Gentoo Logo
Gentoo Spaceship

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
To: gentoo-security@g.o
From: Jonathan Wright <mail@...>
Subject: Re: postfix and SASL
Date: Wed, 05 Oct 2005 12:36:01 +0100
Benjamin A'Lee wrote:
>>Not sure but: why on port 25 and not on 465 ?
> I don't think it actually matters which port; IIRC it just enables
> STARTTLS by default on 465.

Port 465 is for SSL (i.e. secure communication before any application 
data is transferred) and Port 25 accepts TLS (where the data is secured 
once both parties accept, however, application data transfer has occurred).

Anyway, with telnet you can't talk on port 465 :)

 > I have confirmed postfix is indeed compiled with SASL support.  And i
 > have TLS working great.  However when i telnet to port 25 and issue the
 > ehlo command, i do receive the starttls etc... yet no AUTH PLAIN
 > lines...

Depending on the configuration, AUTH PLAIN can either be disabled, or 
more likely, it's only send should STARTTLS be issued. I have the 
following lines in my

-- cut -----------------------------------------
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous, noplaintext
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain =
smtpd_recipient_restrictions = permit_sasl_authenticated, 
permit_mynetworks, reject_unauth_destination

smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/cacert/kenny.key
smtpd_tls_cert_file = /etc/postfix/cacert/kenny.pem
smtpd_tls_CAfile = /etc/postfix/cacert/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
-- cut -----------------------------------------

TLS is enabled, but smtpd_tls_auth_only will only permit authorization 
from clients who have issued (and successfully negotiated) the STARTTLS 

Also, you can define what methods Postfix accepts by modifying the 
smtp_sasl_security_options directive.


  Jonathan Wright                           ~ mail at
  2.6.12-gentoo-r6-djnauk-b2 AMD Athlon(tm) XP 2100+
  up 5 days,  3:02,  4 users,  load average: 0.72, 0.97, 0.71
  "I don't mind straight  people  as  long  as  they  act  gay  in

              ~ T-shirt worn by Dennis Rodman of the Chicago Bulls
gentoo-security@g.o mailing list

postfix and SASL
-- Joe Strusz
Re: postfix and SASL
-- Christophe Garault
Re: postfix and SASL
-- Benjamin A'Lee
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: postfix and SASL
Next by thread:
postfix and SASL
Previous by date:
Re: postfix and SASL
Next by date:
Re: postfix and SASL

Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.