Results 1 to 7 of 7

Thread: New Installation Postifix Problem

  1. #1
    Join Date
    Apr 2007
    Posts
    11
    Rep Power
    8

    Default New Installation Postifix Problem

    Hi,

    I've banged this around for a bit now and really can not find any clean answers or new things to try. I've tried just about everything I've found in the forums ("that I've found" being key I hope)

    Issue: SMTP AUTH: I can not auth for smtp in any of 25:TLS or 465:SSL (auth for client protocols are fine (POP/IMAP) thus my suspicion of postfix and things immediately postfix connected.

    Issue One Log snip of auth attempts:
    May 6 16:05:34 mail postfix/smtpd[2888]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
    May 6 16:05:34 mail postfix/smtpd[2888]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
    May 6 16:05:34 mail postfix/smtpd[2888]: warning: SASL authentication failure: no secret in database
    May 6 16:05:34 mail postfix/smtpd[2888]: warning: mail.tradecaptureotc.com[172.16.249.163]: SASL NTLM authentication failed
    May 6 16:05:34 mail postfix/smtpd[2888]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
    May 6 16:05:34 mail last message repeated 4 times
    May 6 16:05:34 mail postfix/smtpd[2888]: warning: SASL authentication failure: Password verification failed
    May 6 16:05:34 mail postfix/smtpd[2888]: warning: mail.tradecaptureotc.com[172.16.249.163]: SASL PLAIN authentication failed
    May 6 16:05:34 mail postfix/smtpd[2888]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
    May 6 16:05:34 mail last message repeated 5 times
    May 6 16:05:34 mail postfix/smtpd[2888]: warning: mail.tradecaptureotc.com[172.16.249.163]: SASL LOGIN authentication failed
    May 6 16:05:45 mail postfix/smtpd[2888]: lost connection after AUTH from mail.tradecaptureotc.com[172.16.249.163]

    There is no other postfix running. The sasl libs should be zimbras (how to verify with certainty?) Postfix appears to be auth enabled (it wouldn't be trying otherwise would it?)

    The fact that it seems to be looking for a sleepycat in /etc and not ldap (your sasl is complied to ldap yes?) makes me think the wrong sasl libs are linked in or the sys lib has a jump on it.

    Any body have anything to try that might shake this cat free?

    Thanks,

    Randy

  2. #2
    Join Date
    Apr 2007
    Posts
    11
    Rep Power
    8

    Default ldd for smtp doesn't look good

    Sorry about the dupe post.

    Anyway.. I answered my own question; ldd on smtpd shows system sasl lib.

    # ldd smtpd
    linux-gate.so.1 => (0xffffe000)
    libpcre.so.3 => /usr/lib/libpcre.so.3 (0xb7ef8000)
    libldap-2.3.so.0 => /opt/zimbra/lib/libldap-2.3.so.0 (0xb7ebc000)
    liblber-2.3.so.0 => /opt/zimbra/lib/liblber-2.3.so.0 (0xb7eaf000)
    libmysqlclient.so.15 => /usr/lib/libmysqlclient.so.15 (0xb7cce000)
    libz.so.1 => /usr/lib/libz.so.1 (0xb7cba000)
    libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7c93000)
    libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7c7c000)
    libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7c65000)
    libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7c24000)
    libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7ae2000)
    libnsl.so.1 => /lib/tls/i686/cmov/libnsl.so.1 (0xb7acb000)
    libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7ab8000)
    libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7977000)
    libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7948000)
    /lib/ld-linux.so.2 (0xb7f1a000)
    libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7944000)

  3. #3
    Join Date
    Apr 2007
    Posts
    11
    Rep Power
    8

    Default maybe not sys SASL - zimbra SASL

    That ldd was run as root. How can I verify the runtime lib is correct?

    I have to be somewhat careful as there is another runtime requirement for this library. The system lib is one rev up too.

    Is this the right track? If I move out the system lib is the probability high that this will fix smtpd auth?

