|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: /dev/rob0 (rob0
gmx.co.uk)
Date: Sat May 03 2008 - 11:28:44 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat May 3 2008 11:10:56 nik600 wrote:
> infact, i've tried and if i use
>
> username test
> password test
>
> i can send email.. but these username isn't present in my mysql
> table.
You appear to have a valid user "test" with password "test". You need
to fix that in your Cyrus SASL backend.
$ telnet kumbemail.kumbe.it 25
Trying 84.18.157.49...
Connected to kumbemail.kumbe.it.
Escape character is '^]'.
220 kumbemail.kumbe.it ESMTP Postfix
EHLO hostname.example.net
250-kumbemail.kumbe.it
250-SIZE 100240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN dXNlcgB1c2VyAHRlc3Q=
535 5.7.8 Error: authentication failed: authentication failure
AUTH PLAIN dGVzdAB0ZXN0AHRlc3Q=
235 2.7.0 Authentication successful
quit
221 2.0.0 Bye
Connection closed by foreign host.
The failed auth is username "user" and password "test". The successful
auth was username "test" and password "test".
This is an exploitable weakness! I strongly suggest that you disable
AUTH until you find and fix the Cyrus SASL issue.
> Do you know if there is some default users?
AUTH credentials are passed through Postfix smtpd(8) to the specified
SASL implementation. If you didn't configure Cyrus SASL to use your
mysql for validation of credentials, then it's probably not doing so.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]