero wrote:
Solved! I noticed that the undefined symbols were correctly defined in libsasl1, so I thought that the problem was the library not being linked in. So: I changed: make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL" -lsasl make To: make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -lsasl" -lsasl make Noticed I included (again) the -lsasl into the CCARGS. This way compiles and works. I don't understand why I needed this change to compile this version :-? Thanks a lot for all the help. -- Santiago Romero |
Santiago Romero:
> Santiago Romero wrote: > > Solved! I noticed that the undefined symbols were correctly defined in > libsasl1, so I thought that the problem was the library not being linked > in. So: > > I changed: > > > make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL" -lsasl > make That is not the correct syntax. See the INSTALL file. > > To: > > > make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -lsasl" -lsasl > make That is also incorrect. See the INSTALL file. Wietse > > Noticed I included (again) the -lsasl into the CCARGS. This way > compiles and works. > > I don't understand why I needed this change to compile this version :-? > > Thanks a lot for all the help. > > -- > Santiago Romero > > > > |
>> make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL" -lsasl >> make >> > > That is not the correct syntax. See the INSTALL file. > What's wrong? The "-lsasl" statement? In the INSTALL file I see you use "single quotation marks" instead of double. Besides of that, what I'm doing wrong? Thanks. PS: It compiled and worked with the -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -lsasl" ... just luck? -- Santiago Romero |
Santiago Romero:
> > >> make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL" -lsasl > >> make > >> > > > > That is not the correct syntax. See the INSTALL file. > > > > What's wrong? The "-lsasl" statement? See the INSTALL file. Also on-line as http://www.postfix.org/INSTALL.html See also the SASL_README file for SASL-specific command syntax. Wietse > In the INSTALL file I see you use "single quotation marks" instead of > double. Besides of that, what I'm doing wrong? > > Thanks. > > PS: It compiled and worked with the -DUSE_SASL_AUTH -DUSE_CYRUS_SASL > -lsasl" ... just luck? > > -- > Santiago Romero > > > > |
In reply to this post by Santiago Romero-2
Santiago Romero wrote:
> >>> make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL" -lsasl >>> make >>> >> >> That is not the correct syntax. See the INSTALL file. >> > > What's wrong? The "-lsasl" statement? Wrong parameter. Here's the part from the SASL_README: % make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL \ -I/usr/local/include" AUXLIBS="-L/usr/local/lib -lsasl" -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com |
In reply to this post by Wietse Venema
>
> Santiago Romero: >>>> make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL" -lsasl >>>> make > > See the INSTALL file. Also on-line as http://www.postfix.org/INSTALL.html > > See also the SASL_README file for SASL-specific command syntax. Ok, I see it: make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL" AUXLIBS="-lsasl" Thanks a lot :) -- Santiago Romero |
Free forum by Nabble | Edit this page |