Dear listers
I draw your atttention to a failure of proxymap, which in turn made fail
entire postfix.
This site retrieves all data concerning mail delivery from LDAP. This
worked fine for years, no problem.
Yesterday, I upgraded the main mail server to fedore 11. And when I
thought, everything was OK, the disaster started. I still cannot imagine
how this ungraceful asterisk whent into one of the ldap-config files of
postfix. But after an entire night of searching (the mail server must be
up and running this morning), I found this asterix as the main culprit
in the file /etc/postfix/ldap-mailbox.cf.
postfix-2.5.6-3.fc11.i586
[r...@myhost ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/postfix/aliases
anvil_rate_time_unit = 60s
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter =
daemon_directory = /usr/libexec/postfix
data_directory = /data/postfix/cache
debug_peer_level = 2
defer_transports =
disable_dns_lookups = no
html_directory = no
inet_protocols = all
local_recipient_maps = ldap:/etc/postfix/ldap-alias.cf
mail_owner = postfix
mailbox_command =
mailbox_transport =
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
mydestination = localhost.$mydomain
mydomain = $myhostname
myhostname = tico.mydomain.com
mynetworks = 192.168.97.0/24, 1xx.1xx.243.160/27, 127.0.0.0/24
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /data/postfix/queues
readme_directory = /usr/share/doc/postfix-2.5.6/README_FILES
relay_domains = permit_sasl_authenticated, permit_mynetworks,$mydestination
relayhost =
sample_directory = /usr/share/doc/postfix-2.5.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_connection_count_limit = 5
smtpd_client_connection_rate_limit = 22
smtpd_client_event_limit_exceptions = $mynetworks
smtpd_client_recipient_rate_limit = 100
smtpd_client_restrictions = permit_sasl_authenticated,
hash:/etc/postfix/whitelist, hash:/etc/postfix/access
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access
hash:/etc/postfix/helo_checks, reject_invalid_hostname
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
check_recipient_access hash:/etc/postfix/check_recipients,
check_recipient_access hash:/etc/postfix/access,
reject_rbl_client mail-abuse.org, reject_rbl_client
sbl-xbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl,
reject_rbl_client cbl.abuseat.org, reject_rhsbl_client
mail-abuse.org, reject_rhsbl_client sbl-xbl.spamhaus.org,
reject_rhsbl_client blackholes.easynet.nl, reject_rhsbl_client
cbl.abuseat.org check_recipient_access
ldap:/etc/postfix/ldap-spamfilter.cf, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = postfix
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unknown_sender_domain,
hash:/etc/postfix/whitelist, check_sender_access
hash:/etc/postfix/access, reject_rhsbl_sender dsn.rfc-ignorant.org
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap-alias.cf
virtual_gid_maps = static:51
virtual_mailbox_base = /data/postfix/maildrop/
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap-domain.cf
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-mailbox1.cf
virtual_minimum_uid = 51
virtual_transport = virtual
virtual_uid_maps = static:51
[r...@myhost ~]#
the file /etc/postfix/ldap-mailbox.cf with the asterisk in the query_filter:
[r...@myhost ~]# cat /etc/postfix/ldap-mailbox.cf
# virtual_mailbox_maps = ldap:/etc/postfix/ldap-aliases.cf
server_host = myhost.mydomain.com
server_port = 389
search_base = ou=postfix,dc=mydomain,dc=com
query_filter = (&(mail=%*s)(objectclass=qmailuser))
result_attribute = mailMessageStore
bind = yes
bind_dn = cn=postfix,ou=postfix,dc=mydomain,dc=com
bind_pw = powalcox
scope = one
version = 3
[r...@myhost ~]#
the effect was, that postfix did not start up.
On /etc/init.d/postfix start, /var/log/maillog said:
Sep 13 22:13:26 myhost postfix/smtpd[16875]: warning: private/proxymap
socket: service dict_proxy_open: Success
Sep 13 22:13:26 myhost postfix/master[13371]: warning: process
/usr/libexec/postfix/proxymap pid 16876 killed by signal 11
Sep 13 22:13:27 myhost postfix/smtpd[16875]: warning: private/proxymap
socket: service dict_proxy_open: Success
Sep 13 22:13:27 myhost postfix/master[13371]: warning: process
/usr/libexec/postfix/proxymap pid 16877 killed by signal 11
Sep 13 22:13:27 myhost postfix/master[13371]: warning:
/usr/libexec/postfix/proxymap: bad command startup -- throttling
(many more of that)
the system log /var/log/messages said:
Sep 13 22:23:27 myhost kernel: proxymap[17116]: segfault at 4 ip
00fd6cb6 sp bfea1d40 error 4 in proxymap[fc8000+2d000]
Sep 13 22:24:27 myhost kernel: proxymap[17171]: segfault at 4 ip
002b0cb6 sp bfc3cdd0 error 4 in proxymap[2a2000+2d000]
Sep 13 22:25:27 myhost kernel: proxymap[17173]: segfault at 4 ip
005edcb6 sp bfd0b2e0 error 4 in proxymap[5df000+2d000]
(many more of that)
No hint at all, where the error could be.
It was only, when I set up /etc/postfix/main.cf from afresh, that I
found out that the error occurs, when postfix wants to look up the
virtual mailbox.
when doing
postconf -q m...@addr.ess ldap:/etc/postfix/ldap-mailbox.cf
I got
Segmentation fault
It was only, when I set up the /etc/postfix/ldap-mailbox.cf from afresh,
that I noticed the asterisk in the query_filter, which looked quite
suspicious to me. So I left it off.
And from then on postfix worked ok.
In such cases, it would be helpful to have more information then just plain
Segmentation fault.
It remains up to you whether you consider this a bug.
suomi
