[Solved] Postfix and SSH broken

xy16644 · #1 April 21st, 2012, 22:37

I just ran a full update on all the ports on my FreeBSD 8.2 server and I now have two problems:

1) When I receive an email from someone or I send myself a test email the subject line is blank and it says it is from "SpamAssasin user". The contents of the email are blank.

This is all I can see in the message header:

Code:

Message-Id: <20120421212622.03562217168@mail.xxxx.com>
Date: Sat, 21 Apr 2012 22:26:22 +0100 (BST)
From: xxxx@googlemail.com (SpamAssassin user)

In the maillog logfile:

Code:

Apr 21 22:28:51 alpha postfix/smtpd[80688]: 5BCBC216F4F: client=mail-ob0-f170.google.com[209.85.214.170]
Apr 21 22:28:51 alpha postfix/cleanup[80692]: 5BCBC216F4F: message-id=
 <CANf_VzpDkh5qwaJK3k5vTvxoDGEvEOUqjLs8vHSR9xqQjzjXdA@mail.gmail.com>
Apr 21 22:28:51 alpha postfix/qmgr[42825]: 5BCBC216F4F: from=<xxxx@googlemail.com>, size=1763, nrcpt=1 (queue active)
Apr 21 22:28:51 alpha postfix/pipe[80693]: 5BCBC216F4F: to=<admin@xxxxx.com>, relay=spamd, delay=0.47, delays=0.45/0.01/0/0.02,
 dsn=2.0.0, status=sent (delivered via spamd service)
Apr 21 22:28:51 alpha postfix/qmgr[42825]: 5BCBC216F4F: removed
Apr 21 22:28:51 alpha postfix/pickup[42826]: AAF39217168: uid=58 from=<xxxx@googlemail.com>
Apr 21 22:28:51 alpha postfix/cleanup[80692]: AAF39217168: message-id=<20120421212851.AAF39217168@mail.xxxx.com>
Apr 21 22:28:51 alpha postfix/qmgr[42825]: AAF39217168: from=<xxxx@googlemail.com>, size=270, nrcpt=1 (queue active)
Apr 21 22:28:51 alpha postfix/local[80698]: AAF39217168: to=<xxxx@xxxx.com>, orig_to=<xxxx@xxxx.com>, relay=local, delay=0.04,
 delays=0.01/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to command: /usr/local/bin/procmail)
Apr 21 22:28:51 alpha postfix/qmgr[42825]: AAF39217168: removed

2) There must have been a major change in OpenSSH because when I run the following script to check the share libraries:

Code:

#!/bin/sh
localbase="/usr/local"
libdirs="/bin /sbin /libexec /lib /usr/bin /usr/sbin /usr/lib /usr/libexec \
  ${localbase}/bin ${localbase}/sbin ${localbase}/lib ${localbase}/libexec"

  echo "===> Checking for unresolvable libraries"

  for d in ${libdirs}; do
    echo "Checking ${d}..."
    for f in $(find ${d} -type f); do
      check=$(ldd "${f}" 2>&1 | grep -v "not a dynamic" | grep "found")
      if [ $? -eq 0 ]; then
        echo "Found a problem in ${f}"
        echo "${check}"
      fi
    done
  done

I now get the following results:

Code:

Found a problem in /usr/local/bin/ssh-add
        libcrypto.so.7 => not found (0x0)
Found a problem in /usr/local/bin/ssh-keygen
        libcrypto.so.7 => not found (0x0)
Found a problem in /usr/local/bin/ssh-keyscan
        libcrypto.so.7 => not found (0x0)
Found a problem in /usr/local/bin/spamc
        libssl.so.7 => not found (0x0)
        libcrypto.so.7 => not found (0x0)
Found a problem in /usr/local/bin/ssh-agent
        libcrypto.so.7 => not found (0x0)
Found a problem in /usr/local/bin/sftp
        libcrypto.so.7 => not found (0x0)
Found a problem in /usr/local/bin/ssh
        libcrypto.so.7 => not found (0x0)
Found a problem in /usr/local/bin/scp
        libcrypto.so.7 => not found (0x0)
Checking /usr/local/sbin...
Found a problem in /usr/local/sbin/sshd
        libcrypto.so.7 => not found (0x0)
Checking /usr/local/lib...
Found a problem in /usr/local/lib/libsslspamc.so.0
        libssl.so.7 => not found (0x0)
        libcrypto.so.7 => not found (0x0)
Checking /usr/local/libexec...
Found a problem in /usr/local/libexec/ssh-keysign
        libcrypto.so.7 => not found (0x0)
Found a problem in /usr/local/libexec/sftp-server
        libcrypto.so.7 => not found (0x0)
Found a problem in /usr/local/libexec/ssh-pkcs11-helper
        libcrypto.so.7 => not found (0x0)

Also, if I run /usr/local/sbin/sshd, I get:

Code:

/libexec/ld-elf.so.1: Shared object "libcrypto.so.7" not found, required by "sshd"

Can someone please help me with my email and SSH issue

I have tried going through the logs and restarted the services since they were updated but to no avail. I am now stumped.

