Postfix problem

kri164 · November 22, 2020, 1:54pm

Hello all,

has someone working email notification on rockstor 4.0.4?

I did try several smtp outgoing servers (both linux and windows server) and it is not working as is.

Postfix eror:
postfix/smtp[5199]: warning: SASL authentication failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available (default cache: DIR:/run/user/51/krb5cc))

This means the remote server and rocstors postfix negotiated KRB5 authentication (or another digest mechanism sometimes) that it is not working.

As a temporary fix I added this line to /etc/postfix/main.cf:
smtp_sasl_mechanism_filter = plain, login

It is working now.

What is your experience with email notification on Rockstor 4.0.4?

Thanks

Flox · November 22, 2020, 4:13pm

Hi @kri164, and welcome to the community!

Thanks a lot for your report, that’s very informative.

Personally, everything is working fine for me using a gmail account as outgoing smtp.

Thanks a lot for sharing your solution to your issue; I’m unfortunately not familiar enough with postfix to be able to provide feedback on whether or not it needs to be implemented into Rockstor, but others here will.

I can provide a bit of history, though, as the last changes we had on postfix was released in Rockstor 3.9.2-54, which included the following fix by @phillxnet:
https://github.com/rockstor/rockstor-core/pull/2135

This contained a series of fixes to bring our postfix implementation to compatibility from our legacy centOS base to our new openSUSE base.

Sorry I cannot be more helpful than that at the moment, but hopefully others will be able to chip in.

kri164 · November 24, 2020, 5:40pm

Hello Flox,

thank you for info.

I have another question. On pure OpenSuse Leap the file postfix generic table has this file permissions:

opensuse # ls -al /etc//postfix/generic
-rw-r–r-- 1 root root 10221 Jun 9 03:35 /etc//postfix/generic

while on Rockstor the file permissions are:
rockstor # ls -al /etc/postfix/generic
-r-------- 1 root root 52 Nov 23 23:52 /etc/postfix/generic

Is there any reason for change of file permission or is it a result of script with wrong umask settings?

Regards

Flox · November 25, 2020, 2:22pm

Ooooh, very good question… If we look at the PR to which I linked above, we can see that @phillxnet actually spotted some erroneous file permissions in this one and fixed the way it was done. In particular:

github.com/rockstor/rockstor-core

[openSUSE] fix postfix config re ipv4, tlsmgr, & CA file settings. Fixes #2132

rockstor:master ← phillxnet:2132_2133_openSUSE_fix_config_settings_for_postfix

opened 09:36PM - 19 Feb 20 UTC

phillxnet

+805 -553

Thanks to @tyukh for initial reporting and initial diagnosis of the root causes.… Due to differing defaults from our prior CentOS base, email notification configuration failed. Adjust configuration mechanism as below. Fixes #2132 Fixes #2133 Fixes #2035 # Includes: - Un-remark tlsmgr line in master.cf when on openSUSE. - Disable on-by-default mail sysconfig in openSUSE (see issue #2035) - Update /etc files postfix/master.cf & sysconfig/mail only if required. - Adapt Certificate Authority file bundle path to openSUSE contextually. - Enforce "inet_protocols = ipv4" in postfix if a prior 'all' setting is found. This avoids postfix service failure on ipv4 only systems. - Move to string.format in email_client.py. - Black format email_client.py. - Black format system/osi.py (large file) - in separate commit. - Fix buggy use of os.chmod. - Abstract "/root/.forward" for clarity. - Abstract "/etc/postfix/generic" for clarity. - Improve code comments. - Add comments to existing system/osi inplace_replace() function. - Add general purpose replace_line_if_found() facility to system/osi.py. - Establish simple system/osi replace_line_if_found() mechanism. - Avoid postfix log warnings by removing to-be duplicate config options. - Ensure postfix service is enabled after each config save. The vendor default is 'disabled'. Additional unrelated trivial fix without associated issue: - A trivial debug log var refactor omission relating to pr #2039 # Testing No new unit tests were written. However functional testing was performed on all three target dirtos of "rockstor" (CentOS), and our two openSUSE targets: Leap15.1, and Tumbleweed. From a clean source build, post postfix removal and install (fresh config files & to establish systemd vendor default status) the Rockstor Web-UI was able to successfully test email notification config entry, prior to submitting it, and successfully submit that config there after and subsequently perform the test email send. All associated config files were inspected pre and post automated editing and the resulting file access rights were confirmed to be as intended. All 3 platforms, post email notification configuration, were also confirmed to successfully forward self-sent root-directed email using the following procedure: ``` # cli mail client already installed on our CentOS variants zypper in mailx echo "Body text of email alert" | mail -s "Alert Email" root ``` @FroggyFlox Ready for review. I was unfortunately unable to separate the black formatting in the case of the smaller file edited in this pr, but the much larger system/osi.py file does have it's black formatting in a separate commit to ease review.

github.com

phillxnet/rockstor-core/blob/484c83798829bdc15bff410c67f50982987bd1f9/src/rockstor/storageadmin/views/email_client.py#L165-L166


      
          # Set file to r-- --- --- (400) via stat constants.
          os.chmod(GENERIC, stat.S_IRUSR)

So I would say this is intentional… Have you noticed a problem with such permissions? If so, we’ll have to discuss that with @phillxnet and make the appropriate change(s), if required.