SASL support is not compiled in

[Dan]

After I upgraded my version of Postfix, SASL authentication stopped
working, and I can't get to the bottom of it. I'm using a binary RPM
from http://postfix.wl0.org (postfix-2.3.15-1.rhel4.i386.rpm) on a
Centos 4.8 system. It appears to have been compiled against libsasl2,
as the output of ldd reports.

Can anyone point me in the right direction? I've tried recompiling
the source package to explicitly configure in sasl, but I'm having
some other really annoying issues with the Centos build of openssl and
it fails to build, so I'm trying this first.

Here's the log message I'm seeing:
Sep 16 15:31:55 bebeka postfix/smtpd[31125]: warning:
smtpd_sasl_auth_enable is true, but SASL support is not compiled in

I've tested successfully with testsaslauthd, but I don't think postfix
auth is even making it that far. A telnet session reveals that no
auth mechanisms are being declared as supported.

$ telnet localhost submission
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.X.cxm ESMTP Postfix
ehlo localhost
250-mail.lettersandlight.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

The ldd output for smtpd:
# ldd /usr/libexec/postfix/smtpd
libldap-2.2.so.7 => /usr/lib/libldap-2.2.so.7 (0x00d63000)
liblber-2.2.so.7 => /usr/lib/liblber-2.2.so.7 (0x00d99000)
libssl.so.4 => /lib/libssl.so.4 (0x006d6000)
libcrypto.so.4 => /lib/libcrypto.so.4 (0x00b37000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2
(0x00cad000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00c46000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0x00b32000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00c23000)
libresolv.so.2 => /lib/libresolv.so.2 (0x00aa0000)
libdl.so.2 => /lib/libdl.so.2 (0x00939000)
libz.so.1 => /usr/lib/libz.so.1 (0x00a69000)
libdb-4.2.so => /lib/tls/i686/libdb-4.2.so (0x0097d000)
libnsl.so.1 => /lib/libnsl.so.1 (0x00cc3000)
libc.so.6 => /lib/tls/libc.so.6 (0x00808000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00cfe000)
/lib/ld-linux.so.2 (0x007ee000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00964000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x0055b000)

postfinger output:

postfinger - postfix configuration on Wed Sep 16 15:39:12 PDT 2009
version: 1.30

Warning: postfinger output may show private configuration information,
such as ip addresses and/or domain names which you do not want to show
to the public. If this is the case it is your responsibility to
modify
the output to hide this private information. [Remove this warning
with
the --nowarn option.]

--System Parameters--
mail_version = 2.3.15
hostname = bebeka.X.cxm
uname = Linux bebeka.X.cxm 2.6.9-67.0.20.ELsmp #1 SMP Thu Jun 26
08:30:18 EDT 2008 i686 i686 i386 GNU/Linux

--Packaging information--
looks like this postfix comes from RPM package: postfix-2.3.15-1.rhel4

--main.cf non-default parameters--
alias_maps = hash:/etc/aliases
debug_peer_level = 5
debug_peer_list = 127.0.0.1
disable_vrfy_command = yes
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix-2.3.15-documentation/html
mailbox_command = /usr/bin/procmail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost,
$mydomain, celebes.X.cxm, djimmah.X.cxm, harar.X.cxm, lekempti.X.cxm,
limmu.X.cxm, sidamo.X.cxm, koratie.X.cxm
myhostname = mail.X.cxm
mynetworks = x.x.x.x/x, x.x.x.x/x, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
notify_classes = resource, software, bounce, policy
readme_directory = /usr/share/doc/postfix-2.3.15-documentation/readme
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/postfix-2.2.10/samples
sendmail_path = /usr/sbin/sendmail.postfix
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_invalid_hostname, reject_unauth_pipelining,
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain, check_sender_access hash:/etc/
postfix/check_backscatterer permit
smtpd_tls_auth_only = yes
smtpd_tls_CAfile = /etc/postfix/ssl/ca.crt
smtpd_tls_cert_file = /etc/postfix/ssl/X.cxm.2009.crt
smtpd_tls_key_file = /etc/postfix/ssl/X.cxm.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
virtual_alias_domains = nanowrimo.org, nanowrimo.com, nanowrimo.net,
scriptfrenzy.org
virtual_alias_maps = hash:/etc/postfix/virtual_nanowrimo, hash:/etc/
postfix/virtual_nanowrimo_mls, hash:/etc/postfix/virtual_scriptfrenzy,
hash:/etc/postfix/virtual_scriptfrenzy_mls