  4. #4
    Join Date
    Apr 2007
    Posts
    11
    Rep Power
    8

    Default Can not remove sys lib sasl

    Hi,

    Confirmed wrong sasl lib. Now I really do have a problem. I cannot move out the system sasl library. How can I effectively set LD_LIBRARY_PATH rules on the postfix installation binaries.. ??

    So How to direct postfix to the appropriate libraries?

    Anybody? Anyone? Beuller?

  5. #5
    Join Date
    Jul 2007
    Location
    Wilmington, DE
    Posts
    18
    Rep Power
    8

    Default NTLM listed by MTA but not available

    I get the following errors trying to send mail from my PDA:

    Dec 19 11:41:05 mail postfix/smtpd[22877]: connect from 109.sub-75-197-165.myvzw.com[75.197.165.109]
    Dec 19 11:41:05 mail postfix/smtpd[22877]: setting up TLS connection from 109.sub-75-197-165.myvzw.com[75.197.165.109]
    Dec 19 11:41:05 mail postfix/smtpd[22877]: TLS connection established from 109.sub-75-197-165.myvzw.com[75.197.165.109]: SSLv3 with cipher RC4-MD5 (128/128 bits)
    Dec 19 11:41:07 mail postfix/smtpd[22877]: warning: 109.sub-75-197-165.myvzw.com[75.197.165.109]: SASL NTLM authentication failed
    Dec 19 11:41:07 mail postfix/smtpd[22877]: disconnect from 109.sub-75-197-165.myvzw.com[75.197.165.109]

    A test of server capabilities shows NTLM is supported by Zimbra:

    SMTP server: X.X.X.X
    [S] 220 host.domain ESMTP Postfix
    [C] EHLO localhost
    [S] 250-host.domain
    [S] 250-PIPELINING
    [S] 250-SIZE 1048576000
    [S] 250-VRFY
    [S] 250-ETRN
    [S] 250-STARTTLS
    [S] 250-AUTH NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
    [S] 250-AUTH=NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
    [S] 250 8BITMIME
    [C] STARTTLS
    [S] 220 Ready to start TLS
    Cipher: DHE-RSA-AES256-SHA
    Certificate information:
    Subject: /C=US/ST=N/A/O=Zimbra Collaboration Suite/CN=host.domain
    Issuer: /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite
    [C] EHLO localhost
    [S] 250-host.domain
    [S] 250-PIPELINING
    [S] 250-SIZE 1048576000
    [S] 250-VRFY
    [S] 250-ETRN
    [S] 250-AUTH NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
    [S] 250-AUTH=NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
    [S] 250 8BITMIME
    [C] QUIT
    [S] 221 Bye

    I have no use nor need for NTLM, but my PDA prefers NTLM during negotiation and I cannot configure WinMobile6 not to use it if it thinks NTLM is available. I saw bug/rfe 8945, but I just want Zimbra not to list NTLM for authentication. I only see the "Enable authentication" and "TLS authentication only" check boxes on the MTA tab of the Zimbra admin page for global settings. Any configuration pointers would be great.

    Thanks!

    Blaine

  6. #6
    Join Date
    Feb 2008
    Location
    Easton PA
    Posts
    63
    Rep Power
    7

    Default

    This just echo's izmarine's point about not seeing any way to not list NTLM for authentication but from the CLI. The following command shows more options than "Enable authentication" and "TLS authentication only" but do not have anything related to NTLM:

    zmprov gs $server | grep -i auth

  7. #7
    Join Date
    May 2008
    Location
    Des Moines, IA
    Posts
    89
    Rep Power
    7

    Default Closing this one out...

