Re: broken upgrade of postfix_2.3.7-3 - 2.3.8-2 (etch) (SOLVED)
Michael Shuler wrote: Jochen Schulz wrote: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415670. Thanks for the bug link, Jochen - there was no report in my bug search, prior to posting yesterday. The notes on this bug seem to reflect all the same behavior I am seeing with 2.3.8-2. postfix_2.3.8-2+b1 is working well for me today. Kind Regards, Michael Confidentiality Notice: This e-mail message (including any attached or embedded documents) is intended for the exclusive and confidential use of the individual or entity to which this message is addressed, and unless otherwise expressly indicated, is confidential and privileged information of Rackspace Managed Hosting. Any dissemination, distribution or copying of the enclosed material is prohibited. If you receive this transmission in error, please notify us immediately by e-mail at [EMAIL PROTECTED], and delete the original message. Your cooperation is appreciated. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: broken upgrade of postfix_2.3.7-3 - 2.3.8-2 (etch)
Michael Shuler: Today's postfix update has broken my smtp configuration, I had the same issue and solved it temporarily by installing OpenSSL from unstable. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415670. The release manager noted that unstable's version of OpenSSL won't be included in etch, though, so that downgrading postfix until a fixed version becomes available may be a better option. J. -- In the west we kill people like chickens. [Agree] [Disagree] http://www.slowlydownward.com/NODATA/data_enter2.html signature.asc Description: Digital signature
Re: broken upgrade of postfix_2.3.7-3 - 2.3.8-2 (etch)
Jochen Schulz wrote: I had the same issue and solved it temporarily by installing OpenSSL from unstable. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415670. The release manager noted that unstable's version of OpenSSL won't be included in etch, though, so that downgrading postfix until a fixed version becomes available may be a better option. Thanks for the bug link, Jochen - there was no report in my bug search, prior to posting yesterday. The notes on this bug seem to reflect all the same behavior I am seeing with 2.3.8-2. Kind Regards, Michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
broken upgrade of postfix_2.3.7-3 - 2.3.8-2 (etch)
Today's postfix update has broken my smtp configuration, and I would
enjoy any help troubleshooting - I have downgraded to 2.3.7-3 for the
moment. The changelog looks fairly trivial, but I have not been able to
put my finger on the real problem - is this possibly an libssl/openssl
issue?
I am using tls, sasl authentication, and postgrey. Local delivery for a
logcheck email worked, and postfix bound to the tcp ports, but a telnet
to port 25 showed no banner and accepted no interaction - same behavior
after a restart.
I enabled verbose logging and there is too much to post here - at the
end of the log is the verbose output of 2.3.7-3 starting up, a telnet to
localhost 25, then a non-verbose restart:
http://ftp.pbandjelly.org/pub/postfix_2.3.8-2/mail.log
Thanks for any ideas!
Kind Regards,
Michael
basic mail.log after postfix_2.3.8-2 upgrade (no fatal|error logs):
Mar 20 18:59:54 aesop postfix/master[7364]: terminating on signal 15
Mar 20 18:59:54 aesop postfix/master[7460]: daemon started -- version
2.3.8, configuration /etc/postfix
Mar 20 18:59:57 aesop postfix/master[7460]: warning: process
/usr/lib/postfix/smtpd pid 7467 exit status 127
Mar 20 18:59:57 aesop postfix/master[7460]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
Mar 20 19:00:35 aesop postfix/master[7460]: terminating on signal 15
Mar 20 19:01:24 aesop postfix/master[2010]: daemon started -- version
2.3.8, configuration /etc/postfix
Mar 20 19:01:37 aesop postfix/pickup[2016]: CAD5039C501: uid=108
from=logcheck
Mar 20 19:01:37 aesop postfix/cleanup[3115]: CAD5039C501:
message-id=[EMAIL PROTECTED]
Mar 20 19:01:37 aesop postfix/qmgr[2017]: CAD5039C501:
from=[EMAIL PROTECTED], size=16428, nrcpt=1 (queue active)
Mar 20 19:01:38 aesop postfix/local[3119]: CAD5039C501:
to=[EMAIL PROTECTED], orig_to=root, relay=local,
delay=0.32, delays=0.1
8/0.07/0/0.07, dsn=2.0.0, status=sent (delivered to maildir)
Mar 20 19:01:38 aesop postfix/qmgr[2017]: CAD5039C501: removed
Mar 20 19:02:20 aesop postfix/master[2010]: warning: process
/usr/lib/postfix/smtpd pid 3957 exit status 127
Mar 20 19:02:20 aesop postfix/master[2010]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
Mar 20 19:03:20 aesop postfix/master[2010]: warning: process
/usr/lib/postfix/smtpd pid 3983 exit status 127
Mar 20 19:03:20 aesop postfix/master[2010]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
...
