On Tue, Mar 11, 2014 at 10:11:23PM +0000, Tom Furie wrote: > On Tue, Mar 11, 2014 at 07:36:55PM +0100, Tazman Deville wrote: > > > There are few users on either server, and all I've tested are unable to > > send mail. > > In both servers, there is 1 mail DB for both dovecot and postfix, yes. > > If both dovecot and postfix are using the same authentication mechanism > it's very odd that only one of them works. In the end, we determined it was a problem with libmysqlclient18 and pam-mysql. Only postfix needs the pam module (dovecot does not). > > While exploring this I've discovered that there are no Debian packages > of mariadb except in sid. Which repository are you using for these > packages, Arch? The MariaDB project maintains repos for us. See https://downloads.mariadb.org/mariadb/repositories/#mirror=syringa&distro=Debian > > My best guess about the timing of the failure would be that while > mysql/mariadb was upgraded on the 4th, the service wasn't actually > restarted until you were having the load issues. You know, that makes sense. > > > Ah! Perhaps this will be useful. > > I just logged in with mutt, received mail, and tried to send one > > message, and get this from tail auth.log: > > > > Mar 11 19:33:32 myownsite postfix/smtpd[32642]: sql plugin Parse the > > username taz@liberame.org > > Mar 11 19:33:32 myownsite postfix/smtpd[32642]: sql plugin try and > > connect to a host > > Mar 11 19:33:32 myownsite postfix/smtpd[32642]: sql plugin trying to > > open db 'mail' on host '127.0.0.1' > > Mar 11 19:33:32 myownsite saslauthd[1850]: PAM unable to > > dlopen(pam_mysql.so): /lib/security/pam_mysql.so: symbol > > make_scrambled_password, version libmysqlclient_18 not defined in file > > libmysqlclient.so.18 with link time reference > > Mar 11 19:33:32 myownsite saslauthd[1850]: PAM adding faulty module: > > pam_mysql.so > > Mar 11 19:33:32 myownsite saslauthd[1850]: DEBUG: auth_pam: > > pam_authenticate failed: Module is unknown > > Mar 11 19:33:32 myownsite saslauthd[1850]: do_auth : auth > > failure: [user=taz@liberame.org] [service=smtp] [realm=liberame.org] > > [mech=pam] [reason=PAM auth error] > > Mar 11 19:33:37 myownsite mutt: DIGEST-MD5 common mech free > > Mar 11 19:33:40 myownsite sudo: tazman : TTY=pts/0 ; PWD=/var/log ; > > USER=root ; COMMAND=/usr/bin/tail auth.log > > Mar 11 19:33:40 myownsite sudo: pam_unix(sudo:session): session opened > > for user root by tazman(uid=0) > > If pam_mysql support has been dropped in the latest version of mariadb, > you could try running an older version which does have support. > Alternatively you could find out what mechanisms the new version > supports and change your system accordingly. This is what we ended up doing, rolling back to an older version of mariadb, libmysqlclient18, etc. I posted the relevant instructions (where to get the older pkgs, etc.) earlier. Both Taz' server and the other are both sending mail again (I'm sending this message from the office server. Taz rents a VPS on another server of mine, and we co-admin some sites). Tony -- https://tonybaldwin.info art, music, software by me, tony 3F330C6E
Attachment:
signature.asc
Description: Digital signature