OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Craig Skinner (craig_skinnerlinuxmail.org)
Date: Wed Dec 12 2001 - 03:45:23 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    > > I dunno if this is due to cyrus/sasl/postfix.
    > > cyrus 2.0.16
    > > sasl 1.5.24
    > > postfix 20010228-pl08
    > > all from source in /usr/local on Linux.
    > >
    > > When using imtest (cyrus),
    > > imtest -a admin -m plain localhost >> fails
    (generic failure)
    >
    > Yes, you probably have shadow passwords, and imtest
    can't access the
    > shadow file. That's ok, you probably don't want
    plain anyway.

    Thought so. But why then does postfix say AUTH PLAIN
    below?

    > > > auth=cram-md5 & digest-md5
    >
    > > > imtest -a admin -m cram-md5|digest-md5|login
    localhost >> ok
    > > >
    > > > but......
    > >
    > > telnet localhost smtp
    > > 220 aberdeen.chstech.co.uk ESMTP Postfix
    > > ehlo localhost
    > > ..
    > > 250-AUTH LOGIN PLAIN
    > > 250-AUTH=LOGIN PLAIN
    > > ..
    > >
    > > no mention of cram or digest!

    > Postfix uses whatever mechanisms SASL says it can
    handle.

    But imtest failed with PLAIN. ??

    > > postconf -n | grep sasl
    > > broken_sasl_auth_clients = yes
    > > lmtp_sasl_auth_enable = yes
    > > smtp_sasl_auth_enable = yes
    > > smtp_sasl_security_options =
    > > noplaintext,noanonymous,noactive,nodictionary
    > ^^^^^^^^^^^^^^^^^^^^^
    > Like I said before, lose those. They are only useful
    with Kerberos.

    ok

    postconf -n | grep sasl
    broken_sasl_auth_clients = yes
    lmtp_sasl_auth_enable = yes
    smtp_sasl_auth_enable = yes
    smtpd_sasl_auth_enable = yes

    No change to telnet localhost smtp

    > >
    > > sasldblistusers
    > > user: admin realm: aberdeen.chstech.co.uk mech:
    DIGEST-MD5
    > > user: cyrus realm: aberdeen.chstech.co.uk mech: PLAIN
    > > user: cyrus realm: aberdeen.chstech.co.uk mech:
    CRAM-MD5
    > > user: admin realm: aberdeen.chstech.co.uk mech: PLAIN
    > > user: admin realm: aberdeen.chstech.co.uk mech:
    CRAM-MD5
    > > user: cyrus realm: aberdeen.chstech.co.uk mech:
    DIGEST-MD5
    > >
    > > Here we have plain, digest & cram.
    > >
    > > Is this out of whack or what??
    > >
    > > Any ideas?
    >
    > Perhaps Postfix has a different idea about the realm
    it should check
    > passwords into than SASL? Try setting
    >
    > smtpd_sasl_local_domain = aberdeen.chstech.co.uk

    postconf myhostname
    myhostname = aberdeen.chstech.co.uk

    postconf smtpd_sasl_local_domain
    smtpd_sasl_local_domain = $myhostname

    >
    > Also make sure Postfix can read /etc/sasldb
    (warning: Postfix > doesn't use supplementary groups,
    so adding it to the Cyrus' group won't
    > work).

    ls -l /etc/sasldb
    -rw-r---- 1 cyrus postfix 12288 Dec 11 16:57 /etc/sasldb

    >
    > Regards,
    >
    > Liviu Daia

    What I am now suspicious of is DNS.

    The boss has only a cheep NON-STATIC ADSL connection
    at the moment, & so the network's DNS isn't
    functioning correctly.

    Could this be an issue here even though I am
    connecting to localhost via the loopback interface?

    Craig Skinner. 

    -- 

    Get your free email from www.linuxmail.org 


    Powered by Outblaze
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users