# postfix/sasl stopped working

## Bodger

I am confused on this issue.

I had this working a week ago and it stopped working.

I am seeing this in the log

```

Dec 29 17:41:52 website4 postfix/smtpd[8161]: xsasl_cyrus_server_init: SASL config file is smtpd.conf

Dec 29 17:41:52 website4 postfix/smtpd[8161]: sql_select option missing

Dec 29 17:41:52 website4 postfix/smtpd[8161]: auxpropfunc error no mechanism available

Dec 29 17:41:52 website4 postfix/smtpd[8161]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql

```

SASL is failing because it cannot find the mechanism which IS NOT EVEN CONFIGURED into the system.

I have it configured to use PAM.

Here is my /etc/sasl2/smtp.conf

```

# $Header: /var/cvsroot/gentoo-x86/mail-mta/postfix/files/smtp.sasl,v 1.2 2004/07/18 03:26:56 dragonheart Exp $

pwcheck_method:saslauthd

mech_list: LOGIN PLAIN

```

Here is a: ps -ef | grep sasl

```

root@website4 log # ps -ef | grep sasl

root      6899     1  0 17:12 ?        00:00:00 /usr/sbin/saslauthd -a pam -r

root      6900  6899  0 17:12 ?        00:00:00 /usr/sbin/saslauthd -a pam -r

root      6901  6899  0 17:12 ?        00:00:00 /usr/sbin/saslauthd -a pam -r

root      6905  6899  0 17:12 ?        00:00:00 /usr/sbin/saslauthd -a pam -r

root      6906  6899  0 17:12 ?        00:00:00 /usr/sbin/saslauthd -a pam -r

root      8228  8024  0 17:54 pts/2    00:00:00 grep sasl

root@website4 log #

```

/etc/conf.d/saslauth

```

# $Header: /var/cvsroot/gentoo-x86/dev-libs/cyrus-sasl/files/saslauthd-2.1.21.conf,v 1.2 2007/04/07 13:03:55 chtekk Exp $

# Config file for /etc/init.d/saslauthd

# Initial (empty) options.

SASLAUTHD_OPTS=""

# Specify the authentications mechanism.

# **NOTE** For a list see: saslauthd -v

# Since 2.1.19, add "-r" to options for old behavior,

# ie. reassemble user and realm to user@realm form.

SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -a pam -r"

#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -a pam"

# Specify the hostname for remote IMAP server.

# **NOTE** Only needed if rimap auth mechanism is used.

#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -O localhost"

# Specify the number of worker processes to create.

#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -n 5"

# Enable credential cache, set cache size and timeout.

# **NOTE** Size is measured in kilobytes.

#          Timeout is measured in seconds.

#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -c -s 128 -t 30"

```

/etc/postfix/main.cf [snippet only]

```

# I added these because of this article

#

# http://www.gentoo.org/doc/en/virt-mail-howto.xml

#

smtpd_sasl_auth_enable = yes

smtpd_sasl2_auth_enable = yes

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_sasl_local_domain =

smtpd_recipient_restrictions = permit_sasl_authenticated,

    permit_mynetworks,

    reject_unauth_destination

syslog_facility = mail

syslog_name = postfix

```

I am not using TLS only SASL.

/etc/pam.d/saslauthd

```

#%PAM-1.0

auth       required     pam_nologin.so

auth       include      system-auth

account    include      system-auth

session    include      system-auth

```

Any idea where the auxprop/sql is coming from?

Thanx

Julian

----------

## steveb

 *Bodger wrote:*   

> Here is my /etc/sasl2/smtp.conf

 Should that not be /etc/sasl2/smtpd.conf? *Bodger wrote:*   

> Any idea where the auxprop/sql is coming from?

 Probably from the use flags and the missing smtpd.conf?

// Steve

----------

## Bodger

 *steveb wrote:*   

> 
> 
>  *Bodger wrote:*   Here is my /etc/sasl2/smtp.conf 
> 
> Should that not be /etc/sasl2/smtpd.conf?
> ...

