|
So I'm writing this post because it annoys me to get burned by such a stupid problem and I want it written down somewhere so the next time 10 years from now that I decide to reinstall Gentoo and run my mail server on it, I'll know why I can't successfully do SMTP authentication. Background:I've been hosting my own mail for a while now. I've had a pretty decently built tower case server built by Kingstar USA and it has been running non-stop since like 2003. It's gone through some iterations and at some point about 6 or 7 years ago I consolidate a bunch of services onto this server and installed Postfix, Courier, Postgres, and Cyrus-SASL in order for postfix to do SMTP auth. I previously had been using Cyrus for my IMAP/POP3/Auth entirely but I wasn't very happy with it so I decided to migrate to Courier and followed this guide. I remember there being some configuration pains but I didn't document any of them and was just happy that everything's working. Fast forward to a month or so ago and the power supply on the server died, the first non-harddrive related hardware malfunction in 15 something years. I rush to buy a new one and install it and it turned back on but became increasingly flakey ever since; reboots randomly, turns itself off randomly, sometimes having to powercycle a few times before it finally boots, among some of the more serious afflictions. So that meant it was time for an upgrade. Kingstar only builds rackmounts these days so I had to find another source for a higher end powerful desktop that had the cheapest possible graphics, a certain amount of RAM, several gigabit ethernet interfaces, configurable drives and no OS. After getting some quotes I settled on Thinkmate. There was some issues, they were kind of slow although this was over the holiday season, and the first server they sent me didn't work (not exactly a good start) but I finally got Gentoo installed and started the arduous process of migrating all the files, packages, and configuration settings to the new box. This thing does a dozen other things aside from email so it took a while and I wanted to be thorough. Miraculously, everything worked after the first reboot, except for email. The Problems:The first problem was not being able to authenticate to IMAP or POP3. It was related to STARTTLS. I configured an SSL port and was able to log in that way but all of my other users are still using STARTTLS from the 443 port so I had to fix this. The problem?
Turns out Courier couldn't initialize a TLS handshake without it. With the dhparams, Courier was able to STARTTLS and everyone was able to log in and check their email. Then another problem surfaced: I wasn't able to send email through SMTP. I have it setup so that when you try to issue AUTH in postfix, it'll use SASL (Cyrus) and SASL will pass the request through to Authdaemond (Courier-Authlib). This was working fine on the old machine but I was getting these errors in the logs:
This seemed to indicate that postfix and SASL couldn't talk to Courier. I made sure the socket was accessible to the postfix user. I even tried compiling a newer version of cyrus-sasl that had a postgres sql bug fixed but got a different error message that said essentially the same thing; couldn't connect to any host. After a little more digging around and reading forums and documentation, I noticed this bit in the same guide that started me on this journey in the section about installing cyrus-sasl and its USE flags:
And I had all of the sql related USE flags set in cyrus-sasl since that was what the global flags were set to use. I added this to my /etc/portage/package.use:
recompiled it and restarted and it's fixed. So to my future self that decided to continue the Gentoo+Postfix+SASL+Courier+Postgres thing: don't compile cyrus-sasl with SQL support. Maybe this annoyance will go away the next time I had to configure this. |
Filed under: Computers