configs:
$ cat main.cf|egrep -v '^#|^$'
smtpd_banner = $myhostname ESMTP
biff = no
append_dot_mydomain = no
smtpd_use_tls=yes
smtpd_tls_cert_file=/etc/ssl/certs/mail.pbandjelly.org.cert
smtpd_tls_key_file=/etc/ssl/private/mail.pbandjelly.org.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
myhostname = aesop.pbandjelly.org
myorigin = /etc/mailname
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command =
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, /etc/postfix/virtual/domains
virtual_maps = hash:/etc/postfix/virtual/addresses
home_mailbox = Maildir/
strict_rfc821_envelopes = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sender_restrictions =
reject_non_fqdn_sender,
reject_unknown_sender_domain
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client sbl-xbl.spamhaus.org,
check_policy_service inet:127.0.0.1:6,
reject_unauth_pipelining
$ cat master.cf|egrep -v '^#|^$'
smtp inet n - - - - smtpd
submission inet n - - - - smtpd
pickupfifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgrunix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounceunix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verifyunix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n
Re: broken upgrade of postfix_2.3.7-3 - 2.3.8-2 (etch)
Michael Shuler wrote: Today's postfix update has broken my smtp configuration, and I would enjoy any help troubleshooting - I have downgraded to 2.3.7-3 for the moment. The changelog looks fairly trivial, but I have not been able to put my finger on the real problem - is this possibly an libssl/openssl issue? I am using tls, sasl authentication, and postgrey. Local delivery for a logcheck email worked, and postfix bound to the tcp ports, but a telnet to port 25 showed no banner and accepted no interaction - same behavior after a restart. I enabled verbose logging and there is too much to post here - at the end of the log is the verbose output of 2.3.7-3 starting up, a telnet to localhost 25, then a non-verbose restart: http://ftp.pbandjelly.org/pub/postfix_2.3.8-2/mail.log Thanks for any ideas! Kind Regards, Michael basic mail.log after postfix_2.3.8-2 upgrade (no fatal|error logs): Mar 20 18:59:54 aesop postfix/master[7364]: terminating on signal 15 Mar 20 18:59:54 aesop postfix/master[7460]: daemon started -- version 2.3.8, configuration /etc/postfix Mar 20 18:59:57 aesop postfix/master[7460]: warning: process /usr/lib/postfix/smtpd pid 7467 exit status 127 Mar 20 18:59:57 aesop postfix/master[7460]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling Mar 20 19:00:35 aesop postfix/master[7460]: terminating on signal 15 Mar 20 19:01:24 aesop postfix/master[2010]: daemon started -- version 2.3.8, configuration /etc/postfix Mar 20 19:01:37 aesop postfix/pickup[2016]: CAD5039C501: uid=108 from=logcheck Mar 20 19:01:37 aesop postfix/cleanup[3115]: CAD5039C501: message-id=[EMAIL PROTECTED] Mar 20 19:01:37 aesop postfix/qmgr[2017]: CAD5039C501: from=[EMAIL PROTECTED], size=16428, nrcpt=1 (queue active) Mar 20 19:01:38 aesop postfix/local[3119]: CAD5039C501: to=[EMAIL PROTECTED], orig_to=root, relay=local, delay=0.32, delays=0.1 8/0.07/0/0.07, dsn=2.0.0, status=sent (delivered to maildir) Mar 20 19:01:38 aesop postfix/qmgr[2017]: CAD5039C501: removed Mar 20 19:02:20 aesop postfix/master[2010]: warning: process /usr/lib/postfix/smtpd pid 3957 exit status 127 Mar 20 19:02:20 aesop postfix/master[2010]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling Mar 20 19:03:20 aesop postfix/master[2010]: warning: process /usr/lib/postfix/smtpd pid 3983 exit status 127 Mar 20 19:03:20 aesop postfix/master[2010]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling ... Can you post the result of postconf -n ? that shows the actual working parameters used by postfix. From the logs I guess (uneducated guess) that the problem is not in the postfix core but in one or more of the child processes (spam/virus checker or greylistng). -- Random Quotes From Megas XLR Coop: You see? The mysteries of the Universe are revealed when you break stuff. Jamie: When in doubt, blow up a planet. Kiva: It's an 80 foot robot, if we can't see it, absolutely it's not here. Glorft Technician: Unnecessary use of force in capturing the Earthers has been approved. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: broken upgrade of postfix_2.3.7-3 - 2.3.8-2 (etch)
Mihira Fernando wrote:
Michael Shuler wrote:
Mar 20 19:03:20 aesop postfix/master[2010]: warning: process
/usr/lib/postfix/smtpd pid 3983 exit status 127
Mar 20 19:03:20 aesop postfix/master[2010]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
I have also not been able to find any reference in the postfix source
for exit code 127.