 

I am sorry I mistyped it is /etc/sasl2/smtpd.conf

 *steveb wrote:*   

> 
> 
>  *Bodger wrote:*   Any idea where the auxprop/sql is coming from? 
> 
> Probably from the use flags and the missing smtpd.conf?
> ...

 

Here is my make.conf

```

# These settings were set by the catalyst build script that automatically

# built this stage.

# Please consult /etc/make.conf.example for a more detailed example.

CFLAGS="-O2 -march=i686 -pipe"

CXXFLAGS="${CFLAGS}"

# This should not be changed unless you know exactly what you are doing.  You

# should probably be using a different stage, instead.

CHOST="i686-pc-linux-gnu"

MAKEOPTS="-j4"

USE="X opengl kde qt3 qt4 gtk cairo dvd alsa cdr hal cli pcre xml zlib apache2 php5 mysql php apache jpg png sasl vnc zlib clamav firefox gif gimp imagemagick javascript libwww maildir mbox mhash mp3 mpeg nsplugin pdf perl rss samba sockets tiff xine xml xscreensaver crypt pop3d milter"

INPUT_DEVICES="keyboard mouse"

VIDEO_CARDS="s3"

GENTOO_MIRRORS="http://distro.ibiblio.org/pub/linux/distributions/gentoo/ "

```

Do you see any problems with it?

I recently did add a bunch of use flags, and I emerge/update every Thursday so it is possible one of those caused the problems.

Here are some relevant installed packages

```

cyrus-sasl-2.1.22-r2

clamav-0.91.2-r1

libmilter-8.14.1-r1

postfix-2.4.5

dovecot-1.0.5

pam-0.78-r5

```

Any idea which of the use flags could be causing the problem?

Thanx

Julian

----------

## steveb

Please post the output of:

```
for foo in cyrus-sasl-2.1.22-r2 clamav-0.91.2-r1 libmilter-8.14.1-r1 postfix-2.4.5 dovecot-1.0.5 pam-0.78-r5 ; do equery u =${foo} ; done
```

