Bug 71428 - postfix doesn't use sasl2
postfix doesn't use sasl2
Product: Red Hat Linux
Classification: Retired
Component: postfix (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: John Dennis
Depends On:
Blocks: 67218 79579
  Show dependency treegraph
Reported: 2002-08-13 10:31 EDT by Simon Matter
Modified: 2007-04-18 12:45 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-06-13 17:10:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Simon Matter 2002-08-13 10:31:53 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [de] (X11; U; Linux 2.2.19-6.2.16 i686)

Description of problem:
The postfix RPM includes the sasl V2 patch but doesn't use it.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. rpm -i postfix
2. ldd /usr/libexec/postfix/*

Actual Results:  ldd shows that only sasl v1 is used by any executable. sasl V2
isn't used at all.

Expected Results:  sasl and sasl2 should be used.

Additional info:
Comment 1 Karsten Hopp 2002-08-15 21:04:21 EDT
You didn't supply the exect postfix version you're using, but the latest postfix-1.1.11-5 
is linked against /usr/lib/libsasl.so.7 from the cyrus-sasl-2 package. 
Comment 2 Simon Matter 2002-08-16 01:56:42 EDT
That's exactly the problem. /usr/lib/libsasl.so.7 is saslv1.
The rawhide postfix-1.1.11-5 gives this:

[root@tempmail tmp]# ldd /usr//libexec/postfix/* | grep sasl
        libsasl.so.7 => /usr/lib/libsasl.so.7 (0x400e6000)
        libsasl.so.7 => /usr/lib/libsasl.so.7 (0x400e6000)
        libsasl.so.7 => /usr/lib/libsasl.so.7 (0x400e6000).....

but it should give:
[root@xxl root]# ldd /usr/libexec/postfix/* | grep sasl
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x400e8000)
        libsasl.so.7 => /usr/lib/libsasl.so.7 (0x403f5000)
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x400e8000)
        libsasl.so.7 => /usr/lib/libsasl.so.7 (0x403f5000)
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x400e8000).......

The problem in .spec is this:
must be
Comment 3 Dax Kelson 2002-08-23 01:50:28 EDT
We also need Sasl2 support in Postfix. Please confirm/fix.
Comment 4 Chris Ricker 2003-01-09 19:21:17 EST
Postfix v1 doesn't support SASL2. The sanest solution would be to upgrade to
Postfix v2, which does (and doesn't support SASL1).
Comment 5 Dax Kelson 2003-01-09 19:34:58 EST
Agreed on the upgrade to Postfix v2. If not, please fix the SASL2 support in 
Postfix v1.
Comment 6 Zenon Mousmoulas 2003-03-11 18:25:14 EST
If current Red Hat postfix builds (up to 1.1.11-10 in rawhide) don't support 
SASL 2, and indeed they don't, then how could one explain the following:

1. The changelog in the rpm spec file mentions: Included SASL2 support patch 
I am not sure what the but that is referred to was about, because I don't have 
access to see it.

2. There is postfix-1.1.4-sasl2-patch that is applied. It seems to change 
things in 1.1.11 to support SASL 2, which was indeed not supported in this 
version. I am not sure how successfull the patch is, but the goal is obvious.

I have a feeling, even though I may just be clueless, that the spec simply has 
no provisions in the building process for SASL 2 (the includes and library 
references). If so, it would be rather simple to rebuild to correct this, 
wouldn't it? If, however, building postfix like that just doesn't work, then 
there is no support for SASL 2 after all, right?

If any of you guys have any clue regarding the above perhaps-foolish 
questions, please write & enlighten me. Thanks in advance.
Comment 7 Chris Ricker 2003-03-11 21:37:28 EST
Postfix v1 doesn't support SASL v2. Period.

Bug 68800 was a patch written by Jason Hoos which I submitted that allows Postfix v1
to compile against and use the SASLv1 compatibility libraries provided by SASL v2
(obviously, they're not *really* compatibility libraries if you have to patch to
use them,
but the braindeadness of SASL is a whole different set of bugs ;-)

If you want or need actually to use SASLv2 (and not just the SASLv1
pseudo-compatible libs
supplied with SASLv2) you have to use Postfix 2.x. I can provide the Postfix 2.x RPM
I made (same structure as the RH Postfix 1.x RPM), or there are Simon Mudd's
excellent Postfix 2.x RPMs which you can get from <A

