Re: broken upgrade of postfix_2.3.7-3 - 2.3.8-2 (etch) (SOLVED)
Michael Shuler wrote: Jochen Schulz wrote: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415670. Thanks for the bug link, Jochen - there was no report in my bug search, prior to posting yesterday. The notes on this bug seem to reflect all the same behavior I am seeing with 2.3.8-2. postfix_2.3.8-2+b1 is working well for me today. Kind Regards, Michael Confidentiality Notice: This e-mail message (including any attached or embedded documents) is intended for the exclusive and confidential use of the individual or entity to which this message is addressed, and unless otherwise expressly indicated, is confidential and privileged information of Rackspace Managed Hosting. Any dissemination, distribution or copying of the enclosed material is prohibited. If you receive this transmission in error, please notify us immediately by e-mail at [EMAIL PROTECTED], and delete the original message. Your cooperation is appreciated. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: broken upgrade of postfix_2.3.7-3 - 2.3.8-2 (etch)
Michael Shuler: Today's postfix update has broken my smtp configuration, I had the same issue and solved it temporarily by installing OpenSSL from unstable. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415670. The release manager noted that unstable's version of OpenSSL won't be included in etch, though, so that downgrading postfix until a fixed version becomes available may be a better option. J. -- In the west we kill people like chickens. [Agree] [Disagree] http://www.slowlydownward.com/NODATA/data_enter2.html signature.asc Description: Digital signature
Re: broken upgrade of postfix_2.3.7-3 - 2.3.8-2 (etch)
Jochen Schulz wrote: I had the same issue and solved it temporarily by installing OpenSSL from unstable. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415670. The release manager noted that unstable's version of OpenSSL won't be included in etch, though, so that downgrading postfix until a fixed version becomes available may be a better option. Thanks for the bug link, Jochen - there was no report in my bug search, prior to posting yesterday. The notes on this bug seem to reflect all the same behavior I am seeing with 2.3.8-2. Kind Regards, Michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
broken upgrade of postfix_2.3.7-3 - 2.3.8-2 (etch)
Today's postfix update has broken my smtp configuration, and I would enjoy any help troubleshooting - I have downgraded to 2.3.7-3 for the moment. The changelog looks fairly trivial, but I have not been able to put my finger on the real problem - is this possibly an libssl/openssl issue? I am using tls, sasl authentication, and postgrey. Local delivery for a logcheck email worked, and postfix bound to the tcp ports, but a telnet to port 25 showed no banner and accepted no interaction - same behavior after a restart. I enabled verbose logging and there is too much to post here - at the end of the log is the verbose output of 2.3.7-3 starting up, a telnet to localhost 25, then a non-verbose restart: http://ftp.pbandjelly.org/pub/postfix_2.3.8-2/mail.log Thanks for any ideas! Kind Regards, Michael basic mail.log after postfix_2.3.8-2 upgrade (no fatal|error logs): Mar 20 18:59:54 aesop postfix/master[7364]: terminating on signal 15 Mar 20 18:59:54 aesop postfix/master[7460]: daemon started -- version 2.3.8, configuration /etc/postfix Mar 20 18:59:57 aesop postfix/master[7460]: warning: process /usr/lib/postfix/smtpd pid 7467 exit status 127 Mar 20 18:59:57 aesop postfix/master[7460]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling Mar 20 19:00:35 aesop postfix/master[7460]: terminating on signal 15 Mar 20 19:01:24 aesop postfix/master[2010]: daemon started -- version 2.3.8, configuration /etc/postfix Mar 20 19:01:37 aesop postfix/pickup[2016]: CAD5039C501: uid=108 from=logcheck Mar 20 19:01:37 aesop postfix/cleanup[3115]: CAD5039C501: message-id=[EMAIL PROTECTED] Mar 20 19:01:37 aesop postfix/qmgr[2017]: CAD5039C501: from=[EMAIL PROTECTED], size=16428, nrcpt=1 (queue active) Mar 20 19:01:38 aesop postfix/local[3119]: CAD5039C501: to=[EMAIL PROTECTED], orig_to=root, relay=local, delay=0.32, delays=0.1 8/0.07/0/0.07, dsn=2.0.0, status=sent (delivered to maildir) Mar 20 19:01:38 aesop postfix/qmgr[2017]: CAD5039C501: removed Mar 20 19:02:20 aesop postfix/master[2010]: warning: process /usr/lib/postfix/smtpd pid 3957 exit status 127 Mar 20 19:02:20 aesop postfix/master[2010]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling Mar 20 19:03:20 aesop postfix/master[2010]: warning: process /usr/lib/postfix/smtpd pid 3983 exit status 127 Mar 20 19:03:20 aesop postfix/master[2010]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling ... configs: $ cat main.cf|egrep -v '^#|^$' smtpd_banner = $myhostname ESMTP biff = no append_dot_mydomain = no smtpd_use_tls=yes smtpd_tls_cert_file=/etc/ssl/certs/mail.pbandjelly.org.cert smtpd_tls_key_file=/etc/ssl/private/mail.pbandjelly.org.key smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache myhostname = aesop.pbandjelly.org myorigin = /etc/mailname alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases relayhost = mynetworks = 127.0.0.0/8 mailbox_command = mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all mydestination = $myhostname, /etc/postfix/virtual/domains virtual_maps = hash:/etc/postfix/virtual/addresses home_mailbox = Maildir/ strict_rfc821_envelopes = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client sbl-xbl.spamhaus.org, check_policy_service inet:127.0.0.1:6, reject_unauth_pipelining $ cat master.cf|egrep -v '^#|^$' smtp inet n - - - - smtpd submission inet n - - - - smtpd pickupfifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgrunix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounceunix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verifyunix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - - - - smtp relay unix - - - - - smtp -o fallback_relay= showq unix n - - - - showq error unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n
Re: broken upgrade of postfix_2.3.7-3 - 2.3.8-2 (etch)
Michael Shuler wrote: Today's postfix update has broken my smtp configuration, and I would enjoy any help troubleshooting - I have downgraded to 2.3.7-3 for the moment. The changelog looks fairly trivial, but I have not been able to put my finger on the real problem - is this possibly an libssl/openssl issue? I am using tls, sasl authentication, and postgrey. Local delivery for a logcheck email worked, and postfix bound to the tcp ports, but a telnet to port 25 showed no banner and accepted no interaction - same behavior after a restart. I enabled verbose logging and there is too much to post here - at the end of the log is the verbose output of 2.3.7-3 starting up, a telnet to localhost 25, then a non-verbose restart: http://ftp.pbandjelly.org/pub/postfix_2.3.8-2/mail.log Thanks for any ideas! Kind Regards, Michael basic mail.log after postfix_2.3.8-2 upgrade (no fatal|error logs): Mar 20 18:59:54 aesop postfix/master[7364]: terminating on signal 15 Mar 20 18:59:54 aesop postfix/master[7460]: daemon started -- version 2.3.8, configuration /etc/postfix Mar 20 18:59:57 aesop postfix/master[7460]: warning: process /usr/lib/postfix/smtpd pid 7467 exit status 127 Mar 20 18:59:57 aesop postfix/master[7460]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling Mar 20 19:00:35 aesop postfix/master[7460]: terminating on signal 15 Mar 20 19:01:24 aesop postfix/master[2010]: daemon started -- version 2.3.8, configuration /etc/postfix Mar 20 19:01:37 aesop postfix/pickup[2016]: CAD5039C501: uid=108 from=logcheck Mar 20 19:01:37 aesop postfix/cleanup[3115]: CAD5039C501: message-id=[EMAIL PROTECTED] Mar 20 19:01:37 aesop postfix/qmgr[2017]: CAD5039C501: from=[EMAIL PROTECTED], size=16428, nrcpt=1 (queue active) Mar 20 19:01:38 aesop postfix/local[3119]: CAD5039C501: to=[EMAIL PROTECTED], orig_to=root, relay=local, delay=0.32, delays=0.1 8/0.07/0/0.07, dsn=2.0.0, status=sent (delivered to maildir) Mar 20 19:01:38 aesop postfix/qmgr[2017]: CAD5039C501: removed Mar 20 19:02:20 aesop postfix/master[2010]: warning: process /usr/lib/postfix/smtpd pid 3957 exit status 127 Mar 20 19:02:20 aesop postfix/master[2010]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling Mar 20 19:03:20 aesop postfix/master[2010]: warning: process /usr/lib/postfix/smtpd pid 3983 exit status 127 Mar 20 19:03:20 aesop postfix/master[2010]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling ... Can you post the result of postconf -n ? that shows the actual working parameters used by postfix. From the logs I guess (uneducated guess) that the problem is not in the postfix core but in one or more of the child processes (spam/virus checker or greylistng). -- Random Quotes From Megas XLR Coop: You see? The mysteries of the Universe are revealed when you break stuff. Jamie: When in doubt, blow up a planet. Kiva: It's an 80 foot robot, if we can't see it, absolutely it's not here. Glorft Technician: Unnecessary use of force in capturing the Earthers has been approved. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: broken upgrade of postfix_2.3.7-3 - 2.3.8-2 (etch)