--master.cf--
smtp inet n - n - 1000 smtpd
-o content_filter=spamchk
26 inet n - n - - smtpd
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o
smtpd_etrn_restrictions=reject
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-
rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m $
{extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m $
{extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop
($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
spamchk unix - n n - 50 pipe
flags=Rq user=spamd argv=/usr/local/bin/spamchk -f ${sender} -- $
{recipient}
scache unix - - n - 1 scache
discard unix - - n - - discard
tlsmgr unix - - n 1000? 1 tlsmgr

-- end of postfinger output --

And the slightly redundant saslfinger output:

saslfinger - postfix Cyrus sasl configuration Wed Sep 16 15:40:49 PDT
2009
version: 1.0.2
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.3.15
System: CentOS release 4.8 (Final)

-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00cfe000)

-- active SMTP AUTH and TLS parameters for smtpd --
smtpd_sasl_path = smtpd
smtpd_sasl_type = cyrus
smtpd_tls_CAfile = /etc/postfix/ssl/ca.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/X.cxm.2009.crt
smtpd_tls_key_file = /etc/postfix/ssl/X.cxm.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes

-- listing of /usr/lib/sasl --
total 404
drwxr-xr-x 2 root root 4096 Sep 16 13:07 .
drwxr-xr-x 116 root root 69632 Sep 16 05:03 ..
-rw-r--r-- 1 root root 4630 Sep 4 2007 libanonymous.a
-rwxr-xr-x 1 root root 871 Sep 4 2007 libanonymous.la
-rwxr-xr-x 1 root root 5748 Sep 4 2007 libanonymous.so
-rwxr-xr-x 1 root root 5748 Sep 4 2007 libanonymous.so.1
-rwxr-xr-x 1 root root 5748 Sep 4 2007 libanonymous.so.1.0.17
-rw-r--r-- 1 root root 9754 Sep 4 2007 libcrammd5.a
-rwxr-xr-x 1 root root 857 Sep 4 2007 libcrammd5.la
-rwxr-xr-x 1 root root 9884 Sep 4 2007 libcrammd5.so
-rwxr-xr-x 1 root root 9884 Sep 4 2007 libcrammd5.so.1
-rwxr-xr-x 1 root root 9884 Sep 4 2007 libcrammd5.so.1.0.19
-rw-r--r-- 1 root root 34292 Sep 4 2007 libdigestmd5.a
-rwxr-xr-x 1 root root 880 Sep 4 2007 libdigestmd5.la
-rwxr-xr-x 1 root root 30804 Sep 4 2007 libdigestmd5.so
-rwxr-xr-x 1 root root 30804 Sep 4 2007 libdigestmd5.so.0
-rwxr-xr-x 1 root root 30804 Sep 4 2007 libdigestmd5.so.0.0.20
-rw-r--r-- 1 root root 11318 Sep 4 2007 libgssapiv2.a
-rw-r--r-- 1 root root 6594 Sep 4 2007 liblogin.a
-rwxr-xr-x 1 root root 847 Sep 4 2007 liblogin.la
-rwxr-xr-x 1 root root 7248 Sep 4 2007 liblogin.so
-rwxr-xr-x 1 root root 7248 Sep 4 2007 liblogin.so.0
-rwxr-xr-x 1 root root 7248 Sep 4 2007 liblogin.so.0.0.7
-rw-r--r-- 1 root root 6146 Sep 4 2007 libplain.a
-rwxr-xr-x 1 root root 849 Sep 4 2007 libplain.la
-rwxr-xr-x 1 root root 7000 Sep 4 2007 libplain.so
-rwxr-xr-x 1 root root 7000 Sep 4 2007 libplain.so.1
-rwxr-xr-x 1 root root 7000 Sep 4 2007 libplain.so.1.0.16
-rw-r--r-- 1 root root 49 Sep 16 13:07 smtpd.conf
-rw-r--r-- 1 root root 47 Mar 16 2005 smtpd.conf~
-rw-r--r-- 1 root root 70 Aug 21 2006 smtpd.conf.rpmsave

