Loading ...
Sorry, an error occurred while loading the content.

Re: Auth/relaying issues with 2.10.0

Expand Messages
  • Jan Kohnert
    Hi, ... That might cause the problem, I really missed that. I ll check that tomorrow (it s half past one here, now), since a downgrade helped me making a
    Message 1 of 16 , Jun 4 4:34 PM
    • 0 Attachment
      Hi,

      Am Dienstag, 4. Juni 2013, 18:24:23 schrieb /dev/rob0:
      > On Wed, Jun 05, 2013 at 01:08:09AM +0200, Jan Kohnert wrote:
      > > I have recently upgraded to 2.10.0 (gentoo) and now having some
      > > issues with relaying authenticated users. I'm using dovecot sasl
      > > and according to the logs auth works fine, but however postfix
      > > thinks I do not want to relay stuff from authenticated users
      > > anymore...
      >
      > Yes. You probably missed the 2.10 release notes.
      >
      > http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
      >
      > smtpd_relay_restrictions = permit_mynetworks,
      > permit_sasl_authenticated,
      > reject_unauth_destination

      That might cause the problem, I really missed that. I'll check that tomorrow
      (it's half past one here, now), since a downgrade helped me making a hotfix…

      Thanks!

      --
      MfG Jan
    • Jan Kohnert
      Hi again, ... couldn t wait, who needs sleep… :) Things got fixes using your hint. Thanks a lot again! Hint to myself: I should read release notes more
      Message 2 of 16 , Jun 4 4:47 PM
      • 0 Attachment
        Hi again,

        Am Mittwoch, 5. Juni 2013, 01:34:13 schrieb Jan Kohnert:
        > Am Dienstag, 4. Juni 2013, 18:24:23 schrieb /dev/rob0:
        > > On Wed, Jun 05, 2013 at 01:08:09AM +0200, Jan Kohnert wrote:
        > > > I have recently upgraded to 2.10.0 (gentoo) and now having some
        > > > issues with relaying authenticated users. I'm using dovecot sasl
        > > > and according to the logs auth works fine, but however postfix
        > > > thinks I do not want to relay stuff from authenticated users
        > > > anymore...
        > >
        > > Yes. You probably missed the 2.10 release notes.
        > >
        > > http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
        > >
        > > smtpd_relay_restrictions = permit_mynetworks,
        > >
        > > permit_sasl_authenticated,
        > > reject_unauth_destination
        >
        > That might cause the problem, I really missed that. I'll check that tomorrow
        > (it's half past one here, now), since a downgrade helped me making a
        > hotfix…

        couldn't wait, who needs sleep… :)

        Things got fixes using your hint. Thanks a lot again!

        Hint to myself:
        I should read release notes more carefully.

        --
        MfG Jan
      • Wietse Venema
        Please file a bug report with your distribution. Postfix 2.10 as distributed by me will add a backwards-compatibility setting to main.cf, thusly: # postfix
        Message 3 of 16 , Jun 4 5:51 PM
        • 0 Attachment
          Please file a bug report with your distribution.

          Postfix 2.10 as distributed by me will add a backwards-compatibility
          setting to main.cf, thusly:

          # postfix upgrade-configuration
          COMPATIBILITY: editing /etc/postfix/main.cf, overriding
          smtpd_relay_restrictions to prevent inbound mail from unexpectedly
          bouncing. Specify an empty smtpd_relay_restrictions value to
          keep using smtpd_recipient_restrictions as before.

          And the backwards compatible setting is:

          # postconf smtpd_relay_restrictions
          smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination

          If your distributor has removed this backwards-compatibility safety
          net, then please tell them that they are doing their users a disservice.