Thanks for any help.

xy16644 · #2 April 21st, 2012, 22:54

When I try to restart SSH I get:

Code:

OpenSSL version mismatch. Built against 1000007f, you have 1000101f
/etc/rc.d/sshd: WARNING: failed to start sshd

**wblock@** · #3 April 21st, 2012, 22:59

See entry 20120419 in /usr/ports/UPDATING.

xy16644 · #4 April 21st, 2012, 23:04

Quote:

Originally Posted by wblock@

See entry 20120419 in /usr/ports/UPDATING.

Mine only goes up to 20120418!

xy16644 · #5 April 21st, 2012, 23:12

Receiving email seems to be working now but I'm not sure what fixed it.

Do I just need to run:

Code:

portmaster -r openssl

and that will fix my SSH issue?

**wblock@** · #6 April 22nd, 2012, 00:58

That entry was added after OpenSSL was updated. Update the ports tree now and it will be there. But yes, portmaster -r openssl is what is advised there.

xy16644 · #7 April 22nd, 2012, 09:49

If I uninstall OpenSSL and then reinstall the port will this also fix the problem I am experiencing?

I am busy running:

Code:

portmaster -r openssl

but it's now given me a stop error saying that the make failed and that it is aborting the update. This occurs on the texinfo and krb5 port.

**wblock@** · #8 April 22nd, 2012, 15:29

Quote:

Originally Posted by xy16644

If I uninstall OpenSSL and then reinstall the port will this also fix the problem I am experiencing?

No, or probably not, depending on how you do it. The problem is that after upgrading openssl, the applications that depend on it have to be rebuilt to use the new version.

Quote:

I am busy running:

Code:

portmaster -r openssl

but it's now given me a stop error saying that the make failed and that it is aborting the update. This occurs on the texinfo and krb5 port.

I have neither of those, but again, make sure you have the latest ports tree.

xy16644 · #9 April 22nd, 2012, 15:36

I do have the latest ports tree now but I still get those stop errors when running portmaster -r openssl

I'm not really sure what to do next.

**wblock@** · #10 April 22nd, 2012, 15:42

Capture the error output, including the lines where the error happened, not just the end, and post it. If you are using some custom settings in /etc/make.conf like a newer version of gcc or custom CFLAGS, post those too.

xy16644 · #11 April 22nd, 2012, 15:45

Normally I would but since I can't SSH into the server I can't copy and paste the error from Puttys screen into a post ;-)

Is there another way? The server doesn't run a GUI but I can physically get to it and logon at the console with a keyboard.

**wblock@** · #12 April 22nd, 2012, 16:47

Use script(1) to capture output. Then use scp(1) to copy it to another machine.

xy16644 · #13 May 4th, 2012, 17:04

Thanks Wblock.

I have attached the output from using the script command you mentioned. I still can't get my SSH service to start again. I hope the log file helps because I am stumped!

**wblock@** · #14 May 4th, 2012, 20:43

The build of kbr5 failed because it could not download a dependency, print/texinfo.

Code:

# cd /usr/ports/print/texinfo
# make distclean
# make fetch

Do that last step until it manages to download the file, then use the portmaster line shown in that capture file to continue.

If it was an emergency, you could try rebuilding security/openssh-portable by itself.

xy16644 · #15 May 4th, 2012, 21:19

Thank you! I will give this a try tomorrow. When I run the portmaster line in the capture file, do I run this entire command:

Code:

portmaster <flags> security/krb5 print/texinfo print/latex-cjk print/teTeX print/xdvik www/links1 

sysutils/munin-common security/p5-Net-SSLeay sysutils/munin-node shells/bash net/ntp mail/opendkim 

security/openssh-portable security/p5-Crypt-OpenSSL-Bignum security/p5-Crypt-OpenSSL-RSA security/p5-Crypt-

OpenSSL-Random security/p5-IO-Socket-SSL mail/p5-Mail-DKIM mail/p5-Mail-SpamAssassin www/p5-libwww net/p5-

