Re: Postfix client SASL reports "No worthy mechs found" - proper saslfinger -c output

This is a discussion on Re: Postfix client SASL reports "No worthy mechs found" - proper saslfinger -c output within the mailing.postfix.users forums, part of the Mail Servers and Related category; * info@shortestpath.org <info@shortestpath.org>: > You wrote: > > > Too bad. Now I can't ...


Go Back   Usenet Forums > Mail Servers and Related > mailing.postfix.users

Reload this Page Re: Postfix client SASL reports "No worthy mechs found" - proper saslfinger -c output

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 06-04-2005
Patrick Ben Koetter
 
Posts: n/a
Default Re: Postfix client SASL reports "No worthy mechs found" - proper saslfinger -c output
* info@shortestpath.org <info@shortestpath.org>:
> You wrote:
>
> > Too bad. Now I can't tell if you are running
> > Postfix chrooted...
>
> Aaaarrrggghh, dammit ;) Ok, was trying to be clever and save people's
> bandwidth. Here is the complete output of saslfinger -c :

;)

> saslfinger - postfix Cyrus sasl configuration Sat Jun 4 12:16:17 BST 2005
> version: 0.9.9.1
> mode: client-side SMTP AUTH
>
> -- basics --
> Postfix: 2.2.3
> System: Slackware 10.0.0
>
> -- smtp is linked to --
> libsasl2.so.2 => /opt/cyrus-sasl-2.1.20/lib/libsasl2.so.2 (0x40034000)
>
> -- active SMTP AUTH and TLS parameters for smtp --
> relayhost = post.btinternet.com
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_sasl_security_options =

Your Postfix should accept any mechanism the relahost offers...

$ telnet post.btinternet.com 25
220 smtp801.mail.ukl.yahoo.com ESMTP
EHLO foo
250-smtp801.mail.ukl.yahoo.com
250-AUTH LOGIN PLAIN XYMCOOKIE
250-PIPELINING
250 8BITMIME
QUIT

That would be LOGIN, PLAIN or XYMCOOKIE.

> -- listing of /usr/lib/sasl2 --
> total 2410
> drwxr-xr-x 2 root root 1040 2004-11-23 00:01 .
> drwxr-xr-x 3 root root 208 2004-11-22 23:50 ..
> -rwxr-xr-x 1 root root 686 2004-11-22 23:50 libanonymous.la
> -rwxr-xr-x 1 root root 89697 2004-11-22 23:50 libanonymous.so
> -rwxr-xr-x 1 root root 89697 2004-11-22 23:50 libanonymous.so.2
> -rwxr-xr-x 1 root root 89697 2004-11-22 23:50 libanonymous.so.2.0.20
> -rwxr-xr-x 1 root root 674 2004-11-22 23:50 libcrammd5.la
> -rwxr-xr-x 1 root root 93081 2004-11-22 23:50 libcrammd5.so
> -rwxr-xr-x 1 root root 93081 2004-11-22 23:50 libcrammd5.so.2
> -rwxr-xr-x 1 root root 93081 2004-11-22 23:50 libcrammd5.so.2.0.20
> -rwxr-xr-x 1 root root 704 2004-11-22 23:50 libdigestmd5.la
> -rwxr-xr-x 1 root root 140749 2004-11-22 23:50 libdigestmd5.so
> -rwxr-xr-x 1 root root 140749 2004-11-22 23:50 libdigestmd5.so.2
> -rwxr-xr-x 1 root root 140749 2004-11-22 23:50 libdigestmd5.so.2.0.20
> -rwxr-xr-x 1 root root 670 2004-11-22 23:50 liblogin.la
> -rwxr-xr-x 1 root root 88801 2004-11-22 23:50 liblogin.so
> -rwxr-xr-x 1 root root 88801 2004-11-22 23:50 liblogin.so.2
> -rwxr-xr-x 1 root root 88801 2004-11-22 23:50 liblogin.so.2.0.20
> -rwxr-xr-x 1 root root 659 2004-11-22 23:50 libotp.la
> -rwxr-xr-x 1 root root 156561 2004-11-22 23:50 libotp.so
> -rwxr-xr-x 1 root root 156561 2004-11-22 23:50 libotp.so.2
> -rwxr-xr-x 1 root root 156561 2004-11-22 23:50 libotp.so.2.0.20
> -rwxr-xr-x 1 root root 670 2004-11-22 23:50 libplain.la
> -rwxr-xr-x 1 root root 89127 2004-11-22 23:50 libplain.so
> -rwxr-xr-x 1 root root 89127 2004-11-22 23:50 libplain.so.2
> -rwxr-xr-x 1 root root 89127 2004-11-22 23:50 libplain.so.2.0.20
> -rwxr-xr-x 1 root root 729 2004-11-22 23:50 libsasldb.la
> -rwxr-xr-x 1 root root 142049 2004-11-22 23:50 libsasldb.so
> -rwxr-xr-x 1 root root 142049 2004-11-22 23:50 libsasldb.so.2
> -rwxr-xr-x 1 root root 142049 2004-11-22 23:50 libsasldb.so.2.0.20
> -rw-r--r-- 1 root root 49 2004-11-23 00:05 smtpd.conf
>
> -- listing of /usr/local/lib/sasl2 --
> total 2410
> drwxr-xr-x 2 root root 1040 2004-11-23 00:01 .
> drwxr-xr-x 3 root root 208 2004-11-22 23:50 ..
> -rwxr-xr-x 1 root root 686 2004-11-22 23:50 libanonymous.la
> -rwxr-xr-x 1 root root 89697 2004-11-22 23:50 libanonymous.so
> -rwxr-xr-x 1 root root 89697 2004-11-22 23:50 libanonymous.so.2
> -rwxr-xr-x 1 root root 89697 2004-11-22 23:50 libanonymous.so.2.0.20
> -rwxr-xr-x 1 root root 674 2004-11-22 23:50 libcrammd5.la
> -rwxr-xr-x 1 root root 93081 2004-11-22 23:50 libcrammd5.so
> -rwxr-xr-x 1 root root 93081 2004-11-22 23:50 libcrammd5.so.2
> -rwxr-xr-x 1 root root 93081 2004-11-22 23:50 libcrammd5.so.2.0.20
> -rwxr-xr-x 1 root root 704 2004-11-22 23:50 libdigestmd5.la
> -rwxr-xr-x 1 root root 140749 2004-11-22 23:50 libdigestmd5.so
> -rwxr-xr-x 1 root root 140749 2004-11-22 23:50 libdigestmd5.so.2
> -rwxr-xr-x 1 root root 140749 2004-11-22 23:50 libdigestmd5.so.2.0.20
> -rwxr-xr-x 1 root root 670 2004-11-22 23:50 liblogin.la
> -rwxr-xr-x 1 root root 88801 2004-11-22 23:50 liblogin.so
> -rwxr-xr-x 1 root root 88801 2004-11-22 23:50 liblogin.so.2
> -rwxr-xr-x 1 root root 88801 2004-11-22 23:50 liblogin.so.2.0.20
> -rwxr-xr-x 1 root root 659 2004-11-22 23:50 libotp.la
> -rwxr-xr-x 1 root root 156561 2004-11-22 23:50 libotp.so
> -rwxr-xr-x 1 root root 156561 2004-11-22 23:50 libotp.so.2
> -rwxr-xr-x 1 root root 156561 2004-11-22 23:50 libotp.so.2.0.20
> -rwxr-xr-x 1 root root 670 2004-11-22 23:50 libplain.la
> -rwxr-xr-x 1 root root 89127 2004-11-22 23:50 libplain.so
> -rwxr-xr-x 1 root root 89127 2004-11-22 23:50 libplain.so.2
> -rwxr-xr-x 1 root root 89127 2004-11-22 23:50 libplain.so.2.0.20
> -rwxr-xr-x 1 root root 729 2004-11-22 23:50 libsasldb.la
> -rwxr-xr-x 1 root root 142049 2004-11-22 23:50 libsasldb.so
> -rwxr-xr-x 1 root root 142049 2004-11-22 23:50 libsasldb.so.2
> -rwxr-xr-x 1 root root 142049 2004-11-22 23:50 libsasldb.so.2.0.20
> -rw-r--r-- 1 root root 49 2004-11-23 00:05 smtpd.conf
>
>
> -- permissions for /etc/postfix/sasl_passwd --
> -rw------- 1 root root 189 2005-05-31 22:53 /etc/postfix/sasl_passwd
>
> -- permissions for /etc/postfix/sasl_passwd.db --
> -rw------- 1 root root 12288 2005-05-31 22:53 /etc/postfix/sasl_passwd.db
>
> /etc/postfix/sasl_passwd.db is up to date.