Can you post the result of postconf -n ? that shows the actual working
parameters used by postfix.
From the logs I guess (uneducated guess) that the problem is not in the
postfix core but in one or more of the child processes (spam/virus
checker or greylistng).
I am not using virus checking and only using an rbl check and postgrey.
Thanks for looking.
Kind Regards,
Michael
$ postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mailbox_command =
mailbox_size_limit = 0
mydestination = $myhostname, /etc/postfix/virtual/domains
myhostname = aesop.pbandjelly.org
mynetworks = 127.0.0.0/8
myorigin = /etc/mailname
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination, reject_rbl_client
sbl-xbl.spamhaus.org, check_policy_service inet:127.0.0.1:6,
reject_unauth_pipelining
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain
smtpd_tls_cert_file = /etc/ssl/certs/mail.pbandjelly.org.cert
smtpd_tls_key_file = /etc/ssl/private/mail.pbandjelly.org.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: broken upgrade of postfix_2.3.7-3 - 2.3.8-2 (etch)
Michael Shuler wrote:
Mihira Fernando wrote:
Michael Shuler wrote:
Mar 20 19:03:20 aesop postfix/master[2010]: warning: process
/usr/lib/postfix/smtpd pid 3983 exit status 127
Mar 20 19:03:20 aesop postfix/master[2010]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
I have also not been able to find any reference in the postfix source
for exit code 127.
Can you post the result of postconf -n ? that shows the actual working
parameters used by postfix.
From the logs I guess (uneducated guess) that the problem is not in the
postfix core but in one or more of the child processes (spam/virus
checker or greylistng).
I am not using virus checking and only using an rbl check and postgrey.
Thanks for looking.
Kind Regards,
Michael
$ postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mailbox_command =
mailbox_size_limit = 0
mydestination = $myhostname, /etc/postfix/virtual/domains
myhostname = aesop.pbandjelly.org
mynetworks = 127.0.0.0/8
myorigin = /etc/mailname
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
btree ?
smtpd_banner = $myhostname ESMTP
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination, reject_rbl_client
sbl-xbl.spamhaus.org, check_policy_service inet:127.0.0.1:6,
Is postfix-policyd ?
reject_unauth_pipelining
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain
smtpd_tls_cert_file = /etc/ssl/certs/mail.pbandjelly.org.cert
smtpd_tls_key_file = /etc/ssl/private/mail.pbandjelly.org.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
again the btree
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
Do you have btree support installed for postfix ? As I recall, the
smtp(d)_session_cache_database parameters are in the default main.cf
file but btree support is _not_ installed by default.
If you're not using these 2 parameters I suggest you comment them out
and reload postfix.
Also I assume you got postfix-policyd on 127.0.0.1:6 ? it is fully
operational right ?
--
Random Quotes From Megas XLR
Coop: You see? The mysteries of the Universe are revealed when you break
stuff.
Jamie: When in doubt, blow up a planet.
Kiva: It's an 80 foot robot, if we can't see it, absolutely it's not here.
