Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: "Joerg Mertin" <smurphy@...>
Subject: Re: Fwd: Re: postfix and SASL
Date: Wed, 5 Oct 2005 15:37:57 +0200 (CEST)
I bet it has something to do with your sasl configuration.
Had that back in time too... Check it is working.
I have linked the saslauth to pam/ldap - so I can have local and remote
users going in... Took me some time to figure this out.
It's too long ago for me to remember details - but that's where I would
look if I were you...
Check your logs mail/sytem and auth for hints.

Cheers

Joerg

<quote who="Joe Strusz">
> OK, well i disabled the smtpd_tl_auth_only line.
>
> And now whenever i try to connect via say outlook express on a client
> machine...
>
> I check the box that says, "my outgoing server requires
> authentication", and i do get the password prompt, however whichever
> login/password i try to use it gets rejected, over and over and over
> again...
>
>
> any suggestions?
>
>>X-Original-To: jstrusz@...
>>Delivered-To: jstrusz@...
>>Delivered-To: <gentoo-security@g.o>
>>Date: Wed, 5 Oct 2005 15:15:22 +0200 (CEST)
>>Subject: Re: [gentoo-security] postfix and SASL
>>From: "Joerg Mertin" <smurphy@...>
>>To: gentoo-security@g.o
>>User-Agent: SquirrelMail/1.4.4
>>List-Post: <mailto:gentoo-security@g.o>
>>List-Help: <mailto:gentoo-security+help@g.o>
>>List-Unsubscribe: <mailto:gentoo-security+unsubscribe@g.o>
>>List-Subscribe: <mailto:gentoo-security+subscribe@g.o>
>>List-Id: Gentoo Linux mail <gentoo-security.gentoo.org>
>>X-BeenThere: gentoo-security@g.o
>>Reply-To: gentoo-security@g.o
>>X-Virus-Scanned: ClamAV scanned @ Stargate
>>X-MIME-Autoconverted: from quoted-printable to 8bit by
>>robin.gentoo.org id j95D76GO003964
>>X-Virus-Scanned: This message was scanned for viruses by ClamAV.
>>X-Spam-Status: No, hits=-2.599 tagged_above=-100 required=6.5
>> tests=BAYES_00
>>X-Spam-Level:
>>
>>OK - as this seem to be quite difficutl for many - here my configuration
>>of postfix - TLS and SASL parts only:
>>
>>## TLS
>>#  Transport Layer Security
>>#
>>smtpd_use_tls = yes
>>smtpd_tls_auth_only = yes
>>smtpd_tls_key_file = /etc/ssl/postfix/stargate.solsys.org.key
>>smtpd_tls_cert_file = /etc/ssl/postfix/stargate.solsys.org.crt
>>smtpd_tls_CAfile = /etc/ssl/postfix/stargate.solsys.org.pem
>>smtpd_tls_loglevel = 3
>>smtpd_tls_received_header = yes
>>smtpd_tls_session_cache_timeout = 3600s
>>tls_random_source = dev:/dev/urandom
>>
>># SASL SUPPORT FOR CLIENTS
>>#
>># The following options set parameters needed by Postfix to enable
>># Cyrus-SASL support for authentication of mail clients.
>>#
>>broken_sasl_auth_clients = yes
>>smtpd_sasl_auth_enable = yes
>>smtpd_sasl_security_options = noanonymous
>>smtpd_data_restrictions = reject_unauth_pipelining
>>smtpd_sasl_local_domain =
>>
>>
>>This setup works here for 2 Years ...
>>Cheers
>>
>>Joerg
>>
>>
>><quote who="Joe Strusz">
>> > Whenever i telnet to port 25, and issue the AUTH PLAIN command i
>> receive
>> > this:
>> >
>> > 538: Encryption required for requested authentication mechanism.
>> >
>> > What does this mean?
>> >
>> > I could really use some help on this... its been bugging me for weeks
>> now.
>> >
>> > Also, I do have smtpd_tls_auth_only = yes line
>> >
>> >
>> > Please help
>> >
>> > blargh.
>> >
>> > Your fellow befumbled gentoo user.
>> >
>> >
>> >
>> >>X-Original-To: jstrusz@...
>> >>Delivered-To: jstrusz@...
>> >>Delivered-To: <gentoo-security@g.o>
>> >>Date: Wed, 05 Oct 2005 12:36:01 +0100
>> >>From: Jonathan Wright <mail@...>
>> >>User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050822)
>> >>X-Accept-Language: en-us, en
>> >>List-Post: <mailto:gentoo-security@g.o>
>> >>List-Help: <mailto:gentoo-security+help@g.o>
>> >>List-Unsubscribe: <mailto:gentoo-security+unsubscribe@g.o>
>> >>List-Subscribe: <mailto:gentoo-security+subscribe@g.o>
>> >>List-Id: Gentoo Linux mail <gentoo-security.gentoo.org>
>> >>X-BeenThere: gentoo-security@g.o
>> >>Reply-To: gentoo-security@g.o
>> >>To: gentoo-security@g.o
>> >>Subject: Re: [gentoo-security] postfix and SASL
>> >>X-Virus-Scanned: This message was scanned for viruses by ClamAV.
>> >>X-Spam-Status: No, hits=-2.599 tagged_above=-100 required=6.5
>> >> tests=BAYES_00
>> >>X-Spam-Level:
>> >>
>> >>Benjamin A'Lee wrote:
>> >>>>Not sure but: why on port 25 and not on 465 ?
>> >>>I don't think it actually matters which port; IIRC it just enables
