From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.50) id 1EN96H-0004OX-Kn for garchives@archives.gentoo.org; Wed, 05 Oct 2005 13:14:26 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id j95D3xC2003291; Wed, 5 Oct 2005 13:04:00 GMT Received: from op.oxpub.com (r173h226.dixie-net.com [64.89.173.226]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id j95D0TFF031644 for ; Wed, 5 Oct 2005 13:00:30 GMT Received: from localhost (localhost [127.0.0.1]) by op.oxpub.com (Postfix) with ESMTP id 9FE4747BE3 for ; Wed, 5 Oct 2005 08:04:07 -0500 (CDT) Received: from op.oxpub.com ([127.0.0.1]) by localhost (op [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18759-01 for ; Wed, 5 Oct 2005 08:04:07 -0500 (CDT) Received: from ERROL_SAYRE.oxpub.com (unknown [64.89.173.227]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by op.oxpub.com (Postfix) with ESMTP id E5F9547B9A for ; Wed, 5 Oct 2005 13:04:06 +0000 (UTC) Message-Id: <6.2.3.4.0.20051005080634.01c63a70@op.oxpub.com> X-Mailer: QUALCOMM Windows Eudora Version 6.2.3.4 Date: Wed, 05 Oct 2005 08:08:51 -0500 To: gentoo-security@lists.gentoo.org From: Joe Strusz Subject: Re: [gentoo-security] postfix and SASL Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-security@gentoo.org Reply-to: gentoo-security@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: This message was scanned for viruses by ClamAV. X-Archives-Salt: b551bb4d-de4f-4239-bd99-4e188c6d0edf X-Archives-Hash: d72bd439a452b864769d180f0d43bcac Whenever i telnet to port 25, and issue the AUTH PLAIN command i receive this: 538: Encryption required for requested authentication mechanism. What does this mean? I could really use some help on this... its been bugging me for weeks now. Also, I do have smtpd_tls_auth_only = yes line Please help blargh. Your fellow befumbled gentoo user. >X-Original-To: jstrusz@oxpub.com >Delivered-To: jstrusz@oxpub.com >Delivered-To: >Date: Wed, 05 Oct 2005 12:36:01 +0100 >From: Jonathan Wright >User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050822) >X-Accept-Language: en-us, en >List-Post: >List-Help: >List-Unsubscribe: >List-Subscribe: >List-Id: Gentoo Linux mail >X-BeenThere: gentoo-security@gentoo.org >Reply-To: gentoo-security@lists.gentoo.org >To: gentoo-security@lists.gentoo.org >Subject: Re: [gentoo-security] postfix and SASL >X-Virus-Scanned: This message was scanned for viruses by ClamAV. >X-Spam-Status: No, hits=-2.599 tagged_above=-100 required=6.5 tests=BAYES_00 >X-Spam-Level: > >Benjamin A'Lee wrote: >>>Not sure but: why on port 25 and not on 465 ? >>I don't think it actually matters which port; IIRC it just enables >>STARTTLS by default on 465. > >Port 465 is for SSL (i.e. secure communication before any >application data is transferred) and Port 25 accepts TLS (where the >data is secured once both parties accept, however, application data >transfer has occurred). > >Anyway, with telnet you can't talk on port 465 :) > > > I have confirmed postfix is indeed compiled with SASL support. And i > > have TLS working great. However when i telnet to port 25 and issue the > > ehlo command, i do receive the starttls etc... yet no AUTH PLAIN > > lines... > >Depending on the configuration, AUTH PLAIN can either be disabled, >or more likely, it's only send should STARTTLS be issued. I have the >following lines in my main.cf: > >-- cut ----------------------------------------- ># SMTPD SERVER CONTROLS >smtpd_sasl_auth_enable = yes >smtpd_sasl_security_options = noanonymous, noplaintext >broken_sasl_auth_clients = yes >smtpd_sasl_local_domain = >smtpd_recipient_restrictions = permit_sasl_authenticated, >permit_mynetworks, reject_unauth_destination > >smtpd_use_tls = yes >smtpd_tls_auth_only = yes >smtpd_tls_key_file = /etc/postfix/cacert/kenny.key >smtpd_tls_cert_file = /etc/postfix/cacert/kenny.pem >smtpd_tls_CAfile = /etc/postfix/cacert/cacert.pem >smtpd_tls_loglevel = 1 >smtpd_tls_received_header = yes >smtpd_tls_session_cache_timeout = 3600s >tls_random_source = dev:/dev/urandom >-- cut ----------------------------------------- > >TLS is enabled, but smtpd_tls_auth_only will only permit >authorization from clients who have issued (and successfully >negotiated) the STARTTLS comment. > >Also, you can define what methods Postfix accepts by modifying the >smtp_sasl_security_options directive. > >HTH, > >-- > Jonathan Wright ~ mail at djnauk.co.uk > ~ www.djnauk.co.uk >-- > 2.6.12-gentoo-r6-djnauk-b2 AMD Athlon(tm) XP 2100+ > up 5 days, 3:02, 4 users, load average: 0.72, 0.97, 0.71 >-- > "I don't mind straight people as long as they act gay in > public." > > ~ T-shirt worn by Dennis Rodman of the Chicago Bulls >-- >gentoo-security@gentoo.org mailing list Joe Strusz IT Assistant Oxford Publishing, Inc. 307 West Jackson Avenue Oxford, MS 38655-2154 800-247-3881 662-236-5510x40 jstrusz@oxpub.com http://www.nightclub.com -- gentoo-security@gentoo.org mailing list