From Bugzilla Helper: User-Agent: Mozilla/4.77 [de] (X11; U; Linux 2.2.19-6.2.16 i686) Description of problem: The postfix RPM includes the sasl V2 patch but doesn't use it. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. rpm -i postfix 2. ldd /usr/libexec/postfix/* 3. Actual Results: ldd shows that only sasl v1 is used by any executable. sasl V2 isn't used at all. Expected Results: sasl and sasl2 should be used. Additional info:
You didn't supply the exect postfix version you're using, but the latest postfix-1.1.11-5 is linked against /usr/lib/libsasl.so.7 from the cyrus-sasl-2 package.
That's exactly the problem. /usr/lib/libsasl.so.7 is saslv1. The rawhide postfix-1.1.11-5 gives this: [root@tempmail tmp]# ldd /usr//libexec/postfix/* | grep sasl libsasl.so.7 => /usr/lib/libsasl.so.7 (0x400e6000) libsasl.so.7 => /usr/lib/libsasl.so.7 (0x400e6000) libsasl.so.7 => /usr/lib/libsasl.so.7 (0x400e6000)..... but it should give: [root@xxl root]# ldd /usr/libexec/postfix/* | grep sasl libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x400e8000) libsasl.so.7 => /usr/lib/libsasl.so.7 (0x403f5000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x400e8000) libsasl.so.7 => /usr/lib/libsasl.so.7 (0x403f5000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x400e8000)....... The problem in .spec is this: AUXLIBS="${AUXLIBS} -lsasl must be AUXLIBS="${AUXLIBS} -lsasl2
We also need Sasl2 support in Postfix. Please confirm/fix.
Postfix v1 doesn't support SASL2. The sanest solution would be to upgrade to Postfix v2, which does (and doesn't support SASL1).
Agreed on the upgrade to Postfix v2. If not, please fix the SASL2 support in Postfix v1.
If current Red Hat postfix builds (up to 1.1.11-10 in rawhide) don't support SASL 2, and indeed they don't, then how could one explain the following: 1. The changelog in the rpm spec file mentions: Included SASL2 support patch (#68800). I am not sure what the but that is referred to was about, because I don't have access to see it. 2. There is postfix-1.1.4-sasl2-patch that is applied. It seems to change things in 1.1.11 to support SASL 2, which was indeed not supported in this version. I am not sure how successfull the patch is, but the goal is obvious. I have a feeling, even though I may just be clueless, that the spec simply has no provisions in the building process for SASL 2 (the includes and library references). If so, it would be rather simple to rebuild to correct this, wouldn't it? If, however, building postfix like that just doesn't work, then there is no support for SASL 2 after all, right? If any of you guys have any clue regarding the above perhaps-foolish questions, please write & enlighten me. Thanks in advance.
Postfix v1 doesn't support SASL v2. Period. Bug 68800 was a patch written by Jason Hoos which I submitted that allows Postfix v1 to compile against and use the SASLv1 compatibility libraries provided by SASL v2 (obviously, they're not *really* compatibility libraries if you have to patch to use them, but the braindeadness of SASL is a whole different set of bugs ;-) If you want or need actually to use SASLv2 (and not just the SASLv1 pseudo-compatible libs supplied with SASLv2) you have to use Postfix 2.x. I can provide the Postfix 2.x RPM I made (same structure as the RH Postfix 1.x RPM), or there are Simon Mudd's excellent Postfix 2.x RPMs which you can get from <A HREF="http://postfix.wl0.org/en/available-packages/">http://postfix.wl0.org/en/available-packages/</A>. It doesn't look like Red Hat will ship Postfix 2.x any time soon, so if you need Postfix with SASLv2, your only option is not using Red Hat's Postfix package.
