Bug 470334

Summary: Postfix does not recognize Dovecot SASL
Product: [Fedora] Fedora Reporter: John Griffiths <fedora.jrg01>
Component: postfixAssignee: Miroslav Lichvar <mlichvar>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: medium    
Version: 8CC: mlichvar, twoerner
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-11-21 09:52:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
main.cf used with postfix-2.5.5-1.fc8
none
master.cf used with postfix-2.5.5.-1.fc8
none
dovecot.conf file in use none

Description John Griffiths 2008-11-06 19:18:00 UTC 
Description of problem:
Postfix does not recognize Dovecot SASL and does not send any emails.

Version-Release number of selected component (if applicable):
2.5.5-1.fc8

How reproducible:
Always

Steps to Reproduce:
1. Upgrade from postfix-2.4.5-2.fc8 to postfix-2.5.5-1.fc8
2. try to send email
3.
  
Actual results:
email is held
error in /var/log/maillog (see additional info)


Expected results:
email should be sent

Additional info:
This is not due to selinux; no AVCs and postfix-2.4.5-2.fc8 works with the same policy.

Postfix, Dovecot SASL are configured in accordance with http://www.postfix.org/SASL_README.html

/var/log/maillog error:

Nov  6 10:19:55 gei postfix/smtpd[3983]: fatal: no SASL authentication mechanism
s
Nov  6 10:19:56 gei postfix/master[18492]: warning: process /usr/libexec/postfix
/smtpd pid 3983 exit status 1
Nov  6 10:19:56 gei amavis[769]: (00769-02) (!)FWD via SMTP: <root>
-> <root>, 451 4.5.0 From MTA([127.0.0.1]:10025) during fwd-connect
(Negative greeting:  at (eval 52) line 442, <GEN17> line 895.): id=00769-02
Nov  6 10:19:56 gei postfix/master[18492]: warning: /usr/libexec/postfix/smtpd:
bad command startup -- throttling
Nov  6 10:19:56 gei amavis[769]: (00769-02) Blocked MTA-BLOCKED, <root
om> -> <root>, Message-ID: <20081106092333.1ACB61E6D60.
grifent.com>, mail_id: K0eRQMGH0zRB, Hits: -9.983, size: 12316, 5459 ms
Nov  6 10:19:56 gei postfix/smtp[3979]: 1ACB61E6D60: to=<root>, orig
_to=<root>, relay=127.0.0.1[127.0.0.1]:10024, delay=21387, delays=21382/0.02/0.0
1/5.5, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Fro
m MTA([127.0.0.1]:10025) during fwd-connect (Negative greeting:  at (eval 52) li
ne 442, <GEN17> line 895.): id=00769-02 (in reply to end of DATA command))
Comment 1 Miroslav Lichvar 2008-11-13 15:48:04 UTC 
Seems to work fine here.

Are there more messages in the log before "fatal: no SASL authentication mechanism"? Is dovecot-auth daemon running?
Comment 2 John Griffiths 2008-11-13 22:13:47 UTC 
Not pertaining to the SASL.

dovecot-auth is running:

# ps -ef | grep dovecot-auth
root       321 31744  0 17:12 pts/1    00:00:00 grep dovecot-auth
root      2702  2698  0 Nov09 ?        00:00:09 dovecot-auth

I just did a fresh installation of postfix-2.5.5-1.fc8. Here is the log from the time it started through the sending of a test email.

Now I am going to downgrade to postfix-2.4.5-2.fc8 so that email works again.


