|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Wietse Venema (wietse
porcupine.org)
Date: Fri Feb 01 2008 - 15:00:34 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Victor Duchovni:
> On Fri, Feb 01, 2008 at 11:33:09AM -0800, Alex Zepeda wrote:
>
> > Victor Duchovni wrote:
> >
> > > No Postfix (as of at least 2.2.0 which is the first official release
> > > that supports TLS) recomputes all EHLO features after STARTTLS. So your
> > > problem is elsewhere. Perhaps you don't have SASL "login" support in your
> > > Cyrus SASL library.
> >
> > As in my original post, the server *returns a null auth list* before
> > TLS, and returns an auth indicating login support *after* TLS.
>
> You don't need to repeat this a 3rd time...
>
> > If
> > Postfix is not recomputing (yay potential man in the middle attacks)
> > after TLS, then yes it's not a matter of what's been compiled in -- it's
> > looking at the 'wrong' features list.
>
> As I tried to say (but dropped a comma after "No"), Postfix recomputs
> all EHLO features after STARTTLS, including the SASL mechanisms, so
> your hypothesis is wrong. Postfix is NOT looking at the wrong feature
> list, so resume your debugging with the knowledge that "LOGIN" is seen,
> but not being accepted. Are you sure you have not disabled "plaintext"
> mechanisms? Are you sure you have Cyrus SASL's "login" module? ...
Check out these parameters:
smtp_sasl_security_options (options BEFORE STARTTLS)
smtp_sasl_tls_security_options (options AFTER STARTTLS)
If smtp_sasl_tls_security_options disallows plaintext login
then Postfix won't use the LOGIN method.
Of course, if you don't have the SASL shared library object for LOGIN,
then Postfix won't use the LOGIN method either.
Wietse
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]