postfix and xoauth2 (for gmail authentication)
by gattocarlo from LinuxQuestions.org on (#6KMKA)
Hi,
I'm facing what I think is a weird problem with postfix and xoauth2 and I'm not able to debug it.
I have two machines, my laptop and my home server, both running updated slackware 15.
Since I use different email accounts, personal ones with my domain (hosted on my home server) and some gmail accounts for work, on my laptop I set up postfix to relay messages sent from my gmail accounts through gmail and messages sent from my personal accounts through my home server. Since the authentication on gmail requires xoauth2, while my server requires a normal login (over TLS), my laptop postfix configuration uses two different transports, one with
Code:smtp_sasl_mechanism_filter = xoauth2and one with
Code:smtp_sasl_mechanism_filter = login
I then use:
Code:smtp_sender_dependent_authentication
sender_dependent_default_transport_maps
sender_dependent_relayhost_mapsThe XOAUTH2 SASL mechanism is provided by the cyrus-sasl-xoauth plugin for cyrus-sasl.
I wrote a small deamon which periodically updates the access tokens of my gmail accounts and everything works perfectly fine.
I wanted to replicate this setup on my home server but postfix here is not working. When using gmail to relay the messages everything seems to be working fine: the correct SASL mechanism is used, the appropriate username is sent to the gmail stmp server, but the response it gets form gmail causes a segfault.
This is (the edited) /var/log/maillog
Code:postfix/smtp[40578]: smtp_sasl_authenticate: smtp.gmail.com[142.250.102.109]:587: SASL mechanisms XOAUTH2
postfix/smtp[40578]: xsasl_cyrus_client_get_user: my_email_account@gmai.com
postfix/qmgr[40576]: warning: private/gmail socket: malformed response
postfix/master[40574]: warning: process /usr/libexec/postfix/smtp pid 40578 killed by signal 11
postfix/master[40574]: warning: /usr/libexec/postfix/smtp: bad command startup -- throttling(private/gmail is the name of the transport I use to select "smtp_sasl_mechanism_filter = xoauth2")
In /var/log/messages I get:
Code:smtp[40578]: segfault at 4044 ip 00005653e92bbe20 sp 00007ffc7af69080 error 4 in smtp[5653e92ae000+f000]
kernel: Code: 89 28 8d 53 01 48 8d 78 08 4c 89 e6 48 63 d2 e8 d6 22 ff ff 31 c0 48 83 c4 08 5b 5d 41 5c 41 5d c3 66 0f 1f 84 00 00 00 00 00 <48> 8b 56 40 48 8d 3d 71 2c 00 00 31 c0 48 8d 35 ee 51 00 00 e8 37I spent a few hours searching the web and found someone with similar issues, usually related to the SASL mechanism or smtp_tls_fingerprint_digest. But in my case I get a similar result when I unistall cyrus-sasl-xoauth2.
It seems like the xouth2 plugin is not working properly even though the plugin seems to be loaded and working:
Code:pluginviewer -c:
...
Plugin "xoauth2" [loaded], API version: 4
SASL mechanism: XOAUTH2, best SSF: 0
security flags: NO_ANONYMOUS|PASS_CREDENTIALS
features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATIONI do not know what to do and how to debug the postfix smtp client. Any help or direction would be greatly appreciated.
I tried using a different cyrus plugin (sasl-xoauth2) but I wasn't able to get sasl to load it...
Sorry for such a long post and thanks for your kind attention.
Best,
--
andrea
I'm facing what I think is a weird problem with postfix and xoauth2 and I'm not able to debug it.
I have two machines, my laptop and my home server, both running updated slackware 15.
Since I use different email accounts, personal ones with my domain (hosted on my home server) and some gmail accounts for work, on my laptop I set up postfix to relay messages sent from my gmail accounts through gmail and messages sent from my personal accounts through my home server. Since the authentication on gmail requires xoauth2, while my server requires a normal login (over TLS), my laptop postfix configuration uses two different transports, one with
Code:smtp_sasl_mechanism_filter = xoauth2and one with
Code:smtp_sasl_mechanism_filter = login
I then use:
Code:smtp_sender_dependent_authentication
sender_dependent_default_transport_maps
sender_dependent_relayhost_mapsThe XOAUTH2 SASL mechanism is provided by the cyrus-sasl-xoauth plugin for cyrus-sasl.
I wrote a small deamon which periodically updates the access tokens of my gmail accounts and everything works perfectly fine.
I wanted to replicate this setup on my home server but postfix here is not working. When using gmail to relay the messages everything seems to be working fine: the correct SASL mechanism is used, the appropriate username is sent to the gmail stmp server, but the response it gets form gmail causes a segfault.
This is (the edited) /var/log/maillog
Code:postfix/smtp[40578]: smtp_sasl_authenticate: smtp.gmail.com[142.250.102.109]:587: SASL mechanisms XOAUTH2
postfix/smtp[40578]: xsasl_cyrus_client_get_user: my_email_account@gmai.com
postfix/qmgr[40576]: warning: private/gmail socket: malformed response
postfix/master[40574]: warning: process /usr/libexec/postfix/smtp pid 40578 killed by signal 11
postfix/master[40574]: warning: /usr/libexec/postfix/smtp: bad command startup -- throttling(private/gmail is the name of the transport I use to select "smtp_sasl_mechanism_filter = xoauth2")
In /var/log/messages I get:
Code:smtp[40578]: segfault at 4044 ip 00005653e92bbe20 sp 00007ffc7af69080 error 4 in smtp[5653e92ae000+f000]
kernel: Code: 89 28 8d 53 01 48 8d 78 08 4c 89 e6 48 63 d2 e8 d6 22 ff ff 31 c0 48 83 c4 08 5b 5d 41 5c 41 5d c3 66 0f 1f 84 00 00 00 00 00 <48> 8b 56 40 48 8d 3d 71 2c 00 00 31 c0 48 8d 35 ee 51 00 00 e8 37I spent a few hours searching the web and found someone with similar issues, usually related to the SASL mechanism or smtp_tls_fingerprint_digest. But in my case I get a similar result when I unistall cyrus-sasl-xoauth2.
It seems like the xouth2 plugin is not working properly even though the plugin seems to be loaded and working:
Code:pluginviewer -c:
...
Plugin "xoauth2" [loaded], API version: 4
SASL mechanism: XOAUTH2, best SSF: 0
security flags: NO_ANONYMOUS|PASS_CREDENTIALS
features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATIONI do not know what to do and how to debug the postfix smtp client. Any help or direction would be greatly appreciated.
I tried using a different cyrus plugin (sasl-xoauth2) but I wasn't able to get sasl to load it...
Sorry for such a long post and thanks for your kind attention.
Best,
--
andrea