postfix/smtpd killed by signal 9, bad command startup
Locked
postfix/smtpd killed by signal 9, bad command startup
 
|
Hi! I build postfix 3.5.7 from source on OpenBSD 6.7. I seem to have problem with the certificate I generated. They work fine with Dovecot, though. In the moment postfix/master starts the smtpd and it's trying to do something with the certificate (on the smtp submission port 587), it crashes: Sep 20 23:03:50 neptunus postfix/master[30686]: warning: process
/usr/local/libexec/postfix/smtpd pid 84403 killed by signal 9 I added a lot of debugging/logging code to find where it crashes, and for a moment I thought I had found it, line 522 in tls/tls_server.c. So I added -DOPENSSL_NO_TLSEXT and built again, but now it crashes further down, the call tls_set_my_certificate_key_info() on line 606 in tls/tls_server.c, function tls_server_init(). However, I take a step back and I assume there is something wrong
with the certificate or my configuration? It's a self-signed
certificate. Or am I on to some real bug here? Here's my postconf -n output: neptunus# postconf -n | sort command_directory = /usr/local/sbin compatibility_level = 2 daemon_directory = /usr/local/libexec/postfix data_directory = /var/postfix debug_peer_level = 2 debug_peer_list = localhost disable_vrfy_command = yes home_mailbox = Maildir/ html_directory = /usr/local/share/doc/postfix/html inet_protocols = all mail_owner = _postfix mail_spool_directory = /var/mail mailbox_command = /usr/local/libexec/dovecot/deliver mailbox_size_limit = 80000000 mailq_path = /usr/local/sbin/mailq manpage_directory = /usr/local/man message_size_limit = 80000000 meta_directory = /etc/postfix mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks_style = subnet newaliases_path = /usr/local/sbin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix/readme recipient_delimiter = + relay_domains = $mydestination relayhost = [in.mailjet.com]:587 sample_directory = /etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = _postdrop shlib_directory = /usr/lib/postfix smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_tls_security_level = encrypt smtp_tls_wrappermode = no smtpd_banner = $myhostname ESMTP $mail_name ($mail_version $service_name) smtpd_recipient_restrictions = permit_auth_destination, permit_sasl_authenticated, reject tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 And the relevant part of master.cf: submission inet n - y - - smtpd -v -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_tls_security_options=noanonymous -o smtpd_sasl_local_domain=$mydomain -o smtpd_tls_chain_files=/etc/ssl/private/dovecot-priv-key.pem,/etc/ssl/dovecot-pub-cert.pem # -o smtpd_tls_auth_only=yes -o smtpd_use_tls=yes -o smtpd_tls_loglevel=2 #kraschar: -o smtpd_enforce_tls=yes #kraschar: -o smtpd_tls_security_level=encrypt -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=reject_non_fqdn_sender,reject_unknown_sender_domain,reject_sender_login_mismatch # -o smtpd_sender_login_maps=unix:passwd.byname -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,permit_sasl_authenticated,permit_auth_destination,reject -o smtpd_relay_restrictions=permit_sasl_authenticated,reject Here's my 'make makefiles' command: make makefiles shared=yes CCARGS='-DUSE_SASL_AUTH -DUSE_TLS -DDEF_SERVER_SASL_TYPE=\"dovecot\" -DOPENSSL_NO_TLSEXT -I/usr/local/include/sasl' AUXLIBS="-lssl -lcrypto -L/usr/local/lib -lsasl2" Thanks, -- Peter Lindgren [hidden email] |
Re: postfix/smtpd killed by signal 9, bad command startup
|
|
On Mon, Sep 21, 2020 at 08:09:41PM +0200, Peter Lindgren wrote:
> I build postfix 3.5.7 from source on OpenBSD 6.7. I seem to have problem > with the certificate I generated. They work fine with Dovecot, though. If you're linking against LibreSSL, and not OpenSSL, that's not supported. -- Viktor. |
Re: postfix/smtpd killed by signal 9, bad command startup
|
|
In reply to this post by Peter Lindgren-2
Peter Lindgren:
> Hi! > > I build postfix 3.5.7 from source on OpenBSD 6.7. I seem to have problem > with the certificate I generated. They work fine with Dovecot, though. > > In the moment postfix/master starts the smtpd and it's trying to do > something with the certificate (on the smtp submission port 587), it > crashes: > > Sep 20 23:03:50 neptunus postfix/master[30686]: warning: process > /usr/local/libexec/postfix/smtpd pid 84403 killed by signal 9 This reminds me of GnuTLS library code that would send text to stderr and terminate the process. That was a very unusual way to report that the random number generator was unavailable. Calling a library with a bad certificate should never cause a process to