OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Liviu Daia (Liviu.Daiaimar.ro)
Date: Wed Dec 12 2001 - 05:24:22 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On 12 December 2001, Craig Skinner <craig_skinnerlinuxmail.org> wrote:
    > > > I dunno if this is due to cyrus/sasl/postfix.
    > > > cyrus 2.0.16
    > > > sasl 1.5.24
    > > > postfix 20010228-pl08
    > > > all from source in /usr/local on Linux.
    > > >
    > > > When using imtest (cyrus),
    > > > imtest -a admin -m plain localhost >> fails
    > (generic failure)
    > >
    > > Yes, you probably have shadow passwords, and imtest
    > can't access the
    > > shadow file. That's ok, you probably don't want
    > plain anyway.
    >
    > Thought so. But why then does postfix say AUTH PLAIN
    > below?
    >
    > > > > auth=cram-md5 & digest-md5
    > >
    > > > > imtest -a admin -m cram-md5|digest-md5|login
    > localhost >> ok
    > > > >
    > > > > but......
    > > >
    > > > telnet localhost smtp
    > > > 220 aberdeen.chstech.co.uk ESMTP Postfix
    > > > ehlo localhost
    > > > ..
    > > > 250-AUTH LOGIN PLAIN
    > > > 250-AUTH=LOGIN PLAIN
    > > > ..
    > > >
    > > > no mention of cram or digest!
    >
    > > Postfix uses whatever mechanisms SASL says it can
    > handle.
    >
    > But imtest failed with PLAIN. ??

        Postfix uses whatever mechanisms SASL says it can handle. If SASL
    says it can handle plain, it means it has support for plain compiled
    in. It doesn't necessarily mean that actually trying to use plain will
    succeed.

    [...]
    > > Perhaps Postfix has a different idea about the realm
    > it should check
    > > passwords into than SASL? Try setting
    > >
    > > smtpd_sasl_local_domain = aberdeen.chstech.co.uk
    >
    > postconf myhostname
    > myhostname = aberdeen.chstech.co.uk
    >
    > postconf smtpd_sasl_local_domain
    > smtpd_sasl_local_domain = $myhostname

        Ok.

    > > Also make sure Postfix can read /etc/sasldb
    > (warning: Postfix > doesn't use supplementary groups,
    > so adding it to the Cyrus' group won't
    > > work).
    >
    > ls -l /etc/sasldb
    > -rw-r---- 1 cyrus postfix 12288 Dec 11 16:57 /etc/sasldb

        Ok.

        Are you running Postfix chrooted? If you are, you should copy
    /etc/sasldb (better yet, link it into) the jail.

    > What I am now suspicious of is DNS.
    >
    > The boss has only a cheep NON-STATIC ADSL connection at the moment, &
    > so the network's DNS isn't functioning correctly.
    >
    > Could this be an issue here even though I am connecting to localhost
    > via the loopback interface?

        No. SMTP AUTH has nothing to do with DNS (not at that stage
    anyway).

        Regards,

        Liviu Daia 

    -- 
Dr. Liviu Daia               e-mail:   Liviu.Daiaimar.ro
Institute of Mathematics     web page: http://www.imar.ro/~daia
of the Romanian Academy      PGP key:  http://www.imar.ro/~daia/daia.asc
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users