-- listing of /usr/lib/sasl2 --
total 2760
drwxr-xr-x 2 root root 4096 Sep 16 13:52 .
drwxr-xr-x 116 root root 69632 Sep 16 05:03 ..
-rwxr-xr-x 1 root root 875 Sep 4 2007 libanonymous.la
-rwxr-xr-x 1 root root 12852 Sep 4 2007 libanonymous.so
-rwxr-xr-x 1 root root 12852 Sep 4 2007 libanonymous.so.2
-rwxr-xr-x 1 root root 12852 Sep 4 2007 libanonymous.so.2.0.19
-rwxr-xr-x 1 root root 863 Sep 4 2007 libcrammd5.la
-rwxr-xr-x 1 root root 15216 Sep 4 2007 libcrammd5.so
-rwxr-xr-x 1 root root 15216 Sep 4 2007 libcrammd5.so.2
-rwxr-xr-x 1 root root 15216 Sep 4 2007 libcrammd5.so.2.0.19
-rwxr-xr-x 1 root root 884 Sep 4 2007 libdigestmd5.la
-rwxr-xr-x 1 root root 42996 Sep 4 2007 libdigestmd5.so
-rwxr-xr-x 1 root root 42996 Sep 4 2007 libdigestmd5.so.2
-rwxr-xr-x 1 root root 42996 Sep 4 2007 libdigestmd5.so.2.0.19
-rwxr-xr-x 1 root root 851 Sep 4 2007 liblogin.la
-rwxr-xr-x 1 root root 13264 Sep 4 2007 liblogin.so
-rwxr-xr-x 1 root root 13264 Sep 4 2007 liblogin.so.2
-rwxr-xr-x 1 root root 13264 Sep 4 2007 liblogin.so.2.0.19
-rwxr-xr-x 1 root root 851 Sep 4 2007 libplain.la
-rwxr-xr-x 1 root root 13392 Sep 4 2007 libplain.so
-rwxr-xr-x 1 root root 13392 Sep 4 2007 libplain.so.2
-rwxr-xr-x 1 root root 13392 Sep 4 2007 libplain.so.2.0.19
-rwxr-xr-x 1 root root 920 Sep 4 2007 libsasldb.la
-rwxr-xr-x 1 root root 783328 Sep 4 2007 libsasldb.so
-rwxr-xr-x 1 root root 783328 Sep 4 2007 libsasldb.so.2
-rwxr-xr-x 1 root root 783328 Sep 4 2007 libsasldb.so.2.0.19
-rw-r--r-- 1 root root 49 Sep 15 19:25 smtpd.conf
-rw-r--r-- 1 root root 26 Mar 16 2005 smtpd.conf~
-rw-r--r-- 1 root root 49 Aug 21 2006 smtpd.conf.rpmsave

-- content of /usr/lib/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login

-- content of /usr/lib/sasl2/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login

-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login

-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)

smtp inet n - n - 1000 smtpd
-o content_filter=spamchk
26 inet n - n - - smtpd
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o
smtpd_etrn_restrictions=reject
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-
rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m $
{extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m $
{extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop
($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
spamchk unix - n n - 50 pipe
flags=Rq user=spamd argv=/usr/local/bin/spamchk -f ${sender} -- $
{recipient}
scache unix - - n - 1 scache
discard unix - - n - - discard
tlsmgr unix - - n 1000? 1 tlsmgr

-- mechanisms on localhost --

-- end of saslfinger output --

[Dan]

Ok, after looking at the source, it's pretty black and white.

src/smtpd/smtpd.c:4201

#ifdef USE_SASL_AUTH
smtpd_sasl_initialize();

if (*var_smtpd_sasl_exceptions_networks)
sasl_exceptions_networks =
namadr_list_init(MATCH_FLAG_NONE,
var_smtpd_sasl_exceptions_networks);
#else
msg_warn("%s is true, but SASL support is not compiled in",
VAR_SMTPD_SASL_ENABLE);
#endif

I guess I'll go on with my recompiling woes.