Bug 71428 - postfix doesn't use sasl2
Summary: postfix doesn't use sasl2
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: postfix   
(Show other bugs)
Version: 8.0
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: John Dennis
QA Contact:
Depends On:
Blocks: 67218 79579
TreeView+ depends on / blocked
Reported: 2002-08-13 14:31 UTC by Simon Matter
Modified: 2007-04-18 16:45 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-06-13 21:10:39 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Simon Matter 2002-08-13 14:31:53 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [de] (X11; U; Linux 2.2.19-6.2.16 i686)

Description of problem:
The postfix RPM includes the sasl V2 patch but doesn't use it.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. rpm -i postfix
2. ldd /usr/libexec/postfix/*

Actual Results:  ldd shows that only sasl v1 is used by any executable. sasl V2
isn't used at all.

Expected Results:  sasl and sasl2 should be used.

Additional info:

Comment 1 Karsten Hopp 2002-08-16 01:04:21 UTC
You didn't supply the exect postfix version you're using, but the latest postfix-1.1.11-5 
is linked against /usr/lib/libsasl.so.7 from the cyrus-sasl-2 package. 

Comment 2 Simon Matter 2002-08-16 05:56:42 UTC
That's exactly the problem. /usr/lib/libsasl.so.7 is saslv1.
The rawhide postfix-1.1.11-5 gives this:

[root@tempmail tmp]# ldd /usr//libexec/postfix/* | grep sasl
        libsasl.so.7 => /usr/lib/libsasl.so.7 (0x400e6000)
        libsasl.so.7 => /usr/lib/libsasl.so.7 (0x400e6000)
        libsasl.so.7 => /usr/lib/libsasl.so.7 (0x400e6000).....

but it should give:
[root@xxl root]# ldd /usr/libexec/postfix/* | grep sasl
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x400e8000)
        libsasl.so.7 => /usr/lib/libsasl.so.7 (0x403f5000)
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x400e8000)
        libsasl.so.7 => /usr/lib/libsasl.so.7 (0x403f5000)
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x400e8000).......

The problem in .spec is this:
must be

Comment 3 Dax Kelson 2002-08-23 05:50:28 UTC
We also need Sasl2 support in Postfix. Please confirm/fix.

Comment 4 Chris Ricker 2003-01-10 00:21:17 UTC
Postfix v1 doesn't support SASL2. The sanest solution would be to upgrade to
Postfix v2, which does (and doesn't support SASL1).

Comment 5 Dax Kelson 2003-01-10 00:34:58 UTC
Agreed on the upgrade to Postfix v2. If not, please fix the SASL2 support in 
Postfix v1.

Comment 6 Zenon Mousmoulas 2003-03-11 23:25:14 UTC
If current Red Hat postfix builds (up to 1.1.11-10 in rawhide) don't support 
SASL 2, and indeed they don't, then how could one explain the following:

1. The changelog in the rpm spec file mentions: Included SASL2 support patch 
I am not sure what the but that is referred to was about, because I don't have 
access to see it.

2. There is postfix-1.1.4-sasl2-patch that is applied. It seems to change 
things in 1.1.11 to support SASL 2, which was indeed not supported in this 
version. I am not sure how successfull the patch is, but the goal is obvious.

I have a feeling, even though I may just be clueless, that the spec simply has 
no provisions in the building process for SASL 2 (the includes and library 
references). If so, it would be rather simple to rebuild to correct this, 
wouldn't it? If, however, building postfix like that just doesn't work, then 
there is no support for SASL 2 after all, right?

If any of you guys have any clue regarding the above perhaps-foolish 
questions, please write & enlighten me. Thanks in advance.

Comment 7 Chris Ricker 2003-03-12 02:37:28 UTC
Postfix v1 doesn't support SASL v2. Period.

Bug 68800 was a patch written by Jason Hoos which I submitted that allows Postfix v1
to compile against and use the SASLv1 compatibility libraries provided by SASL v2
(obviously, they're not *really* compatibility libraries if you have to patch to
use them,
but the braindeadness of SASL is a whole different set of bugs ;-)

If you want or need actually to use SASLv2 (and not just the SASLv1
pseudo-compatible libs
supplied with SASLv2) you have to use Postfix 2.x. I can provide the Postfix 2.x RPM
I made (same structure as the RH Postfix 1.x RPM), or there are Simon Mudd's
excellent Postfix 2.x RPMs which you can get from <A

It doesn't look like Red Hat will ship Postfix 2.x any time soon, so if you need
Postfix with
SASLv2, your only option is not using Red Hat's Postfix package.