Net-HTTP devel/pecl-intl ftp/php5-curl textproc/php5-dom graphics/php5-gd devel/php5-gettext security/php5-

hash converters/php5-iconv devel/php5-json converters/php5-mbstring security/php5-mcrypt databases/php5-mysqli 

security/php5-openssl databases/php5-pdo databases/php5-pdo_mysql databases/php5-pdo_sqlite textproc/php5-

pspell textproc/php5-simplexml databases/php5-sqlite devel/php5-tokenizer archivers/php5-zip ports-

mgmt/portupgrade databases/ruby-bdb lang/ruby18 mail/postfix mail/roundcube mail/squirrelmail sysutils/webmin 

www/wordpress chinese/docproj

**wblock@** · #16 May 4th, 2012, 22:27

Yes, but take out the <flags>, or replace it with any portmaster flags you were using.

xy16644 · #17 May 5th, 2012, 13:46

Thanks wblock, SSH is now working!

I had to completely uninstall texinfo:

Code:

cd /usr/ports/print/texinfo
make deinstall

and then I ran:
portmaster -r openssl

After doing this I was able to start SSH again. The only thing is when I did start the service it said:

Code:

error: Could not load host key: /usr/local/etc/ssh/ssh_host_ecdsa_key

Is this worth worrying about?

Also when I ran:
pkg_version -vIL=

I get this:

Code:

bn-freebsd-doc-20111014             <   needs updating (index has 20120308)
munin-main-1.2.6_1                  !   Comparison failed
pkg_version: corrupted record (pkgdep line without argument), ignoring
pkg_version: corrupted record (pkgdep line without argument), ignoring
pkg_version: corrupted record (pkgdep line without argument), ignoring
pkg_version: corrupted record (pkgdep line without argument), ignoring

Is there a way to sort out these errors?

Many thanks for your help. It's nice to be able to SSH to my server again

**wblock@** · #18 May 5th, 2012, 15:19

The missing key may or may not be a problem, depending on how the system is used. Look up whatever caused you to install openssh-portable in the first place.

# portmaster --check-depends
will try to fix those corrupted records. Or to just find which they are:
% find /var/db/pkg -name "+CONTENTS" -exec egrep -B1 -H 'pkgdep $' {} \; | less

Rebuilding them is probably the easiest way to fix them.

xy16644 · #19 May 5th, 2012, 15:29

Quote:

Originally Posted by wblock@

The missing key may or may not be a problem, depending on how the system is used. Look up whatever caused you to install openssh-portable in the first place.

# portmaster --check-depends
will try to fix those corrupted records. Or to just find which they are:
% find /var/db/pkg -name "+CONTENTS" -exec egrep -B1 -H 'pkgdep $' {} \; | less

Rebuilding them is probably the easiest way to fix them.

I currently use an OpenPGP smart card to access my system via SSH. No password logons are allowed at all remotely. I can login with a password at the console though. SSH seems fine so far and I have had no issues logging in with the smart card.

I ran:
portmaster --check-depends

and I had several of these:

Code:

===>>> Checking zh-docproj-0.1.20060303_5
        ===>>> Updating zh-docproj-0.1.20060303_5/+REQUIRED_BY
        ===>>> Updating @pkgdep for x11-toolkits/libXaw
        ===>>> print/ghostscript8 is listed as a dependency
        ===>>> but there is no installed version

        ===>>> Delete this dependency data? y/n [n]

        ===>>> print/cmpsfont is listed as a dependency
        ===>>> but there is no installed version

        ===>>> Delete this dependency data? y/n [n]

        ===>>> print/amspsfnt is listed as a dependency
        ===>>> but there is no installed version

        ===>>> Delete this dependency data? y/n [n]

I said "no" to all these prompts as I wasn't sure what the consequences would be?

