|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Victor Duchovni (Victor.Duchovni
MorganStanley.com)
Date: Fri Feb 01 2008 - 13:38:45 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Feb 01, 2008 at 11:33:09AM -0800, Alex Zepeda wrote:
> Victor Duchovni wrote:
>
> > No Postfix (as of at least 2.2.0 which is the first official release
> > that supports TLS) recomputes all EHLO features after STARTTLS. So your
> > problem is elsewhere. Perhaps you don't have SASL "login" support in your
> > Cyrus SASL library.
>
> As in my original post, the server *returns a null auth list* before
> TLS, and returns an auth indicating login support *after* TLS.
You don't need to repeat this a 3rd time...
> If
> Postfix is not recomputing (yay potential man in the middle attacks)
> after TLS, then yes it's not a matter of what's been compiled in -- it's
> looking at the 'wrong' features list.
As I tried to say (but dropped a comma after "No"), Postfix recomputs
all EHLO features after STARTTLS, including the SASL mechanisms, so
your hypothesis is wrong. Postfix is NOT looking at the wrong feature
list, so resume your debugging with the knowledge that "LOGIN" is seen,
but not being accepted. Are you sure you have not disabled "plaintext"
mechanisms? Are you sure you have Cyrus SASL's "login" module? ...
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]