Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
 
Go Back   Zimbra - Forums > Zimbra Collaboration Suite > Administrators
Reload this Page New Installation Postifix Problem

Welcome to the Zimbra - Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 05-06-2007, 03:34 PM
Member
  
Posts: 11
Default New Installation Postifix Problem
Hi,

I've banged this around for a bit now and really can not find any clean answers or new things to try. I've tried just about everything I've found in the forums ("that I've found" being key I hope)

Issue: SMTP AUTH: I can not auth for smtp in any of 25:TLS or 465:SSL (auth for client protocols are fine (POP/IMAP) thus my suspicion of postfix and things immediately postfix connected.

Issue One Log snip of auth attempts:
May 6 16:05:34 mail postfix/smtpd[2888]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
May 6 16:05:34 mail postfix/smtpd[2888]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
May 6 16:05:34 mail postfix/smtpd[2888]: warning: SASL authentication failure: no secret in database
May 6 16:05:34 mail postfix/smtpd[2888]: warning: mail.tradecaptureotc.com[172.16.249.163]: SASL NTLM authentication failed
May 6 16:05:34 mail postfix/smtpd[2888]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
May 6 16:05:34 mail last message repeated 4 times
May 6 16:05:34 mail postfix/smtpd[2888]: warning: SASL authentication failure: Password verification failed
May 6 16:05:34 mail postfix/smtpd[2888]: warning: mail.tradecaptureotc.com[172.16.249.163]: SASL PLAIN authentication failed
May 6 16:05:34 mail postfix/smtpd[2888]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
May 6 16:05:34 mail last message repeated 5 times
May 6 16:05:34 mail postfix/smtpd[2888]: warning: mail.tradecaptureotc.com[172.16.249.163]: SASL LOGIN authentication failed
May 6 16:05:45 mail postfix/smtpd[2888]: lost connection after AUTH from mail.tradecaptureotc.com[172.16.249.163]

There is no other postfix running. The sasl libs should be zimbras (how to verify with certainty?) Postfix appears to be auth enabled (it wouldn't be trying otherwise would it?)

The fact that it seems to be looking for a sleepycat in /etc and not ldap (your sasl is complied to ldap yes?) makes me think the wrong sasl libs are linked in or the sys lib has a jump on it.

Any body have anything to try that might shake this cat free?

Thanks,

Randy
Reply With Quote
  #2 (permalink)  
Old 05-06-2007, 05:30 PM
Member
  
Posts: 11
Default ldd for smtp doesn't look good
Sorry about the dupe post.

Anyway.. I answered my own question; ldd on smtpd shows system sasl lib.

# ldd smtpd
linux-gate.so.1 => (0xffffe000)
libpcre.so.3 => /usr/lib/libpcre.so.3 (0xb7ef8000)
libldap-2.3.so.0 => /opt/zimbra/lib/libldap-2.3.so.0 (0xb7ebc000)
liblber-2.3.so.0 => /opt/zimbra/lib/liblber-2.3.so.0 (0xb7eaf000)
libmysqlclient.so.15 => /usr/lib/libmysqlclient.so.15 (0xb7cce000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7cba000)
libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7c93000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7c7c000)
libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7c65000)
libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7c24000)
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7ae2000)
libnsl.so.1 => /lib/tls/i686/cmov/libnsl.so.1 (0xb7acb000)
libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7ab8000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7977000)
libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7948000)
/lib/ld-linux.so.2 (0xb7f1a000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7944000)
Reply With Quote
  #3 (permalink)  
Old 05-06-2007, 05:45 PM
Member
  
Posts: 11
Default maybe not sys SASL - zimbra SASL
That ldd was run as root. How can I verify the runtime lib is correct?

I have to be somewhat careful as there is another runtime requirement for this library. The system lib is one rev up too.

Is this the right track? If I move out the system lib is the probability high that this will fix smtpd auth?
Reply With Quote
  #4 (permalink)  
Old 05-06-2007, 06:31 PM
Member
  
Posts: 11
Default Can not remove sys lib sasl
Hi,

Confirmed wrong sasl lib. Now I really do have a problem. I cannot move out the system sasl library. How can I effectively set LD_LIBRARY_PATH rules on the postfix installation binaries.. ??

So How to direct postfix to the appropriate libraries?

Anybody? Anyone? Beuller?
Reply With Quote
  #5 (permalink)  
Old 12-19-2007, 10:28 AM
Intermediate Member
  
Posts: 18
Default NTLM listed by MTA but not available
I get the following errors trying to send mail from my PDA:

Dec 19 11:41:05 mail postfix/smtpd[22877]: connect from 109.sub-75-197-165.myvzw.com[75.197.165.109]
Dec 19 11:41:05 mail postfix/smtpd[22877]: setting up TLS connection from 109.sub-75-197-165.myvzw.com[75.197.165.109]
Dec 19 11:41:05 mail postfix/smtpd[22877]: TLS connection established from 109.sub-75-197-165.myvzw.com[75.197.165.109]: SSLv3 with cipher RC4-MD5 (128/128 bits)
Dec 19 11:41:07 mail postfix/smtpd[22877]: warning: 109.sub-75-197-165.myvzw.com[75.197.165.109]: SASL NTLM authentication failed
Dec 19 11:41:07 mail postfix/smtpd[22877]: disconnect from 109.sub-75-197-165.myvzw.com[75.197.165.109]

A test of server capabilities shows NTLM is supported by Zimbra:

SMTP server: X.X.X.X
[s] 220 host.domain ESMTP Postfix
[C] EHLO localhost
[s] 250-host.domain
[s] 250-PIPELINING
[s] 250-SIZE 1048576000
[s] 250-VRFY
[s] 250-ETRN
[s] 250-STARTTLS
[s] 250-AUTH NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
[s] 250-AUTH=NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
[s] 250 8BITMIME
[C] STARTTLS
[s] 220 Ready to start TLS
Cipher: DHE-RSA-AES256-SHA
Certificate information:
Subject: /C=US/ST=N/A/O=Zimbra Collaboration Suite/CN=host.domain
Issuer: /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite
[C] EHLO localhost
[s] 250-host.domain
[s] 250-PIPELINING
[s] 250-SIZE 1048576000
[s] 250-VRFY
[s] 250-ETRN
[s] 250-AUTH NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
[s] 250-AUTH=NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
[s] 250 8BITMIME
[C] QUIT
[s] 221 Bye

I have no use nor need for NTLM, but my PDA prefers NTLM during negotiation and I cannot configure WinMobile6 not to use it if it thinks NTLM is available. I saw bug/rfe 8945, but I just want Zimbra not to list NTLM for authentication. I only see the "Enable authentication" and "TLS authentication only" check boxes on the MTA tab of the Zimbra admin page for global settings. Any configuration pointers would be great.

Thanks!

Blaine
Reply With Quote
  #6 (permalink)  
Old 10-27-2008, 11:24 AM
Senior Member
  
Posts: 52
Default
This just echo's izmarine's point about not seeing any way to not list NTLM for authentication but from the CLI. The following command shows more options than "Enable authentication" and "TLS authentication only" but do not have anything related to NTLM:

zmprov gs $server | grep -i auth
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

Zimbrablog.com


Home - Blog - Contact Us - Archive - Top


 

Search Engine Optimization by vBSEO 3.1.0