Thread: [SOLVED] Unable to send mail via SMTP+TLS+Auth
View Single Post
  #19 (permalink)  
Old 11-22-2007, 06:03 PM
Centurion Centurion is offline
Active Member
  
Posts: 37
Smile Fixed!!
After pulling my hair out I decided to use "strace" and map out just what was happenning with the system calls while Postfix was trying to carry out authenticated SMTP. What struck me was Postfix was reading sasl libraries from /usr/lib, not /opt/zimbra...(see attched traces). After further investigation it became obvious salsauthd wasn't loading correctly due to broken library paths. Zimbra runs cyrus-sasl 2.1.22.3 (Zimbra 4.5.10_GA) BUT Ubuntu 6.06LTS system libraries (under /usr/lib) use 2.1.19. This lead to Zimbra's sasl loading a version of the libraries it wsn't linked against (same problem with postfix) and the link between Postfix and saslauthd was broken.

The fix was painfully simple: re-order the library search path in /etc/ld.so.conf so the zimbra directories are searched first:

Original /etc/ld.so.conf
Code:
/lib
/usr/lib
/usr/local/lib/opt/zimbra/lib
/opt/zimbra/sleepycat/lib
/opt/zimbra/openldap/lib
/opt/zimbra/cyrus-sasl/lib
Modified (working) /etc/ld.so.conf
Code:
/opt/zimbra/lib
/opt/zimbra/sleepycat/lib
/opt/zimbra/openldap/lib
/opt/zimbra/cyrus-sasl/lib
/lib
/usr/lib
/usr/local/lib
After this modification, I simply refreshed the library cache with "sudo ldconfig" then restarted Zimbra. Sure enough SMTP+TLS+Auth works!

This thread has highlighted some problems with the installer on Ubuntu 6.06LTS:
  1. The default /etc/hosts file is not "Zimbra friendly".
  2. IPv6 is enabled by default during Ubuntu installation - aparently this should be disabled for Zimbra to function correctly.
  3. The library search path is wrong resulting in sasl auth failure. This needs to be set either globally (as I did) or specicially at run-time by the Zimbra start scripts

Should I raise bugs for these or do one of the Zimbra staff want to handle this?

Either way, this is SOLVED! Unfortunately there was very little Zimbra support could do in this case unless they had direct access to the box I am using, however, I've tried to be as verbose and precise as possible during the fault-finding and resolution stages to allow them, and others, to adequately diagnose similar problems in future.

BEWARE!!
Changing the library search order as I have described here will very likely break other applications on the system that use libraries with the same names (eg, sasl2 etc). I ran into problems with Apache unable to load the Zimbra sasl libraries. I worked around it by manually exporting the correct "LD_LIBRARY_PATH=..." at the top of the /etc/init.d/apache2 script. Ideally, the Zimbra developers should use this technique (ie, "export LD_LIBRARY_PATH") in Zimbra's startup scripts to ensure the correct library path, rather than forcing admins to break the bundled OS packages (by fudging the /etc/ld/so.conf file)in order to gain proper functionality of Zimbra under Ubuntu 6.06LTS.
Attached Files
File Type: tgz postfix-strace.tgz (8.6 KB, 6 views)
Last edited by Centurion : 11-22-2007 at 08:26 PM. Reason: Added warning about modifying the ld.so.conf file.
Reply With Quote