          Wietse
        • Benny Pedersen
          ... lets hope 2.11 have permit_sasl_authenticated in default config, so many users here cant figure out the problems in 2.10 :) -- senders that put my email
          Message 4 of 16 , Jun 5 11:26 AM
          • 0 Attachment
            /dev/rob0 skrev den 2013-06-05 01:24:

            > http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
            >
            > smtpd_relay_restrictions = permit_mynetworks,
            > permit_sasl_authenticated,
            > reject_unauth_destination

            lets hope 2.11 have permit_sasl_authenticated in default config, so
            many users here cant figure out the problems in 2.10 :)

            --
            senders that put my email into body content will deliver it to my own
            trashcan, so if you like to get reply, dont do it
          • Benny Pedersen
            ... such gentoo users :) -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it
            Message 5 of 16 , Jun 5 11:27 AM
            • 0 Attachment
              Jan Kohnert skrev den 2013-06-05 01:34:

              > That might cause the problem, I really missed that. I'll check that
              > tomorrow
              > (it's half past one here, now), since a downgrade helped me making a
              > hotfix…

              such gentoo users :)

              --
              senders that put my email into body content will deliver it to my own
              trashcan, so if you like to get reply, dont do it
            • Benny Pedersen
              ... same could go to maintainers of ebuilds or precompiled packages -- senders that put my email into body content will deliver it to my own trashcan, so if
              Message 6 of 16 , Jun 5 11:31 AM
              • 0 Attachment
                Jan Kohnert skrev den 2013-06-05 01:47:

                > I should read release notes more carefully.

                same could go to maintainers of ebuilds or precompiled packages

                --
                senders that put my email into body content will deliver it to my own
                trashcan, so if you like to get reply, dont do it
              • Michael Orlitzky
                ... Postfix 2.10 on Gentoo adds the safety net, but the package manager won t automatically clobber files under /etc. You re supposed to run a tool
                Message 7 of 16 , Jun 6 5:06 PM
                • 0 Attachment
                  On 06/04/2013 08:51 PM, Wietse Venema wrote:
                  > Please file a bug report with your distribution.
                  >
                  > Postfix 2.10 as distributed by me will add a backwards-compatibility
                  > setting to main.cf, thusly:
                  >
                  > # postfix upgrade-configuration
                  > COMPATIBILITY: editing /etc/postfix/main.cf, overriding
                  > smtpd_relay_restrictions to prevent inbound mail from unexpectedly
                  > bouncing. Specify an empty smtpd_relay_restrictions value to
                  > keep using smtpd_recipient_restrictions as before.
                  >
                  > And the backwards compatible setting is:
                  >
                  > # postconf smtpd_relay_restrictions
                  > smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
                  >
                  > If your distributor has removed this backwards-compatibility safety
                  > net, then please tell them that they are doing their users a disservice.
                  >
                  > Wietse
                  >

                  Postfix 2.10 on Gentoo adds the safety net, but the package manager
                  won't automatically clobber files under /etc. You're supposed to run a
                  tool (etc-update) afterwards to merge any changes. I'm guessing that's
                  what got skipped here.
                • Wietse Venema
                  ... It s no good when this has to be run by a human operator. I ll change the compiled-in default to: smtpd_relay_restrictions = permit_mynetworks
                  Message 8 of 16 , Jun 6 5:47 PM
                  • 0 Attachment
                    Michael Orlitzky:
                    > On 06/04/2013 08:51 PM, Wietse Venema wrote:
                    > > Please file a bug report with your distribution.
                    > >
                    > > Postfix 2.10 as distributed by me will add a backwards-compatibility
                    > > setting to main.cf, thusly:
                    > >
                    > > # postfix upgrade-configuration
                    > > COMPATIBILITY: editing /etc/postfix/main.cf, overriding
                    > > smtpd_relay_restrictions to prevent inbound mail from unexpectedly
                    > > bouncing. Specify an empty smtpd_relay_restrictions value to
                    > > keep using smtpd_recipient_restrictions as before.
                    > >
                    > > And the backwards compatible setting is:
                    > >
                    > > # postconf smtpd_relay_restrictions
                    > > smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
                    > >
                    > > If your distributor has removed this backwards-compatibility safety
                    > > net, then please tell them that they are doing their users a disservice.
                    > >
                    > > Wietse
                    > >
                    >
                    > Postfix 2.10 on Gentoo adds the safety net, but the package manager
                    > won't automatically clobber files under /etc. You're supposed to run a
                    > tool (etc-update) afterwards to merge any changes. I'm guessing that's
                    > what got skipped here.