Mihira Fernando wrote: Michael Shuler wrote: Mar 20 19:03:20 aesop postfix/master[2010]: warning: process /usr/lib/postfix/smtpd pid 3983 exit status 127 Mar 20 19:03:20 aesop postfix/master[2010]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling I have also not been able to find any reference in the postfix source for exit code 127. Can you post the result of postconf -n ? that shows the actual working parameters used by postfix. From the logs I guess (uneducated guess) that the problem is not in the postfix core but in one or more of the child processes (spam/virus checker or greylistng). I am not using virus checking and only using an rbl check and postgrey. Thanks for looking. Kind Regards, Michael $ postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix home_mailbox = Maildir/ inet_interfaces = all inet_protocols = all mailbox_command = mailbox_size_limit = 0 mydestination = $myhostname, /etc/postfix/virtual/domains myhostname = aesop.pbandjelly.org mynetworks = 127.0.0.0/8 myorigin = /etc/mailname recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtpd_banner = $myhostname ESMTP smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client sbl-xbl.spamhaus.org, check_policy_service inet:127.0.0.1:6, reject_unauth_pipelining smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain smtpd_tls_cert_file = /etc/ssl/certs/mail.pbandjelly.org.cert smtpd_tls_key_file = /etc/ssl/private/mail.pbandjelly.org.key smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_use_tls = yes strict_rfc821_envelopes = yes -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: broken upgrade of postfix_2.3.7-3 - 2.3.8-2 (etch)
Michael Shuler wrote: Mihira Fernando wrote: Michael Shuler wrote: Mar 20 19:03:20 aesop postfix/master[2010]: warning: process /usr/lib/postfix/smtpd pid 3983 exit status 127 Mar 20 19:03:20 aesop postfix/master[2010]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling I have also not been able to find any reference in the postfix source for exit code 127. Can you post the result of postconf -n ? that shows the actual working parameters used by postfix. From the logs I guess (uneducated guess) that the problem is not in the postfix core but in one or more of the child processes (spam/virus checker or greylistng). I am not using virus checking and only using an rbl check and postgrey. Thanks for looking. Kind Regards, Michael $ postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix home_mailbox = Maildir/ inet_interfaces = all inet_protocols = all mailbox_command = mailbox_size_limit = 0 mydestination = $myhostname, /etc/postfix/virtual/domains myhostname = aesop.pbandjelly.org mynetworks = 127.0.0.0/8 myorigin = /etc/mailname recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache btree ? smtpd_banner = $myhostname ESMTP smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client sbl-xbl.spamhaus.org, check_policy_service inet:127.0.0.1:6, Is postfix-policyd ? reject_unauth_pipelining smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain smtpd_tls_cert_file = /etc/ssl/certs/mail.pbandjelly.org.cert smtpd_tls_key_file = /etc/ssl/private/mail.pbandjelly.org.key smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache again the btree smtpd_use_tls = yes strict_rfc821_envelopes = yes Do you have btree support installed for postfix ? As I recall, the smtp(d)_session_cache_database parameters are in the default main.cf file but btree support is _not_ installed by default. If you're not using these 2 parameters I suggest you comment them out and reload postfix. Also I assume you got postfix-policyd on 127.0.0.1:6 ? it is fully operational right ? -- Random Quotes From Megas XLR Coop: You see? The mysteries of the Universe are revealed when you break stuff. Jamie: When in doubt, blow up a planet. Kiva: It's an 80 foot robot, if we can't see it, absolutely it's not here. Glorft Technician: Unnecessary use of force in capturing the Earthers has been approved. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: broken upgrade of postfix_2.3.7-3 - 2.3.8-2 (etch)