Nov 13 17:06:32 gei postfix/master[32718]: daemon started -- version 2.5.5, configuration /etc/postfix
Nov 13 17:07:28 gei postfix/pickup[32720]: 58E2320697C: uid=0 from=<root>
Nov 13 17:07:28 gei postfix/cleanup[32733]: 58E2320697C: message-id=<20081113220728.58E2320697C.grifent.com>
Nov 13 17:07:28 gei postfix/qmgr[32721]: 58E2320697C: from=<root>, size=308, nrcpt=1 (queue active)
Nov 13 17:07:28 gei postfix/smtpd[32737]: fatal: no SASL authentication mechanisms
Nov 13 17:07:29 gei amavis[2894]: (02894-03) (!)FWD via SMTP: <root> -> <jrg3>, 451 4.5.0 From MTA([127.0.0.1]:10025) during fwd-connect (Negative greeting:  at (eval 52) line 442, <GEN15> line 1708.): id=02894-03
Nov 13 17:07:29 gei postfix/master[32718]: warning: process /usr/libexec/postfix/smtpd pid 32737 exit status 1
Nov 13 17:07:29 gei postfix/master[32718]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
Nov 13 17:07:29 gei amavis[2894]: (02894-03) Blocked MTA-BLOCKED, <root> -> <jrg3>, Message-ID: <20081113220728.58E2320697C.grifent.com>, mail_id: l8cL+q9aEpSt, Hits: -8.533, size: 308, 1456 ms
Nov 13 17:07:29 gei postfix/smtp[32735]: 58E2320697C: to=<jrg3>, orig_to=<jrg3>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.5, delays=0.05/0.02/0.01/1.5, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 From MTA([127.0.0.1]:10025) during fwd-connect (Negative greeting:  at (eval 52) line 442, <GEN15> line 1708.): id=02894-03 (in reply to end of DATA command))
Comment 3 Miroslav Lichvar 2008-11-13 23:28:20 UTC 
Can you please attach dovecot and postfix config files?
Comment 4 John Griffiths 2008-11-14 13:35:33 UTC 
Created attachment 323570 [details]
main.cf used with postfix-2.5.5-1.fc8
Comment 5 John Griffiths 2008-11-14 13:45:37 UTC 
Created attachment 323572 [details]
master.cf used with postfix-2.5.5.-1.fc8

The file for postfix-2.5.5.-1.fc8 differs slightly from the one used for postfix-2.4.5-2.fc8. Here is the diff output.

diff master.cf.postfix-2.4.5-2.fc8 master.cf.postfix-2.5.5-1.fc8
4a5,6
> # Do not forget to execute "postfix reload" after editing this file.
> #
11c13
< #  -o smtpd_enforce_tls=yes
---
> #  -o smtpd_tls_security_level=encrypt
13a16
> #  -o milter_macro_daemon_name=ORIGINATING
17a21
> #  -o milter_macro_daemon_name=ORIGINATING
30a35
> proxywrite unix -       -       n       -       1       proxymap
34c39
< 	-o fallback_relay=
---
> 	-o smtp_fallback_relay=


Apparently some parameters changed name and there are some comment differences.
Comment 6 John Griffiths 2008-11-14 13:46:48 UTC 
Created attachment 323573 [details]
dovecot.conf file in use

The same dovecot.conf file was used for both versions of postfix.
Comment 7 Miroslav Lichvar 2008-11-20 11:44:22 UTC 
Looks like dovecot has only plain and login mechanisms enabled, but postfix has noplaintext in smtpd_sasl_security_options.

So I'd say it's a bug in the older postfix that is uses a plaintext auth even when configured to not to. Can you please verify there are messages in maillog with sasl_method=PLAIN ?
Comment 8 John Griffiths 2008-11-20 22:03:48 UTC 
Yes there are.
Comment 9 Miroslav Lichvar 2008-11-21 09:52:04 UTC 
Ok, you will need to configure dovecot to use another mechanism or drop the noplaintext option in postfix.

Closing as NOTABUG.
Comment 10 Miroslav Lichvar 2008-11-21 09:52:57 UTC 
*** Bug 470339 has been marked as a duplicate of this bug. ***
Comment 11 John Griffiths 2008-11-21 18:00:53 UTC 
My DUH. I had used the mail.cf like that for so long, I didn't even see that. I made the mistake of thinking the bug was in the new Postfix and not the old.

Sorry. And Thanks.