terminate. Instead the library should return an error code to Postfix. Perhaps some OpenBSD code is sending a signal 9 (SIGKILL) when it does not like what Postfix does? It would be a very unusual way to report a problem. Try this: postfix stop /path/to/master -d This will leave stderr open and display any stderr output that some non-Postfix library code might send. Wietse > Sep 20 23:03:50 neptunus postfix/master[30686]: warning: > /usr/local/libexec/postfix/smtpd: bad command startup -- throttling > > I added a lot of debugging/logging code to find where it crashes, and > for a moment I thought I had found it, line 522 in tls/tls_server.c. So > I added -DOPENSSL_NO_TLSEXT and built again, but now it crashes further > down, the call tls_set_my_certificate_key_info() on line 606 in > tls/tls_server.c, function tls_server_init(). > > However, I take a step back and I assume there is something wrong with > the certificate or my configuration? It's a self-signed certificate. Or > am I on to some real bug here? > > Here's my postconf -n output: > > neptunus# postconf -n | sort > command_directory = /usr/local/sbin > compatibility_level = 2 > daemon_directory = /usr/local/libexec/postfix > data_directory = /var/postfix > debug_peer_level = 2 > debug_peer_list = localhost > disable_vrfy_command = yes > home_mailbox = Maildir/ > html_directory = /usr/local/share/doc/postfix/html > inet_protocols = all > mail_owner = _postfix > mail_spool_directory = /var/mail > mailbox_command = /usr/local/libexec/dovecot/deliver > mailbox_size_limit = 80000000 > mailq_path = /usr/local/sbin/mailq > manpage_directory = /usr/local/man > message_size_limit = 80000000 > meta_directory = /etc/postfix > mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain > mynetworks_style = subnet > newaliases_path = /usr/local/sbin/newaliases > queue_directory = /var/spool/postfix > readme_directory = /usr/local/share/doc/postfix/readme > recipient_delimiter = + > relay_domains = $mydestination > relayhost = [in.mailjet.com]:587 > sample_directory = /etc/postfix > sendmail_path = /usr/local/sbin/sendmail > setgid_group = _postdrop > shlib_directory = /usr/lib/postfix > smtp_sasl_auth_enable = yes > smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd > smtp_sasl_security_options = noanonymous > smtp_tls_security_level = encrypt > smtp_tls_wrappermode = no > smtpd_banner = $myhostname ESMTP $mail_name ($mail_version $service_name) > smtpd_recipient_restrictions = permit_auth_destination, permit_sasl_authenticated, reject > tls_random_source = dev:/dev/urandom > unknown_local_recipient_reject_code = 550 > > And the relevant part of master.cf: > > submission inet? n?????? -?????? y?????? -?????? -?????? smtpd -v > ? -o smtpd_sasl_auth_enable=yes > ? -o smtpd_sasl_type=dovecot > ? -o smtpd_sasl_path=private/auth > ? -o smtpd_sasl_security_options=noanonymous > ? -o smtpd_sasl_tls_security_options=noanonymous > ? -o smtpd_sasl_local_domain=$mydomain > ? -o smtpd_tls_chain_files=/etc/ssl/private/dovecot-priv-key.pem,/etc/ssl/dovecot-pub-cert.pem > #? -o smtpd_tls_auth_only=yes > ? -o smtpd_use_tls=yes > ? -o smtpd_tls_loglevel=2 > #kraschar:? -o smtpd_enforce_tls=yes > #kraschar:? -o smtpd_tls_security_level=encrypt > ? -o smtpd_client_restrictions=permit_sasl_authenticated,reject > ? -o smtpd_sender_restrictions=reject_non_fqdn_sender,reject_unknown_sender_domain,reject_sender_login_mismatch > #? -o smtpd_sender_login_maps=unix:passwd.byname > ? -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,permit_sasl_authenticated,permit_auth_destination,reject > ? -o smtpd_relay_restrictions=permit_sasl_authenticated,reject > > Here's my 'make makefiles' command: > > make makefiles shared=yes CCARGS='-DUSE_SASL_AUTH -DUSE_TLS -DDEF_SERVER_SASL_TYPE=\"dovecot\" -DOPENSSL_NO_TLSEXT -I/usr/local/include/sasl' AUXLIBS="-lssl -lcrypto -L/usr/local/lib -lsasl2" > > Thanks, > Peter > > -- > Peter Lindgren<[hidden email]> > |
Re: postfix/smtpd killed by signal 9, bad command startup
|
|
In reply to this post by Viktor Dukhovni
On 2020-09-21 20.39, Viktor Dukhovni
wrote:
On Mon, Sep 21, 2020 at 08:09:41PM +0200, Peter Lindgren wrote:I build postfix 3.5.7 from source on OpenBSD 6.7. I seem to have problem with the certificate I generated. They work fine with Dovecot, though.If you're linking against LibreSSL, and not OpenSSL, that's not supported. There was something fishy in my build, I installed a packaged
release and it didn't have any SSL errors. I'll go with that
release. Thanks, -- Peter Lindgren [hidden email] +46 705 87 88 99 |
«
Return to Postfix Users
|
1 view|%1 views
| Free forum by Nabble | Edit this page |