I have created my own postfix-1.1.12 rpm which does support SASL2 and many other features. Source is at http://home.teleport.ch/simix/RPMS/Postfix/ IIRC RedHat included the SASL2 patch but didn't get it right. Look at https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=71428#c2
Unless you're using a different patch which actually adds SASLv2 support, changing the AUXLIBS isn't enough. With the RH SASLv2 RPMs, you'll wind up with binaries linked against both SASLv1 and SASLv2 (like you show in c2), and that segfaults in some cases when doing SMTP AUTH against sasldb....
I have updated Red Hat's postfix rpm to the latest postfix release, which is 2.0.6. For the time being you can grab a copy of the rpm from my public ftp (ftp://people.redhat.com/jdennis) With respect to SASL v1 vs v2: The RPM is capable of building against SASL v2 and is the default as long as LDAP is not a build option. However note that LDAP is still using v1 and postfix will have to be linked against v1 (there cannot be a mix of v1 and v2 usage). Thus if postfix is built with LDAP, which is the default, then the SASL version is demoted to v1. If you really want SASL v2 you'll have to give up LDAP until the next release of LDAP which will support SASL v2. I would love to get feedback on the new RPM. If you do find bugs or have suggestions please open a new bug report and not append to this one. Thanks - John
John, you wrote that LDAP is still using SASL v1, and has to be linked against the respective libraries. However I managed to build the current release (2.0.7) on RHL8 with LDAP and SASL 2, using your spec as a base, simply removing the code that demotes SASL to 1. The binaries were built with CCARGS= -DHAS_LDAP -DHAS_PCRE -I/usr/include/pcre -DHAS_MYSQL - I/usr/include/mysql -DUSE_SASL_AUTH -DHAS_SSL -I/usr/include/openssl and AUXLIBS= -L/usr/lib -lldap -llber -lpcre -L/usr/lib/mysql -lmysqlclient -lm - lsasl2 -lssl -lcrypto and here's what smtpd is linked to: libldap.so.2 => /usr/lib/libldap.so.2 (0x4001d000) liblber.so.2 => /usr/lib/liblber.so.2 (0x40048000) libmysqlclient.so.10 => /usr/lib/mysql/libmysqlclient.so.10 (0x40053000) libm.so.6 => /lib/libm.so.6 (0x4008a000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x400ac000) libssl.so.2 => /lib/libssl.so.2 (0x400bf000) libcrypto.so.2 => /lib/libcrypto.so.2 (0x400ef000) libdb-4.0.so => /lib/libdb-4.0.so (0x401c4000) libnsl.so.1 => /lib/libnsl.so.1 (0x4026c000) libresolv.so.2 => /lib/libresolv.so.2 (0x40282000) libc.so.6 => /lib/libc.so.6 (0x40294000) libsasl.so.7 => /usr/lib/libsasl.so.7 (0x403d1000) libz.so.1 => /usr/lib/libz.so.1 (0x403dc000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x403eb000) libdl.so.2 => /lib/libdl.so.2 (0x40418000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x4041b000) libpam.so.0 => /lib/libpam.so.0 (0x40422000) I haven't really tested the produced package however, so I don't know if it works or not. Furthermore, looking in the spec file from the current packages by Simon J. Mudd, I see nothing against building with SASL 2 and LDAP at the same time. Could this have anything to do with something that changed between 2.0.6 and 2.0.7 or am I simply missing something? Regards, CJ Leblanc
Nevermind about the last comment, I oversaw the obvious [libsasl.so.7 => /usr/lib/libsasl.so.7 (0x403d1000)]. And yes, it certainly doesn't work like that...
If I try to install the rpm in comment #11, I get an error stating it fails dependancies. error: Failed dependencies: libcrypto.so.2 is needed by postfix-2.0.6-11 libssl.so.2 is needed by postfix-2.0.6-11 I have newer versions of these files installed (on redhat 8 and 9 systems), can you update the rpm?
Are you referring to the package mentioned by John Dennis or to the one currently in rawhide? In either case, you can get the source rpm and rebuild it.
I am referring to the one by john dennis
The next rpm (2.0.11) which should show up in rawhide in a few days is built with sasl v2.