postfix-mtasaslsmtpdcyrus

broken smtpd auth after update Cyrus SASL


after migrating from depreciated smtpd_recipient_restrictions to smtpd_relay_restrictions, outbound smtp hangs for users and these are the errors I find in the logs. "auxpropfunc error version mismatch with plug-in" and a "_sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql"

emailer1 saslfinger-1.0.3 # ./saslfinger -s
saslfinger - postfix Cyrus sasl configuration Fri Aug 30 00:48:43 UTC 2013
version: 1.0.2
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.10.1
System: Gentoo Base System release 2.2

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00007f262e22a000)
        libsasl2.so.3 => /usr/lib64/libsasl2.so.3 (0x00007f262d6cc000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/ssl/postfix/nyctelecomm.com.crt
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/postfix/nyctelecomm.com.crt
smtpd_tls_key_file = /etc/ssl/postfix/nyctelecomm.com.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes


-- listing of /usr/lib64/sasl2 --
total 1180
drwxr-xr-x  2 root root   4096 Aug 11 20:29 .
drwxr-xr-x 43 root root  12288 Aug 28 18:22 ..
-rwxr-xr-x  1 root root  18632 Aug 11 20:29 libanonymous.so
-rwxr-xr-x  1 root root  18632 Aug 11 20:29 libanonymous.so.3
-rwxr-xr-x  1 root root  18632 Aug 11 20:29 libanonymous.so.3.0.0
-rwxr-xr-x  1 root root  22760 Aug 11 20:29 libcrammd5.so
-rwxr-xr-x  1 root root  22760 Aug 11 20:29 libcrammd5.so.3
-rwxr-xr-x  1 root root  22760 Aug 11 20:29 libcrammd5.so.3.0.0
-rwxr-xr-x  1 root root  56040 Aug 11 20:29 libdigestmd5.so
-rwxr-xr-x  1 root root  56040 Aug 11 20:29 libdigestmd5.so.3
-rwxr-xr-x  1 root root  56040 Aug 11 20:29 libdigestmd5.so.3.0.0
-rwxr-xr-x  1 root root  18632 Aug 11 20:29 liblogin.so
-rwxr-xr-x  1 root root  18632 Aug 11 20:29 liblogin.so.3
-rwxr-xr-x  1 root root  18632 Aug 11 20:29 liblogin.so.3.0.0
-rwxr-xr-x  1 root root  35208 Aug 11 20:29 libntlm.so
-rwxr-xr-x  1 root root  35208 Aug 11 20:29 libntlm.so.3
-rwxr-xr-x  1 root root  35208 Aug 11 20:29 libntlm.so.3.0.0
-rwxr-xr-x  1 root root 109056 Aug 11 20:29 libotp.so
-rwxr-xr-x  1 root root 109056 Aug 11 20:29 libotp.so.3
-rwxr-xr-x  1 root root 109056 Aug 11 20:29 libotp.so.3.0.0
-rwxr-xr-x  1 root root  18664 Aug 11 20:29 libplain.so
-rwxr-xr-x  1 root root  18664 Aug 11 20:29 libplain.so.3
-rwxr-xr-x  1 root root  18664 Aug 11 20:29 libplain.so.3.0.0
-rwxr-xr-x  1 root root  26800 Aug 11 20:29 libsasldb.so
-rwxr-xr-x  1 root root  26800 Aug 11 20:29 libsasldb.so.3
-rwxr-xr-x  1 root root  26800 Aug 11 20:29 libsasldb.so.3.0.0
-rwxr-xr-x  1 root root  39208 Aug 11 20:29 libscram.so
-rwxr-xr-x  1 root root  39208 Aug 11 20:29 libscram.so.3
-rwxr-xr-x  1 root root  39208 Aug 11 20:29 libscram.so.3.0.0
-rwxr-xr-x  1 root root  26816 Aug 11 20:29 libsql.so
-rwxr-xr-x  1 root root  26816 Aug 11 20:29 libsql.so.3
-rwxr-xr-x  1 root root  26816 Aug 11 20:29 libsql.so.3.0.0