It doesn't look like Red Hat will ship Postfix 2.x any time soon, so if you need
Postfix with
SASLv2, your only option is not using Red Hat's Postfix package.
Comment 8 Simon Matter 2003-03-12 02:15:20 EST
I have created my own postfix-1.1.12 rpm which does support SASL2 and many other
features. Source is at http://home.teleport.ch/simix/RPMS/Postfix/
IIRC RedHat included the SASL2 patch but didn't get it right. Look at
Comment 9 Chris Ricker 2003-03-12 03:28:06 EST
Unless you're using a different patch which actually adds SASLv2 support,
changing the AUXLIBS isn't enough. With the RH SASLv2 RPMs, you'll wind up with
binaries linked against both SASLv1 and SASLv2 (like you show in c2), and that
segfaults in some cases when doing SMTP AUTH against sasldb....
Comment 10 John Dennis 2003-03-12 18:09:30 EST
I have updated Red Hat's postfix rpm to the latest postfix release, which is
2.0.6. For the time being you can grab a copy of the rpm from my public ftp

With respect to SASL v1 vs v2: The RPM is capable of building against SASL v2
and is the default as long as LDAP is not a build option. However note that LDAP
is still using v1 and postfix will have to be linked against v1 (there cannot be
a mix of v1 and v2 usage). Thus if postfix is built with LDAP, which is the
default, then the SASL version is demoted to v1. If you really want SASL v2
you'll have to give up LDAP until the next release of LDAP which will support
SASL v2.

I would love to get feedback on the new RPM. If you do find bugs or have
suggestions please open a new bug report and not append to this one.

Thanks - John
Comment 11 Zenon Mousmoulas 2003-03-29 12:42:57 EST

you wrote that LDAP is still using SASL v1, and has to be linked against the 
respective libraries. However I managed to build the current release (2.0.7) 
on RHL8 with LDAP and SASL 2, using your spec as a base, simply removing the 
code that demotes SASL to 1. The binaries were built with
I/usr/include/mysql -DUSE_SASL_AUTH -DHAS_SSL -I/usr/include/openssl
AUXLIBS= -L/usr/lib -lldap -llber -lpcre -L/usr/lib/mysql -lmysqlclient -lm -
lsasl2 -lssl -lcrypto

and here's what smtpd is linked to:

        libldap.so.2 => /usr/lib/libldap.so.2 (0x4001d000)
        liblber.so.2 => /usr/lib/liblber.so.2 (0x40048000)
        libmysqlclient.so.10 => /usr/lib/mysql/libmysqlclient.so.10 
        libm.so.6 => /lib/libm.so.6 (0x4008a000)
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x400ac000)
        libssl.so.2 => /lib/libssl.so.2 (0x400bf000)
        libcrypto.so.2 => /lib/libcrypto.so.2 (0x400ef000)
        libdb-4.0.so => /lib/libdb-4.0.so (0x401c4000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x4026c000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x40282000)
        libc.so.6 => /lib/libc.so.6 (0x40294000)
        libsasl.so.7 => /usr/lib/libsasl.so.7 (0x403d1000)
        libz.so.1 => /usr/lib/libz.so.1 (0x403dc000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x403eb000)
        libdl.so.2 => /lib/libdl.so.2 (0x40418000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
        libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x4041b000)
        libpam.so.0 => /lib/libpam.so.0 (0x40422000)

I haven't really tested the produced package however, so I don't know if it 
works or not.

Furthermore, looking in the spec file from the current packages by Simon J. 
Mudd, I see nothing against building with SASL 2 and LDAP at the same time.

Could this have anything to do with something that changed between 2.0.6 and 
2.0.7 or am I simply missing something?

CJ Leblanc
Comment 12 Zenon Mousmoulas 2003-03-29 12:51:17 EST
Nevermind about the last comment, I oversaw the obvious [libsasl.so.7 
=> /usr/lib/libsasl.so.7 (0x403d1000)].

And yes, it certainly doesn't work like that...
Comment 13 Daniel Davidson 2003-04-15 14:33:24 EDT
If I try to install the rpm in comment #11, I get an error stating it fails

error: Failed dependencies:
        libcrypto.so.2 is needed by postfix-2.0.6-11
        libssl.so.2 is needed by postfix-2.0.6-11

I have newer versions of these files installed (on redhat 8 and 9 systems), can
you update the rpm?
Comment 14 Zenon Mousmoulas 2003-04-15 20:31:20 EDT
Are you referring to the package mentioned by John Dennis or to the one 
currently in rawhide?

In either case, you can get the source rpm and rebuild it.
Comment 15 Daniel Davidson 2003-04-16 09:47:14 EDT
I am referring to the one by john dennis 
Comment 16 John Dennis 2003-06-13 17:10:39 EDT
The next rpm (2.0.11) which should show up in rawhide in a few days is built
with sasl v2.

Note You need to log in before you can comment on or make changes to this bug.