Bug 470334 - Postfix does not recognize Dovecot SASL
Postfix does not recognize Dovecot SASL
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: postfix (Show other bugs)
8
i686 Linux
medium Severity high
: ---
: ---
Assigned To: Miroslav Lichvar
Fedora Extras Quality Assurance
:
: 470339 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-06 14:18 EST by John Griffiths
Modified: 2008-11-21 13:00 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-21 04:52:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
main.cf used with postfix-2.5.5-1.fc8 (28.50 KB, application/octet-stream)
2008-11-14 08:35 EST, John Griffiths
no flags Details
master.cf used with postfix-2.5.5.-1.fc8 (5.94 KB, application/octet-stream)
2008-11-14 08:45 EST, John Griffiths
no flags Details
dovecot.conf file in use (42.11 KB, application/octet-stream)
2008-11-14 08:46 EST, John Griffiths
no flags Details

  None (edit)
Description John Griffiths 2008-11-06 14:18:00 EST
Description of problem:
Postfix does not recognize Dovecot SASL and does not send any emails.

Version-Release number of selected component (if applicable):
2.5.5-1.fc8

How reproducible:
Always

Steps to Reproduce:
1. Upgrade from postfix-2.4.5-2.fc8 to postfix-2.5.5-1.fc8
2. try to send email
3.
  
Actual results:
email is held
error in /var/log/maillog (see additional info)


Expected results:
email should be sent

Additional info:
This is not due to selinux; no AVCs and postfix-2.4.5-2.fc8 works with the same policy.

Postfix, Dovecot SASL are configured in accordance with http://www.postfix.org/SASL_README.html

/var/log/maillog error:

Nov  6 10:19:55 gei postfix/smtpd[3983]: fatal: no SASL authentication mechanism
s
Nov  6 10:19:56 gei postfix/master[18492]: warning: process /usr/libexec/postfix
/smtpd pid 3983 exit status 1
Nov  6 10:19:56 gei amavis[769]: (00769-02) (!)FWD via SMTP: <root@grifent.com>
-> <root@grifent.com>, 451 4.5.0 From MTA([127.0.0.1]:10025) during fwd-connect
(Negative greeting:  at (eval 52) line 442, <GEN17> line 895.): id=00769-02
Nov  6 10:19:56 gei postfix/master[18492]: warning: /usr/libexec/postfix/smtpd:
bad command startup -- throttling
Nov  6 10:19:56 gei amavis[769]: (00769-02) Blocked MTA-BLOCKED, <root@grifent.c
om> -> <root@grifent.com>, Message-ID: <20081106092333.1ACB61E6D60@gei.internal.
grifent.com>, mail_id: K0eRQMGH0zRB, Hits: -9.983, size: 12316, 5459 ms
Nov  6 10:19:56 gei postfix/smtp[3979]: 1ACB61E6D60: to=<root@grifent.com>, orig
_to=<root>, relay=127.0.0.1[127.0.0.1]:10024, delay=21387, delays=21382/0.02/0.0
1/5.5, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Fro
m MTA([127.0.0.1]:10025) during fwd-connect (Negative greeting:  at (eval 52) li
ne 442, <GEN17> line 895.): id=00769-02 (in reply to end of DATA command))
Comment 1 Miroslav Lichvar 2008-11-13 10:48:04 EST
Seems to work fine here.

Are there more messages in the log before "fatal: no SASL authentication mechanism"? Is dovecot-auth daemon running?
Comment 2 John Griffiths 2008-11-13 17:13:47 EST
Not pertaining to the SASL.

dovecot-auth is running:

# ps -ef | grep dovecot-auth
root       321 31744  0 17:12 pts/1    00:00:00 grep dovecot-auth
root      2702  2698  0 Nov09 ?        00:00:09 dovecot-auth

I just did a fresh installation of postfix-2.5.5-1.fc8. Here is the log from the time it started through the sending of a test email.

Now I am going to downgrade to postfix-2.4.5-2.fc8 so that email works again.