-- listing of /usr/lib/sasl2 --
total 1180
drwxr-xr-x  2 root root   4096 Aug 11 20:29 .
drwxr-xr-x 43 root root  12288 Aug 28 18:22 ..
-rwxr-xr-x  1 root root  18632 Aug 11 20:29 libanonymous.so
-rwxr-xr-x  1 root root  18632 Aug 11 20:29 libanonymous.so.3
-rwxr-xr-x  1 root root  18632 Aug 11 20:29 libanonymous.so.3.0.0
-rwxr-xr-x  1 root root  22760 Aug 11 20:29 libcrammd5.so
-rwxr-xr-x  1 root root  22760 Aug 11 20:29 libcrammd5.so.3
-rwxr-xr-x  1 root root  22760 Aug 11 20:29 libcrammd5.so.3.0.0
-rwxr-xr-x  1 root root  56040 Aug 11 20:29 libdigestmd5.so
-rwxr-xr-x  1 root root  56040 Aug 11 20:29 libdigestmd5.so.3
-rwxr-xr-x  1 root root  56040 Aug 11 20:29 libdigestmd5.so.3.0.0
-rwxr-xr-x  1 root root  18632 Aug 11 20:29 liblogin.so
-rwxr-xr-x  1 root root  18632 Aug 11 20:29 liblogin.so.3
-rwxr-xr-x  1 root root  18632 Aug 11 20:29 liblogin.so.3.0.0
-rwxr-xr-x  1 root root  35208 Aug 11 20:29 libntlm.so
-rwxr-xr-x  1 root root  35208 Aug 11 20:29 libntlm.so.3
-rwxr-xr-x  1 root root  35208 Aug 11 20:29 libntlm.so.3.0.0
-rwxr-xr-x  1 root root 109056 Aug 11 20:29 libotp.so
-rwxr-xr-x  1 root root 109056 Aug 11 20:29 libotp.so.3
-rwxr-xr-x  1 root root 109056 Aug 11 20:29 libotp.so.3.0.0
-rwxr-xr-x  1 root root  18664 Aug 11 20:29 libplain.so
-rwxr-xr-x  1 root root  18664 Aug 11 20:29 libplain.so.3
-rwxr-xr-x  1 root root  18664 Aug 11 20:29 libplain.so.3.0.0
-rwxr-xr-x  1 root root  26800 Aug 11 20:29 libsasldb.so
-rwxr-xr-x  1 root root  26800 Aug 11 20:29 libsasldb.so.3
-rwxr-xr-x  1 root root  26800 Aug 11 20:29 libsasldb.so.3.0.0
-rwxr-xr-x  1 root root  39208 Aug 11 20:29 libscram.so
-rwxr-xr-x  1 root root  39208 Aug 11 20:29 libscram.so.3
-rwxr-xr-x  1 root root  39208 Aug 11 20:29 libscram.so.3.0.0
-rwxr-xr-x  1 root root  26816 Aug 11 20:29 libsql.so
-rwxr-xr-x  1 root root  26816 Aug 11 20:29 libsql.so.3
-rwxr-xr-x  1 root root  26816 Aug 11 20:29 libsql.so.3.0.0

-- listing of /etc/sasl2 --
total 32
drwxr-xr-x  2 root root  4096 Aug 11 20:29 .
drwxr-xr-x 58 root root  4096 Aug 29 05:12 ..
-rw-r--r--  1 root root   147 Aug  9 02:08 ._cfg0000_smtpd.conf
-rw-r--r--  1 root root     0 Aug 11 20:29 .keep_dev-libs_cyrus-sasl-2
-rw-r-----  1 root mail 12432 Aug  8 19:44 sasldb2
-rw-r--r--  1 root root   405 Aug 10 07:39 smtpd.conf




-- content of /etc/sasl2/smtpd.conf --
pwcheck_method: authdaemond
mech_list: LOGIN PLAIN
authdaemon_path: /var/lib/courier/authdaemon/socket

log_level: 5

sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: pgsql
password_format: crypt
mech_list: LOGIN PLAIN

sql_engine: pgsql
#sql_hostnames: localhost
sql_database: postfix
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_select: SELECT password FROM mailbox WHERE local_part='%u' AND active='1'


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       n       -       -       smtpd
submission inet n       -       n       -       -       smtpd
pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache




user1  unix -       -       n       -       -       smtp
      -o syslog_name=postfix-user1
      -o smtp_bind_address6=2600:3c01:e000:44:0:0:0:10

-- mechanisms on localhost --
250-AUTH LOGIN PLAIN

-- end of saslfinger output --

*******************************  postmap  ************************************


emailer1 htdocs # postmap -q "info@nyctelecomm.com" pgsql:/etc/postfix/pgsql/virtual_alias_maps.cf
info@nyctelecomm.com
emailer1 htdocs # postmap -q "nyctelecomm.com" pgsql:/etc/postfix/pgsql/virtual_mailbox_domains.cf
nyctelecomm
emailer1 htdocs # postmap -q "info@nyctelecomm.com" pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf
nyctelecomm.com/info/

*********************************************  postconf ************************

emailer1 htdocs # postconf -n
broken_sasl_auth_clients = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 3
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
home_mailbox = .maildir/
html_directory = no
inet_protocols = ipv4, ipv6
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sender_dependent_default_transport_maps = hash:/etc/postfix/transport.cf
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = permit_sasl_authenticated permit_mynetworks, check_client_access
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated permit_mynetworks, reject_unknown_helo_hostname, reject_invalid_helo_hostname
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks, permit_sasl_authenticated
smtpd_relay_restrictions = permit_sasl_authenticated permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated reject_non_fqdn_sender, reject_unknown_sender_domain
smtpd_tls_CAfile = /etc/ssl/postfix/nyctelecomm.com.crt
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/postfix/nyctelecomm.com.crt
smtpd_tls_key_file = /etc/ssl/postfix/nyctelecomm.com.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = pgsql:/etc/postfix/pgsql/virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = pgsql:/etc/postfix/pgsql/virtual_mailbox_domains.cf
virtual_mailbox_maps = pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf
virtual_uid_maps = static:5000


************************  error  ***********************************

2013-08-28T23:06:57+00:00 emailer1 postfix/smtpd[21746]: auxpropfunc error version mismatch with plug-in
2013-08-28T23:06:57+00:00 emailer1 postfix/smtpd[21746]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sasldb
2013-08-28T23:06:57+00:00 emailer1 postfix/smtpd[21746]: auxpropfunc error version mismatch with plug-in
2013-08-28T23:06:57+00:00 emailer1 postfix/smtpd[21746]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin:

Solution

  • There was a stuck version in the libraries. I emerge -C cyrus-sasl, then downgraded to an earlier version, I saw the collision overwrites occur, went back to the regular cyrus and the error went away.