cyrus-sasl looking to /usr/lib/libsasl2*

[robertl]

Is there a way to tell Zimbra to look toward it's own sasl libraries instead of the Ubuntu /usr/lib/libsasl2 libs?

Zimbra 4.0.5 Ubuntu

Code:

root@blueline:/var/log# lsof -i tcp:25
COMMAND   PID    USER   FD   TYPE  DEVICE SIZE NODE NAME

smtpd     326 postfix    6u  IPv4 1291575       TCP *:smtp (LISTEN)


root@blueline:/var/log# pmap 326 |grep sasl2.so
b7da4000     76K r-x--  /usr/lib/libsasl2.so.2.0.19
b7db7000      4K rw---  /usr/lib/libsasl2.so.2.0.19

root@blueline:/var/log# cat /etc/ld.so.conf
/lib
/usr/lib
/var/lib
/opt/zimbra/lib
/opt/zimbra/sleepycat/lib
/opt/zimbra/openldap/lib
/opt/zimbra/cyrus-sasl/lib

I believe this to be the cause of broken T-Bird, Outlook and Goldmine client connections.

The error on connect form Thunderbird;

"Sending of message Failed.

The message could not be sent because connecting to the SMTP server mail.hackme.com failed. The server may be unavailable or is refusing SMTP connections. Please verify that your SMTP server setting is correct and try again, or else contact your network administrator."

I see this in my /var/log/zimbra.log (edited /etc/syslog.conf auth.* -/var/log/zimbra.log);

Jan 23 21:44:24 blueline postfix/smtpd[354]: setting up TLS connection from ip-addr-here[ip.addr.here]
Jan 23 21:44:26 blueline postfix/smtpd[354]: TLS connection established from ip-addr-here[ip.addr.here]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)

No other errors to go on (that I am aware of). /opt/zimbra/log/zimbra.log seems happy.

Client settings are good. I can connect to a TLS enabled postfix on port 25 with it on another box (non Zimbra).

Webmail is working as expected.

Hope the above is helpful.

Thanks.
Bob

[robertl]

watching the rather quickly filling (unbelievable amount of spambots hitting this box =) /var/log/zimbra.log I think I am seeing SMTP die off with the attempt.

Code:

Jan 23 22:28:17 blueline postfix/smtpd[8361]: TLS connection established from ip-addr-here.hackme.com[ip.addr.here]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jan 23 22:28:18 blueline postfix/master[32616]: warning: process /opt/zimbra/postfix-2.2.9/libexec/smtpd pid 8361 killed by signal 11

Again,

Code:

Jan 23 22:35:05 blueline postfix/smtpd[11230]: TLS connection established from ip-addr-here.hackme.com[ip.addr.here]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jan 23 22:35:06 blueline postfix/master[32616]: warning: process /opt/zimbra/postfix-2.2.9/libexec/smtpd pid 11230 killed by signal 11

Resilient thing though. Keeps coming back like a trooper.

Could this be the result of Zimbra using the wrong libs?

Thanks.

[anand]

we take care of this on the headgear flavors of Linux by adding to /etc/ld.so.conf.d/zimbra.ld.conf the path our SASL libraries (amongst other things). If this is not working on Ubuntu, please file a bug.

[robertl]

Aside from being an earlier version and on FC5 that bug seems to be the same.

http://bugzilla.zimbra.com/show_bug.cgi?id=9727

Code:

su - zimbra
./bin/zmsaslauthctl status

Returns "crickets" on this host as well.

saslauthd is running however. Just no connect. Do you still recommend filing the bug report?

Thanks,
Bob

[robertl]

bug # 14090

Thanks for the direction.

[robertl]

While I await bug team review of this issue, is it possible to point Zimbra in the right direction as far as the sasl libs are concerned?

Thanks

[jholder]

Have you tried installing 4.5.2?

-john

[robertl]

I am attempting to avoid re-install as it represents a significant amount of time and potential for mail loss. I am just wondering if it is possible to point the install toward the right libs.

Thanks.

[brian]

change the order of ld.so.conf so the zimbra libs come before the system libraries and rerun /sbin/ldconfig.

If the system is only running zimbra the other option is to remove the systems sasl libraries so they don't conflict.

-bp

[robertl]

I did as directed. I moved all the Zimbra lib entries to be read first in ld.so.conf and ran /sbin/ldconfig. Web mail still works, Thunderbird was denied, but the errors about the wrong libs vanished.

I connected to the host with netcat

Code:

robertl@pele:~$ nc domain-name.com 25
220 blueline.domain-name.com ESMTP Postfix
helo blueline
250 blueline.domain-name.com
starttls
220 Ready to start TLS

With some more reading about postfix I will take nc testing further and see if I can't get you some more info. I think it's using the correct libs now. I am still seeing the auth logging but the libsasl errors are no longer showing.

Thoughts?

Thank you,
Bob