3.5 image opens RELAYHOST_PASSWORD as filename

[geekscrapy]

The new image attempts to open RELAYHOST_PASSWORD as a file instead of a password string.

Partial conf:

    environment:
      - ALLOWED_SENDER_DOMAINS=mydomain.com
      - MASQUERADED_DOMAINS=mydomain.com
      - POSTFIX_myhostname=mailinator
      - RELAYHOST=smtp.gmail.com:587
      - [email protected]
      - RELAYHOST_PASSWORD=THE_RELAYHOST_PASSWORD

v3.4

2022-04-07T22:12:50.976885+00:00 INFO    postfix/smtpd[197]: connect from unknown[10.0.1.2]
2022-04-07T22:12:51.000331+00:00 INFO    postfix/smtpd[197]: 000EA801BD: client=unknown[10.0.1.2]
2022-04-07T22:12:51.003600+00:00 INFO    postfix/cleanup[199]: 000EA801BD: message-id=<[email protected]>
2022-04-07T22:12:51.007395+00:00 INFO    postfix/qmgr[191]: 000EA801BD: from=<[email protected]>, size=817, nrcpt=1 (queue active)
2022-04-07T22:12:51.011713+00:00 INFO    postfix/smtpd[197]: disconnect from unknown[10.0.1.2] helo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
2022-04-07T22:12:52.585657+00:00 INFO    postfix/smtp[193]: 000EA801BD: to=<[email protected]>, relay=smtp.gmail.com[108.177.15.109]:587, delay=1.6, delays=0.03/0/0.98/0.59, dsn=2.0.0, status=sent (250 2.0.0 OK  1649369574 e15-20020adfe38f000000b00205dc79d5b7sm17331644wrm.30 - gsmtp)
2022-04-07T22:12:52.587511+00:00 INFO    postfix/qmgr[191]: 000EA801BD: removed

v3.5

As you can see the file THE_RELAYHOST_PASSWORD is attempted to be read as a filename

2022-04-07T22:13:49.644609+00:00 INFO    postfix/smtpd[195]: connect from unknown[10.0.1.2]
2022-04-07T22:13:49.657704+00:00 INFO    postfix/smtpd[195]: A08A9800C6: client=unknown[10.0.1.2]
2022-04-07T22:13:49.660870+00:00 INFO    postfix/cleanup[198]: A08A9800C6: message-id=<[email protected]>
2022-04-07T22:13:49.665249+00:00 INFO    postfix/qmgr[194]: A08A9800C6: from=<[email protected]>, size=817, nrcpt=1 (queue active)
2022-04-07T22:13:49.669089+00:00 INFO    postfix/smtpd[195]: disconnect from unknown[10.0.1.2] helo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
2022-04-07T22:13:50.566147+00:00 INFO    postfix/smtp[199]: A08A9800C6: to=<[email protected]>, relay=smtp.gmail.com[108.177.15.108]:587, delay=0.91, delays=0.01/0.03/0.86/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.gmail.com[108.177.15.108]: generic failure)
2022-04-07T22:13:50.566440+00:00 WARNING sasl-xoauth2: auth failed: 2022-04-07 22:13:50: TokenStore::Read: failed to open file THE_RELAYHOST_PASSWORD: No such file or directory
2022-04-07T22:13:50.566447+00:00 WARNING sasl-xoauth2: set log_full_trace_on_failure to see full 8 line(s) of tracing.

[bokysan]

Hello.

While I do believe you, I (still) haven't been able to replicate the issue. There a new integration test in the code now -- can you try accommodating it to your use case and see if you can reproduce the issue?

[geekscrapy]

Yea I can have a go 👍

I'll take a look at my mount points as well, it may be an issue of persistence

[agross]

@geekscrapy I have the same issue. Probably it's not your fault.

[bokysan]

So the only real change that could potentially affect this is the upgrade of the Ubuntu version (and upgrade of the sasl-xoauth2) -- no other changes are even remotely connected to this.

Can you please try with these images, where the lib has been upgraded to 0.12 and see if they make any difference?

• v3.5.1-ubuntu-focal
• v3.5.1-ubuntu-impish

[agross]

@bokysan I normally use the Alpine version, but I tried regardless. Both images cannot resolve smtp.gmail.com:

INFO    postfix/smtp[652]: 83E1A120444: to=<[email protected]>, relay=none, delay=0.06, delays=0.04/0.03/0/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=smtp.gmail.com type=MX: Host not found, try again)

The Alpine image can resolve but tries to open a file named after the password as the OP described.

I'm a bit at a loss why this occurs. I tried the default Docker bridge network and another network so docker's DNS proxy is used.

The Ubuntu versions also cannot be stopped with Ctrl+C when I run the images in attached mode (Alpine stops successfully).

[remimikalsen]

I experience the same problem as the OP. Specifying version 3.4 when installing via helm solves the problem without changing the config.

[bokysan]

I am aware this is still an issue but so far wasn't able to find the problem. If anybody can give a hand, it will be apprecaited.

[bokysan]

Good news - I have been able to replicate the issue. It has nothing to do with shell scripts but with sasl-xauth2 plugin, which expects that password in smtp_sasl_password_maps file is not a password, but a link to a file.

So, now I just need to find out why the plugin is being invoked in the default configuration.

I'd like to note that this is an issue only with servers with support SASL XOAUTH2 login mechanism (and Google's SMTP is one of them) -- that's why I wasn't able to reproduce the issue with non-Google RELAYHOST.