Running:
find /var/db/pkg -name "+CONTENTS" -exec egrep -B1 -H 'pkgdep $' {} \; | less

returned:

Code:

/var/db/pkg/peps-2.0_4/+CONTENTS-@comment DEPORIGIN:devel/gettext
/var/db/pkg/peps-2.0_4/+CONTENTS:@pkgdep
/var/db/pkg/zh-docproj-0.1.20060303_5/+CONTENTS-@comment DEPORIGIN:print/gsfonts
/var/db/pkg/zh-docproj-0.1.20060303_5/+CONTENTS:@pkgdep
--
/var/db/pkg/zh-docproj-0.1.20060303_5/+CONTENTS-@comment DEPORIGIN:print/cups-client
/var/db/pkg/zh-docproj-0.1.20060303_5/+CONTENTS:@pkgdep
/var/db/pkg/zh-docproj-0.1.20060303_5/+CONTENTS-@comment DEPORIGIN:print/cmpsfont
/var/db/pkg/zh-docproj-0.1.20060303_5/+CONTENTS:@pkgdep
/var/db/pkg/docproj-jadetex-1.17_4/+CONTENTS-@comment DEPORIGIN:print/gsfonts
/var/db/pkg/docproj-jadetex-1.17_4/+CONTENTS:@pkgdep
--
/var/db/pkg/docproj-jadetex-1.17_4/+CONTENTS-@comment DEPORIGIN:print/teTeX-texmf
/var/db/pkg/docproj-jadetex-1.17_4/+CONTENTS:@pkgdep
/var/db/pkg/docproj-jadetex-1.17_4/+CONTENTS-@comment DEPORIGIN:print/cmpsfont
/var/db/pkg/docproj-jadetex-1.17_4/+CONTENTS:@pkgdep

xy16644 · #20 May 5th, 2012, 15:38

I think it's all working now as when I run portmanager -u it says that all the ports are up to date with no errors. I did also uninstall the bn-freebsd-doc and docproj-jadetex port manually. After that I ran portmaster --check-depends
and that seems to have done the trick! Many thanks for all your help.

**wblock@** · #21 May 5th, 2012, 15:44

Quote:

Originally Posted by xy16644

Code:

find /var/db/pkg -name "+CONTENTS" -exec egrep -B1 -H 'pkgdep $' {} \; | less

returned:

Code:

/var/db/pkg/peps-2.0_4/+CONTENTS-@comment DEPORIGIN:devel/gettext
/var/db/pkg/peps-2.0_4/+CONTENTS:@pkgdep
/var/db/pkg/zh-docproj-0.1.20060303_5/+CONTENTS-@comment DEPORIGIN:print/gsfonts
/var/db/pkg/zh-docproj-0.1.20060303_5/+CONTENTS:@pkgdep
--
/var/db/pkg/zh-docproj-0.1.20060303_5/+CONTENTS-@comment DEPORIGIN:print/cups-client
/var/db/pkg/zh-docproj-0.1.20060303_5/+CONTENTS:@pkgdep
/var/db/pkg/zh-docproj-0.1.20060303_5/+CONTENTS-@comment DEPORIGIN:print/cmpsfont
/var/db/pkg/zh-docproj-0.1.20060303_5/+CONTENTS:@pkgdep
/var/db/pkg/docproj-jadetex-1.17_4/+CONTENTS-@comment DEPORIGIN:print/gsfonts
/var/db/pkg/docproj-jadetex-1.17_4/+CONTENTS:@pkgdep
--
/var/db/pkg/docproj-jadetex-1.17_4/+CONTENTS-@comment DEPORIGIN:print/teTeX-texmf
/var/db/pkg/docproj-jadetex-1.17_4/+CONTENTS:@pkgdep
/var/db/pkg/docproj-jadetex-1.17_4/+CONTENTS-@comment DEPORIGIN:print/cmpsfont
/var/db/pkg/docproj-jadetex-1.17_4/+CONTENTS:@pkgdep

The filename of the port with the problem is shown first. The comment line above the missing pkgdep line shows what dependency is missing, possibly due to errors during rebuild.

Rebuilding graphics/peps should fix the first one, either just fixing the pkgdep line or installing print/gsfonts if it is really missing.

Likewise with misc/freebsd-doc-zh_cn (or _tw) and textproc/docproj-jadetext. Those could be deinstalled if you don't use those local copies of the FreeBSD documentation.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
[Solved] Conky 1.8.1 apcupsd broken/Conky 1.7.2_4 cpu broken.	Dru	Installation and Maintenance of FreeBSD Ports or Packages	2	November 10th, 2011 14:49
[Solved] postfix-2.5.11,2 is marked as broken	gpdahl	Installation and Maintenance of FreeBSD Ports or Packages	1	April 28th, 2011 15:52
postfix - sasl - authdaemon - postfix - mysql	mibeas	Web & Network Services	4	March 19th, 2010 21:39
USB broken? Binary updates broken?	donallen	Peripheral Hardware	20	January 23rd, 2010 14:06
[Solved] postfix: fatal: chdir(/usr/libexec/postfix): No such file or directory	Blodia	Web & Network Services	21	January 12th, 2010 15:54