| 1 |
Whenever i telnet to port 25, and issue the AUTH PLAIN command i receive this: |
| 2 |
|
| 3 |
538: Encryption required for requested authentication mechanism. |
| 4 |
|
| 5 |
What does this mean? |
| 6 |
|
| 7 |
I could really use some help on this... its been bugging me for weeks now. |
| 8 |
|
| 9 |
Also, I do have smtpd_tls_auth_only = yes line |
| 10 |
|
| 11 |
|
| 12 |
Please help |
| 13 |
|
| 14 |
blargh. |
| 15 |
|
| 16 |
Your fellow befumbled gentoo user. |
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
>X-Original-To: jstrusz@×××××.com |
| 21 |
>Delivered-To: jstrusz@×××××.com |
| 22 |
>Delivered-To: <gentoo-security@l.g.o> |
| 23 |
>Date: Wed, 05 Oct 2005 12:36:01 +0100 |
| 24 |
>From: Jonathan Wright <mail@×××××××××.uk> |
| 25 |
>User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050822) |
| 26 |
>X-Accept-Language: en-us, en |
| 27 |
>List-Post: <mailto:gentoo-security@l.g.o> |
| 28 |
>List-Help: <mailto:gentoo-security+help@g.o> |
| 29 |
>List-Unsubscribe: <mailto:gentoo-security+unsubscribe@g.o> |
| 30 |
>List-Subscribe: <mailto:gentoo-security+subscribe@g.o> |
| 31 |
>List-Id: Gentoo Linux mail <gentoo-security.gentoo.org> |
| 32 |
>X-BeenThere: gentoo-security@g.o |
| 33 |
>Reply-To: gentoo-security@l.g.o |
| 34 |
>To: gentoo-security@l.g.o |
| 35 |
>Subject: Re: [gentoo-security] postfix and SASL |
| 36 |
>X-Virus-Scanned: This message was scanned for viruses by ClamAV. |
| 37 |
>X-Spam-Status: No, hits=-2.599 tagged_above=-100 required=6.5 tests=BAYES_00 |
| 38 |
>X-Spam-Level: |
| 39 |
> |
| 40 |
>Benjamin A'Lee wrote: |
| 41 |
>>>Not sure but: why on port 25 and not on 465 ? |
| 42 |
>>I don't think it actually matters which port; IIRC it just enables |
| 43 |
>>STARTTLS by default on 465. |
| 44 |
> |
| 45 |
>Port 465 is for SSL (i.e. secure communication before any |
| 46 |
>application data is transferred) and Port 25 accepts TLS (where the |
| 47 |
>data is secured once both parties accept, however, application data |
| 48 |
>transfer has occurred). |
| 49 |
> |
| 50 |
>Anyway, with telnet you can't talk on port 465 :) |
| 51 |
> |
| 52 |
> > I have confirmed postfix is indeed compiled with SASL support. And i |
| 53 |
> > have TLS working great. However when i telnet to port 25 and issue the |
| 54 |
> > ehlo command, i do receive the starttls etc... yet no AUTH PLAIN |
| 55 |
> > lines... |
| 56 |
> |
| 57 |
>Depending on the configuration, AUTH PLAIN can either be disabled, |
| 58 |
>or more likely, it's only send should STARTTLS be issued. I have the |
| 59 |
>following lines in my main.cf: |
| 60 |
> |
| 61 |
>-- cut ----------------------------------------- |
| 62 |
># SMTPD SERVER CONTROLS |
| 63 |
>smtpd_sasl_auth_enable = yes |
| 64 |
>smtpd_sasl_security_options = noanonymous, noplaintext |
| 65 |
>broken_sasl_auth_clients = yes |
| 66 |
>smtpd_sasl_local_domain = |
| 67 |
>smtpd_recipient_restrictions = permit_sasl_authenticated, |
| 68 |
>permit_mynetworks, reject_unauth_destination |
| 69 |
> |
| 70 |
>smtpd_use_tls = yes |
| 71 |
>smtpd_tls_auth_only = yes |
| 72 |
>smtpd_tls_key_file = /etc/postfix/cacert/kenny.key |
| 73 |
>smtpd_tls_cert_file = /etc/postfix/cacert/kenny.pem |
| 74 |
>smtpd_tls_CAfile = /etc/postfix/cacert/cacert.pem |
| 75 |
>smtpd_tls_loglevel = 1 |
| 76 |
>smtpd_tls_received_header = yes |
| 77 |
>smtpd_tls_session_cache_timeout = 3600s |
| 78 |
>tls_random_source = dev:/dev/urandom |
| 79 |
>-- cut ----------------------------------------- |
| 80 |
> |
| 81 |
>TLS is enabled, but smtpd_tls_auth_only will only permit |
| 82 |
>authorization from clients who have issued (and successfully |
| 83 |
>negotiated) the STARTTLS comment. |
| 84 |
> |
| 85 |
>Also, you can define what methods Postfix accepts by modifying the |
| 86 |
>smtp_sasl_security_options directive. |
| 87 |
> |
| 88 |
>HTH, |
| 89 |
> |
| 90 |
>-- |
| 91 |
> Jonathan Wright ~ mail at djnauk.co.uk |
| 92 |
> ~ www.djnauk.co.uk |
| 93 |
>-- |
| 94 |
> 2.6.12-gentoo-r6-djnauk-b2 AMD Athlon(tm) XP 2100+ |
| 95 |
> up 5 days, 3:02, 4 users, load average: 0.72, 0.97, 0.71 |
| 96 |
>-- |
| 97 |
> "I don't mind straight people as long as they act gay in |
| 98 |
> public." |
| 99 |
> |
| 100 |
> ~ T-shirt worn by Dennis Rodman of the Chicago Bulls |
| 101 |
>-- |
| 102 |
>gentoo-security@g.o mailing list |
| 103 |
|
| 104 |
|
| 105 |
Joe Strusz |
| 106 |
|
| 107 |
IT Assistant |
| 108 |
Oxford Publishing, Inc. |
| 109 |
307 West Jackson Avenue |
| 110 |
Oxford, MS 38655-2154 |
| 111 |
800-247-3881 |
| 112 |
662-236-5510x40 |
| 113 |
jstrusz@×××××.com |
| 114 |
http://www.nightclub.com |
| 115 |
|
| 116 |
|
| 117 |
-- |
| 118 |
gentoo-security@g.o mailing list |
Archives