Bug#1106740: marked as done (postfix: cyrus_sasl_config_path needs to be set explicitly for trixie (not needed for older debian releases))

Debian Bug Tracking System Sat, 07 Jun 2025 05:09:28 -0700

Your message dated Sat, 7 Jun 2025 12:59:46 +0200
with message-id <1cd768e7-7daa-4546-bcfc-72e8a3a41...@gmx.de>
and subject line Where to search for the documentation of the change
has caused the Debian Bug report #1106740,
regarding postfix: cyrus_sasl_config_path needs to be set explicitly for trixie 
(not needed for older debian releases)
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1106740: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106740
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: postfix
Version: 3.10.2-1
Severity: important

Dear Maintainer,

using postfix together with cyrus sasl worked by creating the file
/etc/postfix/sasl/smtpd.conf with the corresponding content (see e.g.
bug reports #252025 and #262869) in debian release up to bookworm. There 
was no need to set the option cyrus_sasl_config_path in 
/etc/postfix/main.cf

Using trixie it seems to be necessary, to explicitly set 
cyrus_sasl_config_path = /etc/postfix/sasl

In the HISTORY of postfix
https://sources.debian.org/src/postfix/3.10.2-1/HISTORY/#L26584 the
following is mentioned:

20220808

        Documentation: some Debian releases hard-code the search
        path for Cyrus SASL application configuration files,
        overriding the cyrus_sasl_config_path setting. Viktor
        Dukhovni. File: proto/SASL_README.html.

Was this hard-coding of the search path removed in trixie?

The following error messages are logged:

May 28 22:21:41 host postfix/submission/smtpd[29758]: connect from 
client[192.168.178.1]
May 28 22:21:41 host postfix/submission/smtpd[29758]: Anonymous TLS connection 
established from client[192.168.178.1]: TLSv1.3 with cipher 
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature 
RSA-PSS (2048 bits) server-digest SHA256
May 28 22:21:41 host postfix/submission/smtpd[29758]: warning: 
client[192.168.178.1]: SASL LOGIN authentication failed: authentication 
failure, sasl_username=user@host
May 28 22:21:41 host postfix/submission/smtpd[29758]: disconnect from 
client[192.168.178.1] ehlo=2 starttls=1 auth=0/1 quit=1 commands=4/5

If the option cyrus_sasl_config_path is set, if works (again).

(debian is running in a lxc container on a gentoo host if you are
wondering about the kernel version below)

-- System Information:
Debian Release: 13.0
  APT prefers testing
  APT policy: (750, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.21-gentoo-x86_64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages postfix depends on:
ii  adduser                3.152
ii  debconf [debconf-2.0]  1.5.91
ii  init-system-helpers    1.68
ii  libc6                  2.41-8
ii  libdb5.3t64            5.3.28+dfsg2-9
ii  libicu76               76.1-3
ii  libnsl2                1.3.0-3+b3
ii  libsasl2-2             2.1.28+dfsg1-9
ii  libssl3t64             3.5.0-1
ii  libtlsrpt0             0.5.0rc1-2
ii  netbase                6.5

Versions of packages postfix recommends:
ii  ca-certificates  20250419
ii  python3          3.13.3-1
ii  ssl-cert         1.1.3

Versions of packages postfix suggests:
ii  dovecot-core [dovecot-common]  1:2.4.1+dfsg1-4
ii  libsasl2-modules               2.1.28+dfsg1-9
pn  mail-reader                    <none>
pn  postfix-cdb                    <none>
pn  postfix-doc                    <none>
pn  postfix-ldap                   <none>
pn  postfix-lmdb                   <none>
pn  postfix-mongodb                <none>
pn  postfix-mta-sts-resolver       <none>
pn  postfix-mysql                  <none>
ii  postfix-pcre                   3.10.2-1
pn  postfix-pgsql                  <none>
pn  postfix-sqlite                 <none>
ii  procmail                       3.24+really3.22-4
ii  sasl2-bin                      2.1.28+dfsg1-9
ii  systemd-resolved [resolvconf]  257.5-2
pn  ufw                            <none>

-- Configuration Files:
/etc/postfix/post-install changed [not included]
/etc/postfix/postfix-script changed [not included]

-- debconf information excluded

--- End Message ---

--- Begin Message ---
I finally found the documentation of this change:

In /usr/share/doc/postfix/README.Debian.gz:
3.  For policy reasons:
a. SASL configuration goes in /etc/postfix/sasl. Starting in DebianTrixie
     (13), the patch that previously hard coded this path is replaced by
setting cyrus_sasl_config_path = /etc/postfix/sasl in Debian'sdefaults.
     Setting this value to a different patch is now supported.

In /usr/share/postfix/main.cf.debian
# Where to look for Cyrus SASL configuration files. Upstream default isunset
# (use compiled-in SASL library default), Debian Policy says it should be
# /etc/postfix/sasl.
cyrus_sasl_config_path = /etc/postfix/sasl
--- End Message ---

Bug#1106740: marked as done (postfix: cyrus_sasl_config_path needs to be set explicitly for trixie (not needed for older debian releases))

Reply via email to