Discussion:
looking for plugins in '/usr/lib/sasl2', failed to open directory,
(too old to reply)
Udo Rader
18 years ago
Permalink
hi,

after a recent upgrade of a log analyzer it has started warning about
log entries like these:

---------CUT----------
Mar 8 06:03:22 cerberus postfix/trivial-rewrite[6525]: looking for
plugins in '/usr/lib/sasl2', failed to open directory, error: No such
file or directory
Mar 8 06:03:22 cerberus postfix/smtpd[6529]: looking for plugins in
'/usr/lib/sasl2', failed to open directory, error: No such file or
directory
Mar 8 06:03:22 cerberus postfix/cleanup[6530]: looking for plugins in
'/usr/lib/sasl2', failed to open directory, error: No such file or
directory
---------CUT----------

Now /usr/lib/sasl2 exists (and contains some files) but that directory
should be irrelevant anyhow because we use dovecot-sasl for
authentication. After reviewing the logs similar log entries have
already been generated for some time now, but nobody has found anything
broken so far.

Any ideas?

---------CUT----------
% postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_mail_to_commands = alias,forward,include
allow_mail_to_files = alias,forward,include
anvil_rate_time_unit = 30s
append_dot_mydomain = no
biff = no
body_checks = pcre:/etc/postfix/no_image_spam
body_checks_size_limit = 204800
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[10.15.3.5]:10026
daemon_directory = /usr/lib/postfix
disable_vrfy_command = yes
header_checks = pcre:/etc/postfix/badguys_table
inet_interfaces = 81.16.98.99 127.0.0.1
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
message_size_limit = 51200000
mydestination = bestsolution.at, mail.bestsolution.at, localhost,
besor.cc
myhostname = mail.bestsolution.at
mynetworks = 81.16.98.96/28, 10.15.3.0/24
myorigin = /etc/mailname
recipient_delimiter =
relayhost =
setgid_group = postdrop
smtp_bind_address = 81.16.98.99
smtpd_client_message_rate_limit = 20
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_rbl_client list.dsbl.org,
reject_rbl_client zen.spamhaus.org, reject_rbl_client
dsn.rfc-ignorant.org, reject_rbl_client dnsbl.sorbs.net,
reject_unauth_pipelining, reject_invalid_hostname,
check_client_access hash:/etc/postfix/client_checks,
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, check_helo_access
pcre:/etc/postfix/helo, reject_unauth_pipelining
smtpd_recipient_restrictions = permit_sasl_authenticated,
reject_unauth_pipelining, reject_non_fqdn_recipient,
permit_mynetworks, check_sender_mx_access
cidr:/etc/postfix/reject_private_mx.cidr,
reject_unknown_recipient_domain, reject_unauth_destination,
check_policy_service inet:127.0.0.1:60000, check_recipient_access
hash:/etc/postfix/recipient_checks, permit_mx_backup
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated,
reject_non_fqdn_sender, check_sender_access
hash:/etc/postfix/sender_checks, reject_unknown_sender_domain,
reject_unlisted_sender, reject_unauth_pipelining
strict_rfc821_envelopes = yes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
virtual_gid_maps = static:8
virtual_mailbox_base = /
virtual_mailbox_domains = hash:/etc/postfix/vmaildomains,
ldap:/etc/postfix/ldap-acceptdomains.cf
virtual_mailbox_limit = 512000000
virtual_mailbox_lock = dotlock
virtual_mailbox_maps = hash:/etc/postfix/vmailboxes,
ldap:/etc/postfix/ldap-vmailboxes.cf
virtual_minimum_uid = 200
virtual_uid_maps = static:200
---------CUT----------
--
Udo Rader

bestsolution.at EDV Systemhaus GmbH
http://www.bestsolution.at
MrC
18 years ago
Permalink
...
I presume this was from the logwatch postfix filter. The error messages are
an indication you have an incorrect configuration. Don't ignore it; fix
that problem.

I have also updated the postfix filter to summarize this in a single
warning. See below. Pick up the new version at:

http://www.mikecappella.com/logwatch

Review the README to assist in updating and configuring.
Post by Udo Rader
Now /usr/lib/sasl2 exists (and contains some files) but that
directory should be irrelevant anyhow because we use
dovecot-sasl for authentication. After reviewing the logs
similar log entries have already been generated for some time
now, but nobody has found anything broken so far.
Someone probably should look at the logs periodically.

