1 |
Whenever i telnet to port 25, and issue the AUTH PLAIN command i receive this: |
2 |
|
3 |
538: Encryption required for requested authentication mechanism. |
4 |
|
5 |
What does this mean? |
6 |
|
7 |
I could really use some help on this... its been bugging me for weeks now. |
8 |
|
9 |
Also, I do have smtpd_tls_auth_only = yes line |
10 |
|
11 |
|
12 |
Please help |
13 |
|
14 |
blargh. |
15 |
|
16 |
Your fellow befumbled gentoo user. |
17 |
|
18 |
|
19 |
|
20 |
>X-Original-To: jstrusz@×××××.com |
21 |
>Delivered-To: jstrusz@×××××.com |
22 |
>Delivered-To: <gentoo-security@l.g.o> |
23 |
>Date: Wed, 05 Oct 2005 12:36:01 +0100 |
24 |
>From: Jonathan Wright <mail@×××××××××.uk> |
25 |
>User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050822) |
26 |
>X-Accept-Language: en-us, en |
27 |
>List-Post: <mailto:gentoo-security@l.g.o> |
28 |
>List-Help: <mailto:gentoo-security+help@g.o> |
29 |
>List-Unsubscribe: <mailto:gentoo-security+unsubscribe@g.o> |
30 |
>List-Subscribe: <mailto:gentoo-security+subscribe@g.o> |
31 |
>List-Id: Gentoo Linux mail <gentoo-security.gentoo.org> |
32 |
>X-BeenThere: gentoo-security@g.o |
33 |
>Reply-To: gentoo-security@l.g.o |
34 |
>To: gentoo-security@l.g.o |
35 |
>Subject: Re: [gentoo-security] postfix and SASL |
36 |
>X-Virus-Scanned: This message was scanned for viruses by ClamAV. |
37 |
>X-Spam-Status: No, hits=-2.599 tagged_above=-100 required=6.5 tests=BAYES_00 |
38 |
>X-Spam-Level: |
39 |
> |
40 |
>Benjamin A'Lee wrote: |
41 |
>>>Not sure but: why on port 25 and not on 465 ? |
42 |
>>I don't think it actually matters which port; IIRC it just enables |
43 |
>>STARTTLS by default on 465. |
44 |
> |
45 |
>Port 465 is for SSL (i.e. secure communication before any |
46 |
>application data is transferred) and Port 25 accepts TLS (where the |
47 |
>data is secured once both parties accept, however, application data |
48 |
>transfer has occurred). |
49 |
> |
50 |
>Anyway, with telnet you can't talk on port 465 :) |
51 |
> |
52 |
> > I have confirmed postfix is indeed compiled with SASL support. And i |
53 |
> > have TLS working great. However when i telnet to port 25 and issue the |
54 |
> > ehlo command, i do receive the starttls etc... yet no AUTH PLAIN |
55 |
> > lines... |
56 |
> |
57 |
>Depending on the configuration, AUTH PLAIN can either be disabled, |
58 |
>or more likely, it's only send should STARTTLS be issued. I have the |
59 |
>following lines in my main.cf: |
60 |
> |
61 |
>-- cut ----------------------------------------- |
62 |
># SMTPD SERVER CONTROLS |
63 |
>smtpd_sasl_auth_enable = yes |
64 |
>smtpd_sasl_security_options = noanonymous, noplaintext |
65 |
>broken_sasl_auth_clients = yes |
66 |
>smtpd_sasl_local_domain = |
67 |
>smtpd_recipient_restrictions = permit_sasl_authenticated, |
68 |
>permit_mynetworks, reject_unauth_destination |
69 |
> |
70 |
>smtpd_use_tls = yes |
71 |
>smtpd_tls_auth_only = yes |
72 |
>smtpd_tls_key_file = /etc/postfix/cacert/kenny.key |
73 |
>smtpd_tls_cert_file = /etc/postfix/cacert/kenny.pem |
74 |
>smtpd_tls_CAfile = /etc/postfix/cacert/cacert.pem |
75 |
>smtpd_tls_loglevel = 1 |
76 |
>smtpd_tls_received_header = yes |
77 |
>smtpd_tls_session_cache_timeout = 3600s |
78 |
>tls_random_source = dev:/dev/urandom |
79 |
>-- cut ----------------------------------------- |
80 |
> |
81 |
>TLS is enabled, but smtpd_tls_auth_only will only permit |
82 |
>authorization from clients who have issued (and successfully |
83 |
>negotiated) the STARTTLS comment. |
84 |
> |
85 |
>Also, you can define what methods Postfix accepts by modifying the |
86 |
>smtp_sasl_security_options directive. |
87 |
> |
88 |
>HTH, |
89 |
> |
90 |
>-- |
91 |
> Jonathan Wright ~ mail at djnauk.co.uk |
92 |
> ~ www.djnauk.co.uk |
93 |
>-- |
94 |
> 2.6.12-gentoo-r6-djnauk-b2 AMD Athlon(tm) XP 2100+ |
95 |
> up 5 days, 3:02, 4 users, load average: 0.72, 0.97, 0.71 |
96 |
>-- |
97 |
> "I don't mind straight people as long as they act gay in |
98 |
> public." |
99 |
> |
100 |
> ~ T-shirt worn by Dennis Rodman of the Chicago Bulls |
101 |
>-- |
102 |
>gentoo-security@g.o mailing list |
103 |
|
104 |
|
105 |
Joe Strusz |
106 |
|
107 |
IT Assistant |
108 |
Oxford Publishing, Inc. |
109 |
307 West Jackson Avenue |
110 |
Oxford, MS 38655-2154 |
111 |
800-247-3881 |
112 |
662-236-5510x40 |
113 |
jstrusz@×××××.com |
114 |
http://www.nightclub.com |
115 |
|
116 |
|
117 |
-- |
118 |
gentoo-security@g.o mailing list |