                    It's no good when this has to be run by a human operator. I'll
                    change the compiled-in default to:

                    smtpd_relay_restrictions =
                    permit_mynetworks permit_sasl_authenticated reject_unauth_destination

                    so that people can avoid the upgrade surprise.

                    Wietse
                  • Benny Pedersen
                    ... why is permit_sasl_authenticated missing in default 2.10 settings then ? (c code defaults)
                    Message 9 of 16 , Jun 6 6:00 PM
                    • 0 Attachment
                      > If your distributor has removed this backwards-compatibility safety
                      > net, then please tell them that they are doing their users a
                      > disservice.

                      why is permit_sasl_authenticated missing in default 2.10 settings then
                      ? (c code defaults)
                    • Wietse Venema
                      ... This was discussed extensively on the list. Learn to search. Wietse
                      Message 10 of 16 , Jun 6 6:17 PM
                      • 0 Attachment
                        Benny Pedersen:
                        > > If your distributor has removed this backwards-compatibility safety
                        > > net, then please tell them that they are doing their users a
                        > > disservice.
                        >
                        > why is permit_sasl_authenticated missing in default 2.10 settings then
                        > ? (c code defaults)

                        This was discussed extensively on the list. Learn to search.

                        Wietse
                      • Benny Pedersen
                        ... or simply create a patch in c, more easy then read 10000 emails about the big problem :)
                        Message 11 of 16 , Jun 6 6:29 PM
                        • 0 Attachment
                          wietse@... skrev den 2013-06-07 03:17:

                          > This was discussed extensively on the list. Learn to search.

                          or simply create a patch in c, more easy then read 10000 emails about
                          the big problem :)
                        • Jan Kohnert
                          Hi, ... well, I m running Gentoo for nearly ten years now, and I know etc-update. I just missed that change while merging the config files. There definitely
                          Message 12 of 16 , Jun 6 11:56 PM
                          • 0 Attachment
                            Hi,

                            Am Donnerstag, 6. Juni 2013, 20:06:48 schrieb Michael Orlitzky:
                            > Postfix 2.10 on Gentoo adds the safety net, but the package manager
                            > won't automatically clobber files under /etc. You're supposed to run a
                            > tool (etc-update) afterwards to merge any changes. I'm guessing that's
                            > what got skipped here.

                            well, I'm running Gentoo for nearly ten years now, and I know etc-update. I
                            just missed that change while merging the config files.

                            There definitely was no safty net in master.cf, but I have added lots of
                            config stuff at the end of main.cf, so if the safety net was put at the end of
                            that file by the Gentoo folks, the merge would probably have removed it, since
                            I wanted my changes to stay. :)

                            --
                            MfG Jan
                          • Charles Marcus
                            ... Actually, I ve been running gentoo for a long time too and I also got bit by this. I m not perfect, but I am always very careful about running etc-update,
                            Message 13 of 16 , Jun 7 3:15 AM
                            • 0 Attachment
                              On 2013-06-07 2:56 AM, Jan Kohnert <nospam001-lists@...> wrote:
                              > Am Donnerstag, 6. Juni 2013, 20:06:48 schrieb Michael Orlitzky:
                              >> Postfix 2.10 on Gentoo adds the safety net, but the package manager
                              >> won't automatically clobber files under /etc. You're supposed to run a
                              >> tool (etc-update) afterwards to merge any changes. I'm guessing that's
                              >> what got skipped here.
                              > well, I'm running Gentoo for nearly ten years now, and I know etc-update. I
                              > just missed that change while merging the config files.
                              >
                              > There definitely was no safty net in master.cf, but I have added lots of
                              > config stuff at the end of main.cf, so if the safety net was put at the end of
                              > that file by the Gentoo folks, the merge would probably have removed it, since
                              > I wanted my changes to stay. :)

                              Actually, I've been running gentoo for a long time too and I also got
                              bit by this. I'm not perfect, but I am always very careful about running
                              etc-update, and I swear I did not see this modification.

                              --

                              Best regards,

                              Charles
                            Your message has been successfully submitted and would be delivered to recipients shortly.