Re: NetBSD, sendmail with AUTH and TLS

To: netbsd-users%NetBSD.org@localhost
Subject: Re: NetBSD, sendmail with AUTH and TLS
From: Michael Parson <mparson%bl.org@localhost>
Date: Thu, 13 Dec 2012 17:03:34 -0600 (CST)

On Thu, 13 Dec 2012, Peter Bex wrote:

On Thu, Dec 13, 2012 at 12:22:17PM -0600, Michael Parson wrote:

I followed the wiki entry for this on my NetBSD/i386 5.0.2 system:

http://wiki.netbsd.org/tutorials/services/sendmail_auth_tls/

And it worked beautifully.  However, that system died, and now:

Trying the same thing on my amd64 6.0 system, and it's not working.


Is this a clean 6.0 system, or an upgraded one?  If you built inside
a chroot, did you remember to upgrade the chroot to 6.0 userland as
well?  If you're using binary packages, did you remember to update
the PKG_PATH variable or pkgin's repositories.conf to look at a 6.0
repo?


Clean binary install of 6.0, in fact, I couldn't get anything before 6.0
to install on this setup (linode.com's Xen infrastructure), building
all the pkgsrc stuff from source, my mk.conf has my LOCALBASE set to
/usr/local instead of /usr/pkg, just a personal preference I've been
dragging along with me for years.

# uname -a
NetBSD testhost 6.0 NetBSD 6.0 (XEN3_DOMU) amd64

This doesn't seem to be working either.  In my /var/log/authlog, I see the
probable problem, but I don't know how to solve it:

Dec 13 12:15:46 testhost sm-mta[26159]: unable to dlopen
/usr/local/lib/sasl2/libsasldb.so.2: Cannot dlopen non-loadable
/usr/lib/libpthread.so.1


I've seen something similar before just after upgrading and installing
my first newly built binaries.  This probably means that some component
(either the end-point binary or one of the libraries it loads),
was linked to libpthread.so.0 (the 5.x libpthread) and one or more
of the other libraries (or the binary itself) was linked against
libpthread.so.1

NetBSD 6.0 has a newer libpthread and needed to bump the ABI version,
and libpthread can only be active once when the program is started,
and all binaries using .so-files that use it need the library linked
into it.  libpthread is a bit odd that way ;)


That maks sense.

From what I can tell from searching google and reading the dlopen

manpage, something is trying to load libsasldb.so, but that something
isn't also linked against libpthread.so.


This can be debugged by using ldd(1) on the binary and working through
all its .so-files, recursively running ldd on them.  One of those
should eventually show up being linked against libpthread.so.0; that
needs to be rebuilt and reinstalled.


The bits that I can think of to check are:

/usr/local/libexec/sendmail/sendmail (not linked against libpthread at all)
/usr/local/lib/sasl2/liblogin.so (not linked against libpthread at all)
/usr/local/sbin/saslauthd (not linked against libpthread at all)

Starting with libsasldb.so:

# ldd libsasldb.so
libsasldb.so:
        -ldb4-4.8.8 => /usr/local/lib/libdb4-4.8.so.8
        -lpthread.1 => /usr/lib/libpthread.so.1
        -lgcc_s.1 => /usr/lib/libgcc_s.so.1
        -lc.12 => /usr/lib/libc.so.12
        -lresolv.2 => /usr/lib/libresolv.so.2

# ldd /usr/local/lib/libdb4-4.8.so.8
/usr/local/lib/libdb4-4.8.so.8:
        -lpthread.1 => /usr/lib/libpthread.so.1
        -lgcc_s.1 => /usr/lib/libgcc_s.so.1
        -lc.12 => /usr/lib/libc.so.12

For giggles, I ran through all of /usr/local/lib and /usr/local/bin,
can't find anything linked against pthread.0, all the pthreads requests
are for .1

It might help if I can find who is loading libsasldb.so.  Reading a
ktrace of sendmail it looks like sendmail is loading it, but it's not
directly linked to it:

# grep pthread ktrace.txt
 17364      1 sendmail NAMI  "/usr/local/lib/libpthread.so.1"
 17364      1 sendmail NAMI  "/usr/X11R7/lib/libpthread.so.1"
 17364      1 sendmail NAMI  "/usr/lib/libpthread.so.1"
       "<35>1 2012-12-13T08:45:56.560822-06:00 testhost sm-mta 17364 - - unable to 
dlopen /usr/local/lib/sasl2/libsasldb.so.2: Cannot dlopen non-loadable 
/usr/lib/libpthread.so.1"

# ldd /usr/local/libexec/sendmail/sendmail
/usr/local/libexec/sendmail/sendmail:
        -lwrap.7 => /usr/local/lib/libwrap.so.7
        -lc.12 => /usr/lib/libc.so.12
        -lssl.0.9.8 => /usr/local/lib/libssl.so.0.9.8
        -lcrypto.0.9.8 => /usr/local/lib/libcrypto.so.0.9.8
        -lsasl2.2 => /usr/local/lib/libsasl2.so.2
        -lresolv.2 => /usr/lib/libresolv.so.2
        -lgcc_s.1 => /usr/lib/libgcc_s.so.1
        -lutil.7 => /usr/lib/libutil.so.7

--
Michael Parson
Austin, TX
KF5LGQ

Follow-Ups:
- Re: NetBSD, sendmail with AUTH and TLS
  - From: Peter Bex

References:
- NetBSD, sendmail with AUTH and TLS
  - From: Michael Parson
- Re: NetBSD, sendmail with AUTH and TLS
  - From: Peter Bex

Prev by Date: Re: NetBSD, sendmail with AUTH and TLS
Next by Date: Re: Available options for managing mfi(4) with NetBSD 6.0? (Linux MegaCli)
Previous by Thread: Re: NetBSD, sendmail with AUTH and TLS
Next by Thread: Re: NetBSD, sendmail with AUTH and TLS
Indexes:

Home | Main Index | Thread Index | Old Index