Nov 13 17:06:32 gei postfix/master[32718]: daemon started -- version 2.5.5, configuration /etc/postfix
Nov 13 17:07:28 gei postfix/pickup[32720]: 58E2320697C: uid=0 from=<root>
Nov 13 17:07:28 gei postfix/cleanup[32733]: 58E2320697C: message-id=<20081113220728.58E2320697C@gei.internal.grifent.com>
Nov 13 17:07:28 gei postfix/qmgr[32721]: 58E2320697C: from=<root@grifent.com>, size=308, nrcpt=1 (queue active)
Nov 13 17:07:28 gei postfix/smtpd[32737]: fatal: no SASL authentication mechanisms
Nov 13 17:07:29 gei amavis[2894]: (02894-03) (!)FWD via SMTP: <root@grifent.com> -> <jrg3@grifent.com>, 451 4.5.0 From MTA([127.0.0.1]:10025) during fwd-connect (Negative greeting:  at (eval 52) line 442, <GEN15> line 1708.): id=02894-03
Nov 13 17:07:29 gei postfix/master[32718]: warning: process /usr/libexec/postfix/smtpd pid 32737 exit status 1
Nov 13 17:07:29 gei postfix/master[32718]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
Nov 13 17:07:29 gei amavis[2894]: (02894-03) Blocked MTA-BLOCKED, <root@grifent.com> -> <jrg3@grifent.com>, Message-ID: <20081113220728.58E2320697C@gei.internal.grifent.com>, mail_id: l8cL+q9aEpSt, Hits: -8.533, size: 308, 1456 ms
Nov 13 17:07:29 gei postfix/smtp[32735]: 58E2320697C: to=<jrg3@grifent.com>, orig_to=<jrg3>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.5, delays=0.05/0.02/0.01/1.5, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 From MTA([127.0.0.1]:10025) during fwd-connect (Negative greeting:  at (eval 52) line 442, <GEN15> line 1708.): id=02894-03 (in reply to end of DATA command))
Comment 3 Miroslav Lichvar 2008-11-13 18:28:20 EST
Can you please attach dovecot and postfix config files?
Comment 4 John Griffiths 2008-11-14 08:35:33 EST
Created attachment 323570 [details]
main.cf used with postfix-2.5.5-1.fc8
Comment 5 John Griffiths 2008-11-14 08:45:37 EST
Created attachment 323572 [details]
master.cf used with postfix-2.5.5.-1.fc8

The file for postfix-2.5.5.-1.fc8 differs slightly from the one used for postfix-2.4.5-2.fc8. Here is the diff output.

diff master.cf.postfix-2.4.5-2.fc8 master.cf.postfix-2.5.5-1.fc8
4a5,6
> # Do not forget to execute "postfix reload" after editing this file.
> #
11c13
< #  -o smtpd_enforce_tls=yes
---
> #  -o smtpd_tls_security_level=encrypt
13a16
> #  -o milter_macro_daemon_name=ORIGINATING
17a21
> #  -o milter_macro_daemon_name=ORIGINATING
30a35
> proxywrite unix -       -       n       -       1       proxymap
34c39
< 	-o fallback_relay=
---
> 	-o smtp_fallback_relay=


Apparently some parameters changed name and there are some comment differences.
Comment 6 John Griffiths 2008-11-14 08:46:48 EST
Created attachment 323573 [details]
dovecot.conf file in use

The same dovecot.conf file was used for both versions of postfix.
Comment 7 Miroslav Lichvar 2008-11-20 06:44:22 EST
Looks like dovecot has only plain and login mechanisms enabled, but postfix has noplaintext in smtpd_sasl_security_options.

So I'd say it's a bug in the older postfix that is uses a plaintext auth even when configured to not to. Can you please verify there are messages in maillog with sasl_method=PLAIN ?
Comment 8 John Griffiths 2008-11-20 17:03:48 EST
Yes there are.
Comment 9 Miroslav Lichvar 2008-11-21 04:52:04 EST
Ok, you will need to configure dovecot to use another mechanism or drop the noplaintext option in postfix.

Closing as NOTABUG.
Comment 10 Miroslav Lichvar 2008-11-21 04:52:57 EST
*** Bug 470339 has been marked as a duplicate of this bug. ***
Comment 11 John Griffiths 2008-11-21 13:00:53 EST
My DUH. I had used the mail.cf like that for so long, I didn't even see that. I made the mistake of thinking the bug was in the new Postfix and not the old.

Sorry. And Thanks.

Note You need to log in before you can comment on or make changes to this bug.