Bug#638045: warning: xsasl_cyrus_server_get_mechanism_list: no mechanism available
Johnny Morano
Version: 2.1.24~rc1.dfsg1+cvs2011-05-23-5
Severity: important
Postfix is unable to receive mail and unable to send mail via SASL authentication, after installing the updates of today.
These are the error messages:
Aug 16 17:34:28 musashi postfix/smtpd[14716]: connect from relay02.secure-mail.be[195.13.7.5]
Aug 16 17:34:28 musashi postfix/smtpd[14716]: warning: SASL authentication failure: Internal Error -4 in ../../lib/server.c near line 1731
Aug 16 17:34:28 musashi last message repeated 2 times
Aug 16 17:34:28 musashi postfix/smtpd[14716]: warning: xsasl_cyrus_server_get_mechanism_list: no mechanism available
Aug 16 17:34:28 musashi postfix/smtpd[14716]: fatal: no SASL authentication mechanisms
Aug 16 17:34:29 musashi postfix/master[2687]: warning: process /usr/lib/postfix/smtpd pid 14716 exit status 1
Aug 16 17:34:29 musashi postfix/master[2687]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
I have installed:
.oO( musashi | ~ )Oo. dpkg --get-selections | grep -i sasl
libauthen-sasl-perl install
libsasl2-2 install
libsasl2-modules install
libsasl2-modules-gssapi-heimdal install
libsasl2-modules-otp install
php-auth-sasl install
sasl2-bin install
Completly disabling sasl in /etc/postfix/main.cf and /etc/postfix/master.cf currently fixes receiving, but of course doesn't allow to send mail using SASL authenticated clients.
It worked perfectly before the updates :-)
Thanks!
Johnny
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 3.0.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libsasl2-2 depends on:
ii libc6 2.13-16 Embedded GNU C Library: Shared lib
ii libdb5.1 5.1.25-11 Berkeley v5.1 Database Libraries [
ii multiarch-support 2.13-16 Transitional package to ensure mul
Versions of packages libsasl2-2 recommends:
ii libsasl 2.1.24~rc1.dfsg1+cvs2011-05-23-5 Cyrus SASL - pluggable authenticat
libsasl2-2 suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Stefano Zacchiroli
affects 638045 postfix
thanks
On Tue, Aug 16, 2011 at 09:54:14PM +0200, Johnny Morano wrote:
> Package: libsasl2-2
> Version: 2.1.24~rc1.dfsg1+cvs2011-05-23-5
> Severity: important
>
> Postfix is unable to receive mail and unable to send mail via SASL
> authentication, after installing the updates of today. These are the
> error messages:
I can reproduce this in Sid.
Reverting both "libsasl2-2" and "libsasl2-modules" to version
2.1.23.dfsg1-7 fixes the problem.
I'm setting severity as serious, as it breaks pretty heavily mail
delivery for SASL-based postfix configuration. I'm also marking the bug
as affecting postfix, as many people will probably look for some issue
there.
Thanks for maintaining Cyrus SASL, it ain't easy!
Cheers.
--
Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
zack@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/
Quando anche i santi ti voltano le spalle, | . |. I've fans everywhere
ti resta John Fante -- V. Capossela .......| ..: |.......... -- C. Adams
Sven Joachim
On 2011-08-17 13:53 +0200, Luca Capello wrote:
> On Wed, 17 Aug 2011 11:59:19 +0200, Stefano Zacchiroli wrote:
>> On Tue, Aug 16, 2011 at 09:54:14PM +0200, Johnny Morano wrote:
>>> Postfix is unable to receive mail and unable to send mail via SASL
>>> authentication, after installing the updates of today. These are the
>>> error messages:
>>
>> I can reproduce this in Sid.
>
> /me too.
>
>> Reverting both "libsasl2-2" and "libsasl2-modules" to version
>> 2.1.23.dfsg1-7 fixes the problem.
>
> FWIW, reverting to 2.1.24~rc1.dfsg1+cvs2011-05-23-4 is enough.
>
> BTW, if you use Cyrus SASL authentication in Postfix, you can not
> actually revert libsasl2-2 and libsasl2-modules only, but you need
> to revert sasl2-bin as well because of its versioned dependency.
>
>> I'm setting severity as serious, as it breaks pretty heavily mail
>> delivery for SASL-based postfix configuration. I'm also marking the bug
>> as affecting postfix, as many people will probably look for some issue
>> there.
