When clients try to use SASL auth the smtpd process gets a signal 11. If I alter /etc/postfix/master.cf to run smtpd with -v I get:
postfix/smtpd[13451]: match_hostname: client.host.fqdn ~? xxx.xxx.xxx. 0/22
postfix/smtpd[13451]: match_hostaddr: xx.xxx.xxx.xx ~? xxx.xxx.xxx.0/22postfix/smtpd[13451]: > client.host.fqdn[xx.xxx.xxx.xx]: 220 server.host.fqdn ESMTP Postfix postfix/smtpd[13451]: < client.host.fqdn[xx.xxx.xxx.xx]: EHLO [xx.xxx.xxx.xx] postfix/smtpd[13451]: > client.host.fqdn[xx.xxx.xxx.xx]: 250- server.host.fqdn
postfix/smtpd[13451]: > client.host.fqdn[xx.xxx.xxx.xx]: 250-PIPELININGpostfix/smtpd[13451]: > client.host.fqdn[xx.xxx.xxx.xx]: 250-SIZE 20480000
postfix/smtpd[13451]: > client.host.fqdn[xx.xxx.xxx.xx]: 250-VRFY postfix/smtpd[13451]: > client.host.fqdn[xx.xxx.xxx.xx]: 250-ETRNpostfix/smtpd[13451]: > client.host.fqdn[xx.xxx.xxx.xx]: 250-AUTH GSSAPI PLAIN NTLM LOGIN DIGEST-MD5 CRAM-MD5
postfix/smtpd[13451]: match_list_match: client.host.fqdn: no match postfix/smtpd[13451]: match_list_match: xx.xxx.xxx.xx: no matchpostfix/smtpd[13451]: > client.host.fqdn[xx.xxx.xxx.xx]: 250- AUTH=GSSAPI PLAIN NTLM LOGIN DIGEST-MD5 CRAM-MD5 postfix/smtpd[13451]: > client.host.fqdn[xx.xxx.xxx.xx]: 250- ENHANCEDSTATUSCODES
postfix/smtpd[13451]: > client.host.fqdn[xx.xxx.xxx.xx]: 250-8BITMIME postfix/smtpd[13451]: > client.host.fqdn[xx.xxx.xxx.xx]: 250 DSNpostfix/smtpd[13451]: < client.host.fqdn[xx.xxx.xxx.xx]: AUTH GSSAPI <AuthDataHere> postfix/smtpd[13451]: xsasl_cyrus_server_first: sasl_method GSSAPI, init_response <AuthDataHere> postfix/smtpd[13451]: xsasl_cyrus_server_first: decoded initial response `?????*?H???????
postfix/smtpd pid 13451 killed by signal 11 postfix/smtpd: bad command startup -- throttlingI don't have the older Postfix packages (2.3.4-2) available to attempt downgrading. I have attempted downgrading the libsasl* and sasl2-bin packages without success. I have also tried rebuilding the cyrus-sasl2 dev packages and then rebuilding Postfix using those sources.
Output of 'postconf -n': alias_database = hash:/etc/aliases alias_maps = ldap:aliasdirectory append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 import_environment = KRB5_KTNAME=/etc/postfix/postfix.keytab inet_interfaces = all mailbox_size_limit = 0 mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp message_size_limit = 20480000mydestination = mydomain.here, mail.mydomain.here, server2.mydomain.here, server.mydomain.here, localhost.mydomain.here, localhost
myhostname = server.mydomain.here mynetworks = 127.0.0.0/8, xxx.xxx.xxx.0/22, xxx.xxx.xxx.xxx/26 myorigin = /etc/mailname recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_namesmtpd_client_restrictions = permit_mynetworks check_client_access hash:/etc/postfix/banned_ips reject_rbl_client relays.ordb.org permit smtpd_data_restrictions = check_policy_service unix:private/ maillistpolicy reject_unauth_pipelining reject_multi_recipient_bounce permit
smtpd_delay_reject = yes smtpd_etrn_restrictions = permit_mynetworks reject smtpd_helo_required = yessmtpd_helo_restrictions = permit_mynetworks reject_invalid_hostname reject_non_fqdn_sender permit smtpd_recipient_restrictions = reject_unknown_sender_domain reject_unknown_recipient_domain permit_sasl_authenticated reject_non_fqdn_recipient reject_non_fqdn_sender permit_mynetworks reject_unauth_destination check_recipient_access hash:/etc/postfix/recipient_access check_policy_service inet:127.0.0.1:60000 check_policy_service unix:private/spfpolicy check_recipient_access hash:/etc/postfix/ filtered_domains permit
smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = mydomain.here smtpd_sasl_security_options = noanonymoussmtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated reject_unknown_sender_domain reject_non_fqdn_sender reject_unknown_address check_sender_access hash:/etc/postfix/sender_address permit
smtpd_tls_CAfile = /etc/ssl/certs/sf_issuing.crt smtpd_tls_cert_file = /etc/ssl/certs/mail.mydomain.here.crt smtpd_tls_key_file = /etc/ssl/certs/mail.mydomain.here.key smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_use_tls = yes strict_rfc821_envelopes = yes tls_random_source = dev:/dev/urandom If anyone has any insight on this I would greatly appreciate it. Thanks, -Justin
Attachment:
smime.p7s
Description: S/MIME cryptographic signature