>> >>>STARTTLS by default on 465.
>> >>
>> >>Port 465 is for SSL (i.e. secure communication before any
>> >>application data is transferred) and Port 25 accepts TLS (where the
>> >>data is secured once both parties accept, however, application data
>> >>transfer has occurred).
>> >>
>> >>Anyway, with telnet you can't talk on port 465 :)
>> >>
>> >> > I have confirmed postfix is indeed compiled with SASL support.  And
>> i
>> >> > have TLS working great.  However when i telnet to port 25 and issue
>> >> the
>> >> > ehlo command, i do receive the starttls etc... yet no AUTH PLAIN
>> >> > lines...
>> >>
>> >>Depending on the configuration, AUTH PLAIN can either be disabled,
>> >>or more likely, it's only send should STARTTLS be issued. I have the
>> >>following lines in my main.cf:
>> >>
>> >>-- cut -----------------------------------------
>> >># SMTPD SERVER CONTROLS
>> >>smtpd_sasl_auth_enable = yes
>> >>smtpd_sasl_security_options = noanonymous, noplaintext
>> >>broken_sasl_auth_clients = yes
>> >>smtpd_sasl_local_domain =
>> >>smtpd_recipient_restrictions = permit_sasl_authenticated,
>> >>permit_mynetworks, reject_unauth_destination
>> >>
>> >>smtpd_use_tls = yes
>> >>smtpd_tls_auth_only = yes
>> >>smtpd_tls_key_file = /etc/postfix/cacert/kenny.key
>> >>smtpd_tls_cert_file = /etc/postfix/cacert/kenny.pem
>> >>smtpd_tls_CAfile = /etc/postfix/cacert/cacert.pem
>> >>smtpd_tls_loglevel = 1
>> >>smtpd_tls_received_header = yes
>> >>smtpd_tls_session_cache_timeout = 3600s
>> >>tls_random_source = dev:/dev/urandom
>> >>-- cut -----------------------------------------
>> >>
>> >>TLS is enabled, but smtpd_tls_auth_only will only permit
>> >>authorization from clients who have issued (and successfully
>> >>negotiated) the STARTTLS comment.
>> >>
>> >>Also, you can define what methods Postfix accepts by modifying the
>> >>smtp_sasl_security_options directive.
>> >>
>> >>HTH,
>> >>
>> >>--
>> >>  Jonathan Wright                           ~ mail at djnauk.co.uk
>> >>                                            ~ www.djnauk.co.uk
>> >>--
>> >>  2.6.12-gentoo-r6-djnauk-b2 AMD Athlon(tm) XP 2100+
>> >>  up 5 days,  3:02,  4 users,  load average: 0.72, 0.97, 0.71
>> >>--
>> >>  "I don't mind straight  people  as  long  as  they  act  gay  in
>> >>  public."
>> >>
>> >>              ~ T-shirt worn by Dennis Rodman of the Chicago Bulls
>> >>--
>> >>gentoo-security@g.o mailing list
>> >
>> >
>> > Joe Strusz
>> >
>> > IT Assistant
>> > Oxford Publishing, Inc.
>> > 307 West Jackson Avenue
>> > Oxford, MS 38655-2154
>> > 800-247-3881
>> > 662-236-5510x40
>> > jstrusz@...
>> > http://www.nightclub.com
>> >
>> >
>> > --
>> > gentoo-security@g.o mailing list
>> >
>> >
>>
>>
>>--
>>------------------------------------------------------------------------
>>| Joerg Mertin              :  smurphy@...                (Home)|
>>| in Forchheim/Germany      :  smurphy@...                  (Alt1)|
>>| Stardust's LiNUX System   :                                          |
>>| Web: http://www.solsys.org                                           |
>>------------------------------------------------------------------------
>>PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A
>>
>>
>>
>>--
>>gentoo-security@g.o mailing list
>
>
> Joe Strusz
>
> IT Assistant
> Oxford Publishing, Inc.
> 307 West Jackson Avenue
> Oxford, MS 38655-2154
> 800-247-3881
> 662-236-5510x40
> jstrusz@...
> http://www.nightclub.com
>
>
> --
> gentoo-security@g.o mailing list
>
>


-- 
------------------------------------------------------------------------
| Joerg Mertin              :  smurphy@...                (Home)|
| in Forchheim/Germany      :  smurphy@...                  (Alt1)|
| Stardust's LiNUX System   :                                          |
| Web: http://www.solsys.org                                           |
------------------------------------------------------------------------
PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A



-- 
gentoo-security@g.o mailing list


References:
Fwd: Re: postfix and SASL
-- Joe Strusz
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Fwd: Re: postfix and SASL
Next by thread:
Re: Fwd: Re: postfix and SASL
Previous by date:
Fwd: Re: postfix and SASL
Next by date:
Re: Fwd: Re: postfix and SASL


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.