Re: Suggestion: add security/cy2-plain as a dependency of mail/postfix sasl option

To: Greg Troxel <gdt%lexort.com@localhost>
Subject: Re: Suggestion: add security/cy2-plain as a dependency of mail/postfix sasl option
From: manphiz <manphiz%gmail.com@localhost>
Date: Mon, 20 Dec 2021 12:07:18 -0800

On Mon, Dec 20, 2021 at 11:47 AM Greg Troxel <gdt%lexort.com@localhost> wrote:
>
>
> manphiz <manphiz%gmail.com@localhost> writes:
>
> > I was trying to set up postfix as a mail relay for Gmail.  It turns
> > out the postfix shipped with the system was not compiled with
> > cyrus-sasl support.  So I tried to build mail/postfix from pkgsrc with
> > the sasl option.  It successfully brought in cyrus-sasl as a build
> > dependency, but it still didn't work and failed with this message[1].
> > It's not until I found this blog[2] until I realized that I needed to
> > also compile and install security/cy2-plain for this to work.
>
> Amusingly cyrus-sasl has a MESSAGE, which belongs in an installed
> documentation file instead.  It seems that MESSAGE did not serve its
> intended purpose in this case -- which doesn't really surprise me, but
> it's an interesting data point.
>
> > I'd like to suggest adding security/cy2-plain, or better with other
> > authentication methods like security/cy2-digestmd5 and
> > security/cy2-crammd5 for the sasl to work out of the box.  This may
> > save users to go through this effort again to make postfix work with
> > Gmail and other mail providers.
>
> Generally, we try to have dependencies be minimal, as everyone ends up
> with all listed dependencies.  In this case, the mechanisms are
> plugins, which is a scheme to keep that part of the code from having to
> be a dependency or option, and simply work when installed.
>
> > [1] Dec 19 20:40:48 yeeloong-netbsd postfix/smtp[21224]: 222C722E15C:
> > to=<manphiz%gmail.com@localhost>, relay=smtp.gmail.com[74.125.137.109]:587,
> > delay=21564, delays=21563/0.68/0.51/0, dsn=4.7.0, status=deferred
> > (SASL authentication failed; cannot authenticate to server
> > smtp.gmail.com[74.125.137.109]: no mechanism available)
>
> That seems to be a reasonable error message but I can see why it would
> be hard to figure out if you haven't dealt with cyrus-sasl before.
>
> > [2] https://www.lonsteins.com/posts/netbsd-postfix-relaying-and-sasl/
>
> An alternative to adding mechanisms to postfix would be to add them to
> cyrus-sasl (well, make a metapackage that depends on cyrus-sasl and
> mechanisms, because surely the mechanism packages depend on
> cyrus-sasl).  However this is basically wrecking the gain of split
> plugin packages, which is that people are able to install only what they
> need.
>
> I added a few lines to cyrus-sasl's DESCR that explains about plugins
> and that probably one or more should be installed.

Thanks for the explanation Greg.  Your new addition to cyrus-sasl's
DESCR is the next best thing to have, though I'd still like to see
that metapackage to be implemented :)  I'll try to contribute a patch
once I become more familiar with pkgsrc.

Follow-Ups:
- Re: Suggestion: add security/cy2-plain as a dependency of mail/postfix sasl option
  - From: Greg Troxel

References:
- Suggestion: add security/cy2-plain as a dependency of mail/postfix sasl option
  - From: manphiz
- Re: Suggestion: add security/cy2-plain as a dependency of mail/postfix sasl option
  - From: Greg Troxel

Prev by Date: Re: Suggestion: add security/cy2-plain as a dependency of mail/postfix sasl option
Next by Date: [PATCH PROPOSED] Re: sysutils/arm-trusted-firmware-sun50i_a64 fails to build
Previous by Thread: Re: Suggestion: add security/cy2-plain as a dependency of mail/postfix sasl option
Next by Thread: Re: Suggestion: add security/cy2-plain as a dependency of mail/postfix sasl option
Indexes:

Home | Main Index | Thread Index | Old Index