|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Problems with SASL + TLS integration
From: Andreas Winkelmann (ml
awinkelmann.de)
Date: Sat May 27 2006 - 17:45:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am Saturday 27 May 2006 18:40 schrieb P v:
Please work on your Quoting-Style. It's hard to identify what's from you and
what's from Victor. Configure your MUA to use a Quoting-Sign, ">" is a good
selection.
> > 220 mail.philsdomain.com ESMTP Postfix
> > EHLO localhost
> > 250-mail.philsdomain.com
> > 250-PIPELINING
> > 250-SIZE 10240000
> > 250-VRFY
> > 250-ETRN
> > 250-STARTTLS
> > 250 8BITMIME
> > AUTH PLAIN cHZvcmlzAHB2b3JpcwBA8923cHRtZQ==
> > 538 Encryption required for requested authentication mechanism
> >
> > If I STARTTLS before the AUTH line, I get a closed connection.
>
> You can do TLS from telnet. You need an SSL tunnel for that.
>
> openssl s_client -starttls smtp -connect hostname:25
>
> works ok, so long as your don't need to send any lines that start with
> the letters "R" or "Q". Good enough to get basic done at times.
> On the server....
>
> 250-mail.philsdomain.com
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250 8BITMIME
> AUTH PLAIN cHZvcmlzAHB2b312432345532HRtZQ==
> 235 Authentication successful
>
> Having performed a successful auth, I ask two questions:
>
> 1] Assuming it is necessary for mail clients, what must I do to generate
> the AUTH headers: 250-AUTH=LOGIN PLAIN
> 250-AUTH=LOGIN PLAIN
Show your Config (postconf -n). I would guess, you have set
http://www.postfix.org/postconf.5.html#smtpd_tls_auth_only
> 2] Additionally, I have noted that in my /etc/sasl2/smtpd.conf:
>
> pwcheck_method: saslauthd
> #pwcheck_method: pwcheck
> mech_list: PLAIN LOGIN
>
> it doesn't seem to matter what pwcheck_method I use of the two noted above
> - at least where this limited testing is concerned. This gives me doubts
> about its actual behavior. I suppose I'm hoping for a way to verify that
> it's working properly.
Maybe you are changing a smtpd.conf which is not read from Postfix/Cyrus-SASL.
Maybe you have both daemons running. Maybe....
Without knowing more of your Configuration, it's hard to say something
definitely. Post the Output from "saslfinger -s".
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
--
Andreas
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]