Mihira Fernando wrote: Do you have btree support installed for postfix ? As I recall, the smtp(d)_session_cache_database parameters are in the default main.cf file but btree support is _not_ installed by default. If you're not using these 2 parameters I suggest you comment them out and reload postfix. I thought btree was berkley db, which is installed, but I could be wrong there - I have not found any promising looking packages when apt-cache searching for btree or postfix, so I am not sure what those might be. I reinstalled 2.3.8, commented out the btree lines, reloaded, and have the same behavior as previously with the same warnings. #smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache #smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache Also I assume you got postfix-policyd on 127.0.0.1:6 ? it is fully operational right ? postgrey is listening on 127.0.0.1:6 and has been functioning properly under 2.3.7. To rule out all the variables, I left the btree lines commented out, commented out my check_policy_service, set smtpd_use_tls=no, and restarted. This works fine. I then added the check_policy_service line back, to re-add postgrey into the mix, restarted, and this works fine. When I add back smtpd_use_tls=yes and restart, then I have problems.. From looking at the changelog entry and my trials, this does appear to be an issue with the current libssl/openssl 0.9.8c-4 that I am hitting - the postfix changelog states: 20070225 Workaround: Disable SSL/TLS ciphers when the underlying symmetric algorithm is not available in the OpenSSL crypto library at the required bit strength. Problem observed with SunOS 5.10's bundled OpenSSL 0.9.7 and AES 256. Also possible with OpenSSL 0.9.8 and CAMELLIA 256. Root cause fixed in upcoming OpenSSL 0.9.7m, 0.9.8e and 0.9.9 releases. Kind Regards, Michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: broken upgrade of postfix_2.3.7-3 - 2.3.8-2 (etch)
Michael Shuler wrote: Mihira Fernando wrote: Do you have btree support installed for postfix ? As I recall, the smtp(d)_session_cache_database parameters are in the default main.cf file but btree support is _not_ installed by default. If you're not using these 2 parameters I suggest you comment them out and reload postfix. I thought btree was berkley db, which is installed, but I could be wrong there - I have not found any promising looking packages when apt-cache searching for btree or postfix, so I am not sure what those might be. I reinstalled 2.3.8, commented out the btree lines, reloaded, and have the same behavior as previously with the same warnings. #smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache #smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache Also I assume you got postfix-policyd on 127.0.0.1:6 ? it is fully operational right ? postgrey is listening on 127.0.0.1:6 and has been functioning properly under 2.3.7. To rule out all the variables, I left the btree lines commented out, commented out my check_policy_service, set smtpd_use_tls=no, and restarted. This works fine. I then added the check_policy_service line back, to re-add postgrey into the mix, restarted, and this works fine. When I add back smtpd_use_tls=yes and restart, then I have problems.. From looking at the changelog entry and my trials, this does appear to be an issue with the current libssl/openssl 0.9.8c-4 that I am hitting - the postfix changelog states: 20070225 Workaround: Disable SSL/TLS ciphers when the underlying symmetric algorithm is not available in the OpenSSL crypto library at the required bit strength. Problem observed with SunOS 5.10's bundled OpenSSL 0.9.7 and AES 256. Also possible with OpenSSL 0.9.8 and CAMELLIA 256. Root cause fixed in upcoming OpenSSL 0.9.7m, 0.9.8e and 0.9.9 releases. Kind Regards, Michael Glad you found the problem. So its with libssl/openssl. However I got Postfix 2.3.3 with openssl 0.9.8c and the same setup and that is working without a hitch.. -- Random Quotes From Megas XLR Coop: You see? The mysteries of the Universe are revealed when you break stuff. Jamie: When in doubt, blow up a planet. Kiva: It's an 80 foot robot, if we can't see it, absolutely it's not here. Glorft Technician: Unnecessary use of force in capturing the Earthers has been approved. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]