>
> Thank you, indeed I did not find it during a first look, maybe the title
> should be changed to reflect the IMHO most common error? In my case:
>
> C61E120DDD 2071 Wed Aug 17 10:45:55 lu...@pca.it
> (SASL authentication failed; cannot authenticate to server \
> home.pca.it[83.211.85.135]: no mechanism available)
> debian-p...@lists.debian.org
Here is what I got:
,----
| Aug 17 14:16:59 turtle postfix/smtp[28566]: warning: SASL authentication failure: No worthy mechs found
| Aug 17 14:16:59 turtle postfix/smtp[28566]: 4BD0A3F4F6: SASL authentication failed; cannot authenticate to server mail.gmx.net[213.165.64.20]: no mechanism available
`----
Postfix's SASL_README has this interesting information:
,----
| SASL authentication failure: No worthy mechs found
|
| Note
|
| This same error message will also be logged when the libplain.so or
| liblogin.so modules are not installed in the /usr/lib/sasl2 directory.
`----
And /usr/lib/sasl2 is hardcoded in postfix, see
src/xsasl/xsasl_cyrus_log.c:
int xsasl_getpath(void * context, char ** path)
{
#if SASL_VERSION_MAJOR >= 2
*path = concatenate(var_config_dir, "/", "sasl:/usr/lib/sasl2", (char *) 0);
#else
*path = concatenate(var_config_dir, "/", "sasl:/usr/lib/sasl", (char *) 0);
#endif
return SASL_OK;
}
So this bug has been triggered by the switch to multiarch paths in
cyrus-sasl2, and postfix is to blame for hardcoding /usr/lib/sasl2.
Cheers,
Sven
Ondřej Surý
On Wed, Aug 17, 2011 at 15:05, Sven Joachim <sven...@gmx.de> wrote:
> And /usr/lib/sasl2 is hardcoded in postfix, see
> src/xsasl/xsasl_cyrus_log.c:
>
> int xsasl_getpath(void * context, char ** path)
> {
> #if SASL_VERSION_MAJOR >= 2
> *path = concatenate(var_config_dir, "/", "sasl:/usr/lib/sasl2", (char *) 0);
> #else
> *path = concatenate(var_config_dir, "/", "sasl:/usr/lib/sasl", (char *) 0);
> #endif
> return SASL_OK;
> }
>
> So this bug has been triggered by the switch to multiarch paths in
> cyrus-sasl2, and postfix is to blame for hardcoding /usr/lib/sasl2.
I guess the Ubuntu already have a patch for that
I could remove the MultiArch patch as a quick remedy and wait for
postfix to catch up. Opinions?
O.
--
Ondřej Surý <ond...@sury.org>
Steve Langasek
> postfix (2.8.3-1ubuntu3) oneiric; urgency=low
> * src/xsasl/xsasl_cyrus_{client,server}.c: don't set a sasl callback for
> the path, only do so for the config path; we shouldn't override the
> already-correct module path built into cyrus-sasl2 itself,
> especially now that said path may change due to multiarch.
> -- Steve Langasek <steve.l...@ubuntu.com> Mon, 15 Aug 2011 20:10:53 -0700
I did communicate this to LaMont on IRC as I was preparing the fix, but I
honestly wasn't expecting cyrus-sasl2 to get changed quite so quickly (the
median time for multiarch patches getting applied is much longer than 5
hours :), so I didn't express any urgency for getting that patch into
Debian. Sorry about that.
LaMont, can this multiarch fix be included in the next postfix upload? That
would at least let the cyrus-sasl2 maintainers set the Breaks: so that
people don't break their mailservers unwittingly.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slan...@ubuntu.com vor...@debian.org
Steve Langasek
these, h323plus and opal are candidates with references to 'SetPath' in the
code, but on inspection these are false positives.
So the only package I've found that has an issue with SASL_CB_GETPATH is
postfix, and I have no idea why sendmail is breaking since it doesn't use
this callback.
for pkg in $(
grep-dctrl -FDepends -e 'libpt2.6.7|libpt2.4.5|libpt-1.10.10' -sSource:Package -n \
/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_oneiric_*amd64_Packages \
| sort -u)
do
apt-get source --only-source $pkg >/dev/null 2>&1
(cd ${pkg}-* && ./debian/rules unpack >/dev/null 2>&1)
grep -rq SetPath . && echo $pkg
rm -rf ${pkg}*
done