Glorft Technician: Unnecessary use of force in capturing the Earthers
has been approved.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: broken upgrade of postfix_2.3.7-3 - 2.3.8-2 (etch)
Mihira Fernando wrote:
Do you have btree support installed for postfix ? As I recall, the
smtp(d)_session_cache_database parameters are in the default main.cf
file but btree support is _not_ installed by default.
If you're not using these 2 parameters I suggest you comment them out
and reload postfix.
I thought btree was berkley db, which is installed, but I could be wrong
there - I have not found any promising looking packages when apt-cache
searching for btree or postfix, so I am not sure what those might be.
I reinstalled 2.3.8, commented out the btree lines, reloaded, and have
the same behavior as previously with the same warnings.
#smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
Also I assume you got postfix-policyd on 127.0.0.1:6 ? it is fully
operational right ?
postgrey is listening on 127.0.0.1:6 and has been functioning
properly under 2.3.7.
To rule out all the variables, I left the btree lines commented out,
commented out my check_policy_service, set smtpd_use_tls=no, and
restarted. This works fine.
I then added the check_policy_service line back, to re-add postgrey into
the mix, restarted, and this works fine.
When I add back smtpd_use_tls=yes and restart, then I have problems..
From looking at the changelog entry and my trials, this does appear to
be an issue with the current libssl/openssl 0.9.8c-4 that I am hitting -
the postfix changelog states:
20070225
Workaround: Disable SSL/TLS ciphers when the underlying symmetric
algorithm is not available in the OpenSSL crypto library at the required
bit strength. Problem observed with SunOS 5.10's bundled OpenSSL 0.9.7
and AES 256. Also possible with OpenSSL 0.9.8 and CAMELLIA 256. Root
cause fixed in upcoming OpenSSL 0.9.7m, 0.9.8e and 0.9.9 releases.
Kind Regards,
Michael
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: broken upgrade of postfix_2.3.7-3 - 2.3.8-2 (etch)
Michael Shuler wrote:
Mihira Fernando wrote:
Do you have btree support installed for postfix ? As I recall, the
smtp(d)_session_cache_database parameters are in the default main.cf
file but btree support is _not_ installed by default.
If you're not using these 2 parameters I suggest you comment them out
and reload postfix.
I thought btree was berkley db, which is installed, but I could be wrong
there - I have not found any promising looking packages when apt-cache
searching for btree or postfix, so I am not sure what those might be.
I reinstalled 2.3.8, commented out the btree lines, reloaded, and have
the same behavior as previously with the same warnings.
#smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
Also I assume you got postfix-policyd on 127.0.0.1:6 ? it is fully
operational right ?
postgrey is listening on 127.0.0.1:6 and has been functioning
properly under 2.3.7.
To rule out all the variables, I left the btree lines commented out,
commented out my check_policy_service, set smtpd_use_tls=no, and
restarted. This works fine.
I then added the check_policy_service line back, to re-add postgrey into
the mix, restarted, and this works fine.
When I add back smtpd_use_tls=yes and restart, then I have problems..
From looking at the changelog entry and my trials, this does appear to
be an issue with the current libssl/openssl 0.9.8c-4 that I am hitting -
the postfix changelog states:
20070225
Workaround: Disable SSL/TLS ciphers when the underlying symmetric
algorithm is not available in the OpenSSL crypto library at the required
bit strength. Problem observed with SunOS 5.10's bundled OpenSSL 0.9.7
and AES 256. Also possible with OpenSSL 0.9.8 and CAMELLIA 256. Root
cause fixed in upcoming OpenSSL 0.9.7m, 0.9.8e and 0.9.9 releases.
Kind Regards,
Michael
Glad you found the problem. So its with libssl/openssl.
However I got Postfix 2.3.3 with openssl 0.9.8c and the same setup and
that is working without a hitch..
--
Random Quotes From Megas XLR
Coop: You see? The mysteries of the Universe are revealed when you break
stuff.
Jamie: When in doubt, blow up a planet.
Kiva: It's an 80 foot robot, if we can't see it, absolutely it's not here.
Glorft Technician: Unnecessary use of force in capturing the Earthers
has been approved.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