MrC
----

--------------------- postfix Begin ------------------------

****** Summary
****************************************************************************
*********

3 *Warning: Server configuration error



****** Detailed
****************************************************************************
********

3 *Warning: Server configuration error
----------------------------------------------------
3 '/usr/lib/sasl2', failed to open directory, error: No such
file or directory


---------------------- postfix End -------------------------
mouss
18 years ago
Permalink
...
does postfix see it (chroot issues)? can non root users access that
directory?
Post by Udo Rader
but that directory
should be irrelevant anyhow because we use dovecot-sasl for
authentication.
try
# ldd `postconf daemon_directory`/smtpd

to see if smtpd is linked against cyrus-sasl.
Post by Udo Rader
After reviewing the logs similar log entries have
already been generated for some time now, but nobody has found anything
broken so far.
Any ideas?
Udo Rader
18 years ago
Permalink
...
Nope, I am talking about Debians logcheck here. And fixing the issue is
exactly what I want to do (that's why I was asking here :-)
--
Udo Rader

bestsolution.at EDV Systemhaus GmbH
http://www.bestsolution.at
Udo Rader
18 years ago
Permalink
Post by mouss
Post by Udo Rader
---------CUT----------
Mar 8 06:03:22 cerberus postfix/trivial-rewrite[6525]: looking for
plugins in '/usr/lib/sasl2', failed to open directory, error: No such
file or directory
---------CUT----------
Now /usr/lib/sasl2 exists (and contains some files)
does postfix see it (chroot issues)? can non root users access that
directory?
Yes, it does see it, this also was my first idea. No chrooting here, so
that cannot be a problem either ...
Post by mouss
Post by Udo Rader
but that directory
should be irrelevant anyhow because we use dovecot-sasl for
authentication.
try
# ldd `postconf daemon_directory`/smtpd
to see if smtpd is linked against cyrus-sasl.
----------CUT-----------
% ldd /usr/lib/postfix/smtpd:
/usr/lib/postfix/smtpd:
linux-gate.so.1 => (0xffffe000)
libpostfix-master.so.1 => /usr/lib/libpostfix-master.so.1
(0xb7f20000)
libpostfix-tls.so.1 => /usr/lib/libpostfix-tls.so.1 (0xb7f13000)
libpostfix-dns.so.1 => /usr/lib/libpostfix-dns.so.1 (0xb7f0e000)
libpostfix-global.so.1 => /usr/lib/libpostfix-global.so.1
(0xb7ee3000)
libpostfix-util.so.1 => /usr/lib/libpostfix-util.so.1
(0xb7eba000)
libssl.so.0.9.8 => /usr/lib/i586/libssl.so.0.9.8 (0xb7e7f000)
libcrypto.so.0.9.8 => /usr/lib/i586/libcrypto.so.0.9.8
(0xb7d57000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d40000)
libdb-4.3.so => /usr/lib/libdb-4.3.so (0xb7c5b000)
libnsl.so.1 => /lib/tls/libnsl.so.1 (0xb7c45000)
libresolv.so.2 => /lib/tls/libresolv.so.2 (0xb7c32000)
libc.so.6 => /lib/tls/libc.so.6 (0xb7afa000)
libdl.so.2 => /lib/tls/libdl.so.2 (0xb7af5000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7ae1000)
/lib/ld-linux.so.2 (0xb7f30000)
----------CUT-----------

So yes, postfix is linked against /usr/lib/libsasl2.so.2 (an thus a part
of cryus sasl).

But I don't see the point where this should come into play, because we
are not using cyrus but dovecot sasl ...

----------CUT-----------
% postconf -n | fgrep smtpd_sasl
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
----------CUT-----------
--
Udo Rader

bestsolution.at EDV Systemhaus GmbH
http://www.bestsolution.at
Wietse Venema
18 years ago
Permalink
Post by Udo Rader
Post by Udo Rader
---------CUT----------
Mar 8 06:03:22 cerberus postfix/trivial-rewrite[6525]: looking for
plugins in '/usr/lib/sasl2', failed to open directory, error: No such
file or directory
---------CUT----------
But I don't see the point where this should come into play, because we
are not using cyrus but dovecot sasl ...
Maybe some PAM module is using SASL.

Wietse
Victor Duchovni
18 years ago
Permalink
Post by Wietse Venema
Post by Udo Rader
Post by Udo Rader
---------CUT----------
Mar 8 06:03:22 cerberus postfix/trivial-rewrite[6525]: looking for
plugins in '/usr/lib/sasl2', failed to open directory, error: No such
file or directory
---------CUT----------
But I don't see the point where this should come into play, because we
are not using cyrus but dovecot sasl ...
Maybe some PAM module is using SASL.
Or libsasl2 contains code that runs when the library is loaded, and
contrary to the OP's claim (without supporting evidence in the form of
his master.cf "rewrite" entry), trivial-rewrite is indeed chrooted. The
stock entry from Postfix source is:

rewrite unix - - n - - trivial-rewrite

with the "n" in the 5th column required to disable chroot.
--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:***@postfix.org?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Udo Rader
18 years ago
Permalink
...
aaaaargh, you are so right ...

I had thought that the default for chroot was "no", but instead it is
"yes" when "-" is set ...

so sorry for the all noise :-{
--
Udo Rader

bestsolution.at EDV Systemhaus GmbH
http://www.bestsolution.at
Loading...