Re: Suggestion: add security/cy2-plain as a dependency of mail/postfix sasl option

To: manphiz <manphiz%gmail.com@localhost>
Subject: Re: Suggestion: add security/cy2-plain as a dependency of mail/postfix sasl option
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Mon, 20 Dec 2021 14:47:03 -0500

manphiz <manphiz%gmail.com@localhost> writes:

> I was trying to set up postfix as a mail relay for Gmail.  It turns
> out the postfix shipped with the system was not compiled with
> cyrus-sasl support.  So I tried to build mail/postfix from pkgsrc with
> the sasl option.  It successfully brought in cyrus-sasl as a build
> dependency, but it still didn't work and failed with this message[1].
> It's not until I found this blog[2] until I realized that I needed to
> also compile and install security/cy2-plain for this to work.

Amusingly cyrus-sasl has a MESSAGE, which belongs in an installed
documentation file instead.  It seems that MESSAGE did not serve its
intended purpose in this case -- which doesn't really surprise me, but
it's an interesting data point.

> I'd like to suggest adding security/cy2-plain, or better with other
> authentication methods like security/cy2-digestmd5 and
> security/cy2-crammd5 for the sasl to work out of the box.  This may
> save users to go through this effort again to make postfix work with
> Gmail and other mail providers.

Generally, we try to have dependencies be minimal, as everyone ends up
with all listed dependencies.  In this case, the mechanisms are
plugins, which is a scheme to keep that part of the code from having to
be a dependency or option, and simply work when installed.

> [1] Dec 19 20:40:48 yeeloong-netbsd postfix/smtp[21224]: 222C722E15C:
> to=<manphiz%gmail.com@localhost>, relay=smtp.gmail.com[74.125.137.109]:587,
> delay=21564, delays=21563/0.68/0.51/0, dsn=4.7.0, status=deferred
> (SASL authentication failed; cannot authenticate to server
> smtp.gmail.com[74.125.137.109]: no mechanism available)

That seems to be a reasonable error message but I can see why it would
be hard to figure out if you haven't dealt with cyrus-sasl before.

> [2] https://www.lonsteins.com/posts/netbsd-postfix-relaying-and-sasl/

An alternative to adding mechanisms to postfix would be to add them to
cyrus-sasl (well, make a metapackage that depends on cyrus-sasl and
mechanisms, because surely the mechanism packages depend on
cyrus-sasl).  However this is basically wrecking the gain of split
plugin packages, which is that people are able to install only what they
need.

I added a few lines to cyrus-sasl's DESCR that explains about plugins
and that probably one or more should be installed.

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: Suggestion: add security/cy2-plain as a dependency of mail/postfix sasl option
  - From: Joerg Sonnenberger
- Re: Suggestion: add security/cy2-plain as a dependency of mail/postfix sasl option
  - From: manphiz

References:
- Suggestion: add security/cy2-plain as a dependency of mail/postfix sasl option
  - From: manphiz

Prev by Date: GCC on SunOS < 2.11, require new Binutils?
Next by Date: Re: Suggestion: add security/cy2-plain as a dependency of mail/postfix sasl option
Previous by Thread: Suggestion: add security/cy2-plain as a dependency of mail/postfix sasl option
Next by Thread: Re: Suggestion: add security/cy2-plain as a dependency of mail/postfix sasl option
Indexes:

Home | Main Index | Thread Index | Old Index