# Postfix + SSL/cyrus-sasl bad option, but which one? [SOLVED]

## -neX-

so ive been trying to set up postfix + cyrus-sasl + ssl for the last couple of days. im able to get a standard postfix server going using the guide from gentoo docs. that works just fine - responds to telnet on localhost.

the problem crops up when i try to add cyrus-sasl and ssl support. i end up with this in my logs.

```
Jun  5 13:10:35 factory postfix/master[12002]: warning: //usr/lib/postfix/smtpd: bad command startup -- throttling
```

so its most definitely an option issue of some sort. im just not sure which one (arg!). heres a posconf -n, and the output of the diff between the working non-ssl/sasl version and one with ssl/sasl enabled.

```
#  postconf -n

command_directory = /usr/sbin

config_directory = /etc/postfix

daemon_directory = //usr/lib/postfix

data_directory = /var/lib/postfix

debug_peer_level = 2

default_destination_concurrency_limit = 10

home_mailbox = .maildir/

html_directory = /usr/share/doc/postfix-2.6.5/html

inet_interfaces = all

local_destination_concurrency_limit = 2

mail_owner = postfix

mail_spool_directory = /var/spool/mail

mailq_path = /usr/bin/mailq

manpage_directory = /usr/share/man

mydestination = $myhostname, localhost.$mydomain, localhost

mydomain = somedomain.ca

myhostname = factory.somedomain.ca

mynetworks = xx.199.xx.46/32,xx.172.xx.200/32,127.0.0.0/8

newaliases_path = /usr/bin/newaliases

queue_directory = /var/spool/postfix

readme_directory = /usr/share/doc/postfix-2.6.5/readme

sample_directory = /etc/postfix

sendmail_path = /usr/sbin/sendmail

setgid_group = postdrop

unknown_local_recipient_reject_code = 550
```

```
# diff main.cf.BROKEN no-ssl/main.cf.NO_SSL 

661,691d660

< #

< # SASL AUTH

< smtpd_sasl_auth_enable = yes

< smtpd_sasl2_auth_enable = yes

< smtpd_sasl_security_options = noanonymous

< # broken_ options for undocumented outlook/OE problems.

< broken_sasl_auth_clients = yes

< # appends local domain to clients using auth, must be blank or will get mangled.

< smtpd_sasl_local_domain =

< #

< smtpd_recipient_restrictions =

<        permit_sasl_authenticated,

<        permit_mynetworks,

<        reject_unauth_destination

< # smtp_ options enable outbount crypt

< smtp_use_tls = yes

< smtp_tls_note_starttls_offer = yes

< smtpd_use_tls = yes

< # this can be turned on later, if needed.

< #smtpd_tls_auth_only = yes

< smtpd_tls_key_file = /etc/postfix/postfix_key.pem

< smtpd_tls_cert_file = /etc/postfix/postfix_cert.pem

< smtpd_tls_CAfile = /etc/postfix/postfix_cacert.pem

< smtpd_tls_loglevel = 3

< smtpd_tls_received_header = yes

< smtpd_tls_session_cache_timeout = 3600s

< tls_random_source = dev:/dev/urandom

< #

< # LOCAL ACCESS LISTS: local black and whitelisting

< smtp_client_restrictions = check_client_access hash:/etc/postfix/access_lists/blacklist.local

< smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/access_lists/blacklist.local
```

im sure this is something im just not seeing. ive tried enabling/disabling various opts, and have been doing some reading - no positive results yet. any help is appreciated.Last edited by -neX- on Mon Jun 07, 2010 11:07 pm; edited 1 time in total

----------

## magic919

smtp_client_restrictions

----------

## -neX-

 *magic919 wrote:*   

> smtp_client_restrictions

 

removed both smtp_client_restrictions and smtpd_recipient_restrictions, no change.

----------

## magic919

Now drop out TLS and test with just the SASL.  When you reload Postfix ensure you are not missing earlier errors in the logs.

----------

## -neX-

 *magic919 wrote:*   

> Now drop out TLS and test with just the SASL.  When you reload Postfix ensure you are not missing earlier errors in the logs.

 

i tried doing something similar -- but not disabling all the options. so i took this step and it led me to this log entry.

```
Jun  6 12:27:50 factory postfix/smtpd[5872]: warning: SASL per-process initialization failed: generic failure
```

this error was due to a bad option in my /etc/sasl2/smtpd.conf file. the file was actually filled with junk. not sure how that happened. after i fixed up that file and went back and enabled the other options in postfix/main.cf, things worked just fine. 

thanks!

----------