fine.

> -- active services in /etc/postfix/master.cf --
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> smtp inet n - n - - smtpd
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - n - - smtp

fine.

> relay unix - - n - - smtp
> showq unix n - n - - showq
> error unix - - n - - error
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> maildrop unix - n n - - pipe
> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> old-cyrus unix - n n - - pipe
> flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
> cyrus unix - n n - - pipe
> user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
> uucp unix - n n - - pipe
> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
> ifmail unix - n n - - pipe
> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp unix - n n - - pipe
> flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
> dbmail-lmtp unix - - n - - lmtp
> scache unix - - n - 1 scache
> discard unix - - n - - discard
> tlsmgr unix - - n 1000? 1 tlsmgr
>
> -- mechanisms on [post.btinternet.com] --
>
> That's the end of the output. The script paused for a couple of seconds
> after printing the last line but before returning control to the shell.

At this point it tries to telnet to the relayhost to get a list of mechanisms
offered. This is something I never got working well in BASH. Improvements are
welcome...

> I've noticed that the above is showing me that smtp is linked to a
> libsasl2.so elsewhere on my system (in my /opt/cyrus-sasl-2.1.20 directory).
> I've looked in /opt/cyrus-sasl-2.1.20/lib/sasl2 and libplain.so and
> liblogin.so exist there too. I know it's messy but seeing as the files are
> all there it shouldn't matter.... should it?...

Agreed. It is a mess.

Let's get this a little bit cleaner and do the symlink from /usr/lib/sasl2 to
/opt/cyrus-sasl-2.1.20 so SASL will use /opt/cyrus-sasl-2.1.20.

Then run the smtp-client verbose by adding -v to the end of the configuration
line in master.cf:

smtp unix - - n - - smtp -v

Reload Postfix and try AUTH. Take a look at the maillog and look for errors.
If nothing useable turns up, turn the verbosity up by adding another -v.

What basically happens is: Postfix connect to the relayhost, wants to use one
of the mechanisms offered, but cannot find any where it looks for
mechanism-libraries.

If we find out where it looks we can fix that.

p@rick

--
The Book of Postfix
<http://www.postfix-book.com>
SMTP AUTH debug utility:
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 08:36 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0