// SteveB

----------

## Bodger

```

[ Searching for packages matching =cyrus-sasl-2.1.22-r2... ]

[ Colour Code : set unset ]

[ Legend : Left column  (U) - USE flags from make.conf              ]

[        : Right column (I) - USE flags packages was installed with ]

[ Found these USE variables for dev-libs/cyrus-sasl-2.1.22-r2 ]

 U I

 - - authdaemond            : Enable Courier-IMAP authdaemond's unix socket support.

 + + berkdb                 : Adds support for sys-libs/db (Berkeley DB for MySQL)

 + + crypt                  : Add support for encryption -- using mcrypt or gpg where applicable

 - - elibc_FreeBSD          : <unknown>

 + + gdbm                   : Adds support for sys-libs/gdbm (GNU database libraries)

 - - java                   : Adds support for Java

 - - kerberos               : Adds kerberos support

 - - ldap                   : Adds LDAP support (Lightweight Directory Access Protocol)

 + + mysql                  : Adds mySQL Database support

 - - ntlm_unsupported_patch : Adds NTLM samba NOT supported patch

 + + pam                    : Adds support PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip

 - - postgres               : Adds support for the postgresql database

 - - sample                 : Build sample client and server

 - - srp                    : Enables SRP in cyrus-sasl

 + + ssl                    : Adds support for Secure Socket Layer connections

 - - urandom                : Use /dev/urandom instead of /dev/random

[ Searching for packages matching =clamav-0.91.2-r1... ]

[ Colour Code : set unset ]

[ Legend : Left column  (U) - USE flags from make.conf              ]

[        : Right column (I) - USE flags packages was installed with ]

[ Found these USE variables for app-antivirus/clamav-0.91.2-r1 ]

 U I

 - - bzip2       : Use the bzlib compression library

 + + crypt       : Add support for encryption -- using mcrypt or gpg where applicable

 - - mailwrapper : Adds mailwrapper support to allow multiple MTAs to be installed

 + + milter      : Adds sendmail mail filter (milter) support

 + + nls         : Adds Native Language Support (using gettext - GNU locale utilities)

 - - selinux     : !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur

[ Searching for packages matching =libmilter-8.14.1-r1... ]

[ Colour Code : set unset ]

[ Legend : Left column  (U) - USE flags from make.conf              ]

[        : Right column (I) - USE flags packages was installed with ]

[ Found these USE variables for mail-filter/libmilter-8.14.1-r1 ]

 U I

 + + ipv6 : Adds support for IP version 6

 - - poll : Use poll instead of select

[ Searching for packages matching =postfix-2.4.5... ]

[ Colour Code : set unset ]

[ Legend : Left column  (U) - USE flags from make.conf              ]

[        : Right column (I) - USE flags packages was installed with ]

[ Found these USE variables for mail-mta/postfix-2.4.5 ]

 U I

 - - cdb          : Adds support for the CDB database engine from the author of qmail

 - - dovecot-sasl : Enable Dovecot protocol version 1 (server only) SASL implementation

 - - hardened     : activate default security enhancements for toolchain (gcc, glibc, binutils)

 + + ipv6         : Adds support for IP version 6

 - - ldap         : Adds LDAP support (Lightweight Directory Access Protocol)

 - - mailwrapper  : Adds mailwrapper support to allow multiple MTAs to be installed

 + + mbox         : Adds support for mbox (/var/spool/mail) style mail spools

 + + mysql        : Adds mySQL Database support

 - - nis          : Support for NIS/YP services

 + + pam          : Adds support PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip

 - - postgres     : Adds support for the postgresql database

 + + sasl         : Adds support for the Simple Authentication and Security Layer

 - - selinux      : !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur

 + + ssl          : Adds support for Secure Socket Layer connections

 - - vda          : Adds support for virtual delivery agent quota enforcing

[ Searching for packages matching =dovecot-1.0.5... ]

[ Searching for packages matching =dovecot-1.0.5... ]

[ Colour Code : set unset ]

[ Legend : Left column  (U) - USE flags from make.conf              ]

[        : Right column (I) - USE flags packages was installed with ]

[ Found these USE variables for net-mail/dovecot-1.0.5 ]

 U I

 - - debug    : Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see http://www.gentoo.org/proj/en/qa/backtraces.xml .

 - - doc      : Adds extra documentation (API, Javadoc, etc)

 + + ipv6     : Adds support for IP version 6

 - - kerberos : Adds kerberos support

 - - ldap     : Adds LDAP support (Lightweight Directory Access Protocol)

 + + mbox     : Adds support for mbox (/var/spool/mail) style mail spools

 + + mysql    : Adds mySQL Database support

 + + pam      : Adds support PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip

 + + pop3d    : Build pop3d support

 - - postgres : Adds support for the postgresql database

 - - sieve    : Build the sieve plugin

 + + ssl      : Adds support for Secure Socket Layer connections

 - - suid     : Enable setuid root program, with potential security risks

 - - vpopmail : Add vpopmail support

[ Searching for packages matching =pam-0.78-r5... ]

[ Colour Code : set unset ]

[ Legend : Left column  (U) - USE flags from make.conf              ]

[        : Right column (I) - USE flags packages was installed with ]

[ Found these USE variables for sys-libs/pam-0.78-r5 ]

 U I

 + + berkdb        : Adds support for sys-libs/db (Berkeley DB for MySQL)

 - - nis           : Support for NIS/YP services

 - - pam_chroot    : Builds the pam_chroot module (enables per-user chroots at login)

 - - pam_console   : <unknown>

 - - pam_timestamp : Builds the pam_timestamp module (enables recent successful attempt authentication)

 - - pwdb          : If you want pam_pwdb.so installed to use pwdb as passwd db

 - - selinux       : !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur

```

```

 + + pam                    : Adds support PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip

```

I don't like that comment, hmmm.

Anyway, what I did was a previous question I asked someone pointed me to a list of "USE" flags.  I went through the list and added which ones made sense to all the things I was doing on the machine.

Thanx

Julian

----------