    This thread kinda trailed off. I'm seeing some of these entries (every 10m) in my logs as well. Here are some relevant settings:
    GLOBAL/SERVER TAB:
    TLS authentication only: checked
    Enable clear text login: unchecked

    Code:
    # cat /var/log/maillog:
    Dec 21 22:33:34 zerver postfix/smtpd[7561]: connect from unknown[10.0.0.104]
    Dec 21 22:33:34 zerver postfix/smtpd[7561]: setting up TLS connection from unknown[10.0.0.104]
    Dec 21 22:33:34 zerver postfix/smtpd[7561]: TLS connection established from unknown[10.0.0.104]: TLSv1 with cipher AES128-SHA (128/128 bits)
    Dec 21 22:33:34 zerver postfix/smtpd[7561]: warning: SASL authentication failure: Password verification failed
    Dec 21 22:33:34 zerver postfix/smtpd[7561]: warning: unknown[10.0.0.104]: SASL PLAIN authentication failed: authentication failure
    Dec 21 22:33:34 zerver postfix/smtpd[7561]: disconnect from unknown[10.0.0.104]
    my ldd looks like this: (bold are system libs)
    Code:
    zimbra@zerver ~]$ ldd /opt/zimbra/postfix-2.4.7.5z/libexec/smtpd
    	libdb-4.2.so => /opt/zimbra/sleepycat-4.2.52.6/lib/libdb-4.2.so (0x00002b0c42275000)
    	libpcre.so.0 => /lib64/libpcre.so.0 (0x0000003d5f800000)
    	libldap-2.3.so.0 => /opt/zimbra/lib/libldap-2.3.so.0 (0x00002b0c42543000)
    	liblber-2.3.so.0 => /opt/zimbra/lib/liblber-2.3.so.0 (0x00002b0c4278d000)
    	libmysqlclient.so.15 => /opt/zimbra/lib/libmysqlclient.so.15 (0x00002b0c4299d000)
    	libz.so.1 => /usr/lib64/libz.so.1 (0x0000003d60c00000)
    	libm.so.6 => /lib64/libm.so.6 (0x0000003d60400000)
    	libsasl2.so.2 => /opt/zimbra/cyrus-sasl-2.1.23.3z/lib/libsasl2.so.2 (0x00002b0c42cf8000)
    	libpthread.so.0 => /lib64/libpthread.so.0 (0x00002b0c42f10000)
    	libssl.so.0.9.8 => /opt/zimbra/openssl-0.9.8k/lib/libssl.so.0.9.8 (0x00002b0c4312c000)
    	libcrypto.so.0.9.8 => /opt/zimbra/openssl-0.9.8k/lib/libcrypto.so.0.9.8 (0x00002b0c43378000)
    	libnsl.so.1 => /lib64/libnsl.so.1 (0x0000003d61c00000)
    	libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003d62000000)
    	libc.so.6 => /lib64/libc.so.6 (0x0000003d5f000000)
    	libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003d61000000)
    	libdl.so.2 => /lib64/libdl.so.2 (0x0000003d5f400000)
    	/lib64/ld-linux-x86-64.so.2 (0x0000003d5ec00000)
    ===

    Now, if the above settings (TLS authentication only: checked, Enable clear text login: unchecked) are resposible for this behaviour that is understandable. With the possible exception that if these are the settings then the log should not be filled up with these constant reminders.

    If not, what's the definitive answer on this scenario?

    Thanks in advance,
    todd_dsm

    Don't forget to Vote for this RFE:
    RFE: A place To Display the contents of 'My Documents'
    Reasoning: It's new, bold, and cool.
    Last edited by todd_dsm; 10-08-2010 at 09:34 AM.

Similar Threads

  1. INSTALLATION PROBLEM ON Centos 4.3 x_86-64Bit.
    By jawad@cogilent.com in forum Installation
    Replies: 11
    Last Post: 07-09-2007, 08:09 AM
  2. Problem with Ubuntu installation
    By Max Ma in forum Installation
    Replies: 3
    Last Post: 04-13-2007, 10:25 AM
  3. Installation problem
    By sywong70 in forum Installation
    Replies: 5
    Last Post: 11-07-2005, 08:01 PM
  4. Installation problem
    By charlie in forum Administrators
    Replies: 1
    Last Post: 10-14-2005, 08:55 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •