Throttling, trivial-rewrite and problem talking to serviceerrors when using LDAP
in [Postfix]
|
Prev: Throttling, trivial-rewrite and problem talking to service errorswhen using LDAP
Next: Throttling, trivial-rewrite and problem talking to service errorswhen using LDAP
From: Victor Duchovni on 13 Jul 2010 12:07 On Tue, Jul 13, 2010 at 05:58:53PM +0200, Jon Kristensen wrote: > On 7/13/2010 5:42 PM, Wietse Venema wrote: >> Jon Kristensen: >>> cybersec:~# tail -f /var/log/mail.log >>> Jul 13 14:28:52 cybersec postfix/master[2422]: warning: process >>> /usr/lib/postfix/trivial-rewrite pid 2457 killed by signal 6 >> You need to search your logfiles for lines with the word "panic". >> >> Wietse > > That word is not in any log file. Postfix uses > /var/log/mail.{log,info,err,warn}. If signal 6 is SIGABRT on your system, it is likely what trivial-rewrite called the abort() system call. If it was called from Postfix code, and not a library module, there should be a "panic" syslog message. Otherwise, perhaps your LDAP is using GNUTLS (it used to exit() in the library when entropy was not available, perhaps it now aborts...), or you have other library issues. > Do I need to enable debug or something? I'm using Debian and the official > repository... Debian does I believe have SIGABRT == 6. So check out the dependencies of the LDAP library, check for chroot jails that lack /dev/urandom, ... -- Viktor.
From: Victor Duchovni on 13 Jul 2010 12:49
On Tue, Jul 13, 2010 at 06:19:19PM +0200, Jon Kristensen wrote: > On 7/13/2010 6:07 PM, Victor Duchovni wrote: >> perhaps your LDAP is using GNUTLS (it used to exit() in the library when >> entropy was not available > The LDAP library does indeed use GNU TLS: > > cybersec:~# ldd /usr/sbin/slapd | grep tls > libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb7526000) You should probably avoid GNUTLS, if possible, especially if Postfix is using OpenSSL. >> it used to exit() in the library when >> entropy was not available, perhaps it now aborts... > > Do I need to recompile LDAP with OpenSSL instead in order for Postfix to > work, or is there some way I can make an entropy available? /dev/urandom > seems to work fine. Is trivial-rewrite running in a chroot jail? Does said jail, if any, have /dev/urandom, ... Test with chroot off, if that fixes it, either GNUTLS or Postfix is unhappy in the jail, and given lack of "panic" log entries, I am guessing GNUTLS, but the evidence is not yet conclusive. -- Viktor. |