Gentoo Logo
Gentoo Spaceship

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
To: gentoo-security@g.o
From: Joe Strusz <jstrusz@...>
Subject: Re: postfix and SASL
Date: Wed, 05 Oct 2005 08:08:51 -0500
Whenever i telnet to port 25, and issue the AUTH PLAIN command i receive this:

538: Encryption required for requested authentication mechanism.

What does this mean?

I could really use some help on this... its been bugging me for weeks now.

Also, I do have smtpd_tls_auth_only = yes line

Please help


Your fellow befumbled gentoo user.

>X-Original-To: jstrusz@...
>Delivered-To: jstrusz@...
>Delivered-To: <gentoo-security@g.o>
>Date: Wed, 05 Oct 2005 12:36:01 +0100
>From: Jonathan Wright <mail@...>
>User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050822)
>X-Accept-Language: en-us, en
>List-Post: <mailto:gentoo-security@g.o>
>List-Help: <mailto:gentoo-security+help@g.o>
>List-Unsubscribe: <mailto:gentoo-security+unsubscribe@g.o>
>List-Subscribe: <mailto:gentoo-security+subscribe@g.o>
>List-Id: Gentoo Linux mail <>
>X-BeenThere: gentoo-security@g.o
>Reply-To: gentoo-security@g.o
>To: gentoo-security@g.o
>Subject: Re: [gentoo-security] postfix and SASL
>X-Virus-Scanned: This message was scanned for viruses by ClamAV.
>X-Spam-Status: No, hits=-2.599 tagged_above=-100 required=6.5 tests=BAYES_00
>Benjamin A'Lee wrote:
>>>Not sure but: why on port 25 and not on 465 ?
>>I don't think it actually matters which port; IIRC it just enables
>>STARTTLS by default on 465.
>Port 465 is for SSL (i.e. secure communication before any 
>application data is transferred) and Port 25 accepts TLS (where the 
>data is secured once both parties accept, however, application data 
>transfer has occurred).
>Anyway, with telnet you can't talk on port 465 :)
> > I have confirmed postfix is indeed compiled with SASL support.  And i
> > have TLS working great.  However when i telnet to port 25 and issue the
> > ehlo command, i do receive the starttls etc... yet no AUTH PLAIN
> > lines...
>Depending on the configuration, AUTH PLAIN can either be disabled, 
>or more likely, it's only send should STARTTLS be issued. I have the 
>following lines in my
>-- cut -----------------------------------------
>smtpd_sasl_auth_enable = yes
>smtpd_sasl_security_options = noanonymous, noplaintext
>broken_sasl_auth_clients = yes
>smtpd_sasl_local_domain =
>smtpd_recipient_restrictions = permit_sasl_authenticated, 
>permit_mynetworks, reject_unauth_destination
>smtpd_use_tls = yes
>smtpd_tls_auth_only = yes
>smtpd_tls_key_file = /etc/postfix/cacert/kenny.key
>smtpd_tls_cert_file = /etc/postfix/cacert/kenny.pem
>smtpd_tls_CAfile = /etc/postfix/cacert/cacert.pem
>smtpd_tls_loglevel = 1
>smtpd_tls_received_header = yes
>smtpd_tls_session_cache_timeout = 3600s
>tls_random_source = dev:/dev/urandom
>-- cut -----------------------------------------
>TLS is enabled, but smtpd_tls_auth_only will only permit 
>authorization from clients who have issued (and successfully 
>negotiated) the STARTTLS comment.
>Also, you can define what methods Postfix accepts by modifying the 
>smtp_sasl_security_options directive.
>  Jonathan Wright                           ~ mail at
>                                            ~
>  2.6.12-gentoo-r6-djnauk-b2 AMD Athlon(tm) XP 2100+
>  up 5 days,  3:02,  4 users,  load average: 0.72, 0.97, 0.71
>  "I don't mind straight  people  as  long  as  they  act  gay  in
>  public."
>              ~ T-shirt worn by Dennis Rodman of the Chicago Bulls
>gentoo-security@g.o mailing list

Joe Strusz

IT Assistant
Oxford Publishing, Inc.
307 West Jackson Avenue
Oxford, MS 38655-2154

gentoo-security@g.o mailing list

Re: postfix and SASL
-- David vasil
Re: postfix and SASL
-- Joerg Mertin
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
postfix and SASL
Next by thread:
Re: postfix and SASL
Previous by date:
Re: postfix and SASL
Next by date:
Re: postfix and SASL

Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.