Bug 88131 - build with SASL 2 uses wrong headers, renders SMTP AUTH unusable
Summary: build with SASL 2 uses wrong headers, renders SMTP AUTH unusable
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: postfix
Version: 1.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: John Dennis
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-04-06 14:20 UTC by Zenon Mousmoulas
Modified: 2007-04-18 16:52 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2003-06-12 17:39:51 UTC
Embargoed:

Attachments (Terms of Use)
differences between postfix-2.0.6-2 spec and my 2.0.7-4 spec (4.53 KB, patch)
2003-04-06 14:55 UTC, Zenon Mousmoulas 		no flags Details | Diff
Adds the log_recipient option for directives in main.cf (1.85 KB, patch)
2003-04-07 20:31 UTC, Zenon Mousmoulas 		no flags Details | Diff
Simon J. Mudd's classic patch, allows the smtpd greeting banner to span over multiple lines (4.28 KB, patch)
2003-04-07 20:32 UTC, Zenon Mousmoulas 		no flags Details | Diff
Adds support for writing full select statements in mysql maps (11.01 KB, patch)
2003-04-07 20:34 UTC, Zenon Mousmoulas 		no flags Details | Diff
Generic smtpd.conf for use with SASL 2 only (24 bytes, text/plain)
2003-04-07 20:36 UTC, Zenon Mousmoulas 		no flags Details
View All

Description Zenon Mousmoulas 2003-04-06 14:20:10 UTC 
Description of problem:
The spec file correctly handles separately building postfix with SASL 1 or 
SASL 2.

However, when building with SASL 2, it doesn't take into account that cyrus-
sasl packages in RHL provide both SASL version 1 and version 2 libraries and 
headers.

SASL 1 headers are installed in /usr/include.
SASL 2 headers are in /usr/include/sasl.

Therefore, when building with SASL 2, the spec must take care to add '-
I/usr/include/sasl' to the CCARGS environment variable prior to compiling 
postfix.

Otherwise postfix will start failing as soon as SASL is called by any 
component of the system, with the error message:

fatal: SASL per-connection security setup

To trigger this, add for example 'smtpd_sasl_auth_enable = yes' 
to /etc/postfix/main.cf and issue `service postfix reload'. Every new 
connection to the smtp service will fail and produce this error msg.

I'm attaching a diff between the spec in the rawhide package and my own. It 
has further customizations/improvements, including a fix for this problem.


Version-Release number of selected component (if applicable):
2.0.6-2

How reproducible:
Always
Comment 1 Zenon Mousmoulas 2003-04-06 14:55:32 UTC 
Created attachment 90935 [details]
differences between postfix-2.0.6-2 spec and my 2.0.7-4 spec
Comment 2 John Dennis 2003-04-07 14:44:42 UTC 
Thank you for your fixes. Your modified spec file references new files and/or
patches, could you please attach those as well? In particular the sasl2 config
file, the other new files would be helpful as well. Thank you.
Comment 3 Zenon Mousmoulas 2003-04-07 20:21:18 UTC 
Oh yes I'm sorry, I didn't think about that.

Please note, all of these patches are taken from Simon J. Mudd's current 
postfix srpm package.
The only other file is my own postfix-smtpd-sasl2.conf, which is just like 
postfix-smtpd.conf, but adjusted to defaults suitable for use with SASL 2. A 
simple hack :)
Comment 4 Zenon Mousmoulas 2003-04-07 20:31:08 UTC 
Created attachment 90972 [details]
Adds the log_recipient option for directives in main.cf
Comment 5 Zenon Mousmoulas 2003-04-07 20:32:48 UTC 
Created attachment 90973 [details]
Simon J. Mudd's classic patch, allows the smtpd greeting banner to span over multiple lines
Comment 6 Zenon Mousmoulas 2003-04-07 20:34:58 UTC 
Created attachment 90974 [details]
Adds support for writing full select statements in mysql maps
Comment 7 Zenon Mousmoulas 2003-04-07 20:36:21 UTC 
Created attachment 90975 [details]
Generic smtpd.conf for use with SASL 2 only
Comment 8 John Dennis 2003-06-12 17:39:51 UTC 
I've fixed the sasl include directory (in postfix-2.0.11).
Note You need to log in before you can comment on or make changes to this bug.