Comment 8 Simon Matter 2003-03-12 07:15:20 UTC
I have created my own postfix-1.1.12 rpm which does support SASL2 and many other
features. Source is at http://home.teleport.ch/simix/RPMS/Postfix/
IIRC RedHat included the SASL2 patch but didn't get it right. Look at

Comment 9 Chris Ricker 2003-03-12 08:28:06 UTC
Unless you're using a different patch which actually adds SASLv2 support,
changing the AUXLIBS isn't enough. With the RH SASLv2 RPMs, you'll wind up with
binaries linked against both SASLv1 and SASLv2 (like you show in c2), and that
segfaults in some cases when doing SMTP AUTH against sasldb....

Comment 10 John Dennis 2003-03-12 23:09:30 UTC
I have updated Red Hat's postfix rpm to the latest postfix release, which is
2.0.6. For the time being you can grab a copy of the rpm from my public ftp

With respect to SASL v1 vs v2: The RPM is capable of building against SASL v2
and is the default as long as LDAP is not a build option. However note that LDAP
is still using v1 and postfix will have to be linked against v1 (there cannot be
a mix of v1 and v2 usage). Thus if postfix is built with LDAP, which is the
default, then the SASL version is demoted to v1. If you really want SASL v2
you'll have to give up LDAP until the next release of LDAP which will support
SASL v2.

I would love to get feedback on the new RPM. If you do find bugs or have
suggestions please open a new bug report and not append to this one.

Thanks - John

Comment 11 Zenon Mousmoulas 2003-03-29 17:42:57 UTC

you wrote that LDAP is still using SASL v1, and has to be linked against the 
respective libraries. However I managed to build the current release (2.0.7) 
on RHL8 with LDAP and SASL 2, using your spec as a base, simply removing the 
code that demotes SASL to 1. The binaries were built with
I/usr/include/mysql -DUSE_SASL_AUTH -DHAS_SSL -I/usr/include/openssl
AUXLIBS= -L/usr/lib -lldap -llber -lpcre -L/usr/lib/mysql -lmysqlclient -lm -
lsasl2 -lssl -lcrypto

and here's what smtpd is linked to:

        libldap.so.2 => /usr/lib/libldap.so.2 (0x4001d000)
        liblber.so.2 => /usr/lib/liblber.so.2 (0x40048000)
        libmysqlclient.so.10 => /usr/lib/mysql/libmysqlclient.so.10 
        libm.so.6 => /lib/libm.so.6 (0x4008a000)
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x400ac000)
        libssl.so.2 => /lib/libssl.so.2 (0x400bf000)
        libcrypto.so.2 => /lib/libcrypto.so.2 (0x400ef000)
        libdb-4.0.so => /lib/libdb-4.0.so (0x401c4000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x4026c000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x40282000)
        libc.so.6 => /lib/libc.so.6 (0x40294000)
        libsasl.so.7 => /usr/lib/libsasl.so.7 (0x403d1000)
        libz.so.1 => /usr/lib/libz.so.1 (0x403dc000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x403eb000)
        libdl.so.2 => /lib/libdl.so.2 (0x40418000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
        libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x4041b000)
        libpam.so.0 => /lib/libpam.so.0 (0x40422000)

I haven't really tested the produced package however, so I don't know if it 
works or not.

Furthermore, looking in the spec file from the current packages by Simon J. 
Mudd, I see nothing against building with SASL 2 and LDAP at the same time.

Could this have anything to do with something that changed between 2.0.6 and 
2.0.7 or am I simply missing something?

CJ Leblanc

Comment 12 Zenon Mousmoulas 2003-03-29 17:51:17 UTC
Nevermind about the last comment, I oversaw the obvious [libsasl.so.7 
=> /usr/lib/libsasl.so.7 (0x403d1000)].

And yes, it certainly doesn't work like that...

Comment 13 Daniel Davidson 2003-04-15 18:33:24 UTC
If I try to install the rpm in comment #11, I get an error stating it fails

error: Failed dependencies:
        libcrypto.so.2 is needed by postfix-2.0.6-11
        libssl.so.2 is needed by postfix-2.0.6-11

I have newer versions of these files installed (on redhat 8 and 9 systems), can
you update the rpm?

Comment 14 Zenon Mousmoulas 2003-04-16 00:31:20 UTC
Are you referring to the package mentioned by John Dennis or to the one 
currently in rawhide?

In either case, you can get the source rpm and rebuild it.

Comment 15 Daniel Davidson 2003-04-16 13:47:14 UTC
I am referring to the one by john dennis 

Comment 16 John Dennis 2003-06-13 21:10:39 UTC
The next rpm (2.0.11) which should show up in rawhide in a few days is built
with sasl v2.

Note You need to log in before you can comment on or make changes to this bug.