Leandro Melo de Sales wrote: > Hi! I'm trying to setup postfix with authentication. I have > PAM/NSSwitch configured to use LDAP backend. I also installed > cyrus-sasl, but when I test authentication I got some errors. What I'm > doing wrong? Some relevant information: > > /etc/sasl2/smtpd.conf > > pwcheck_method:pam
I don't see AUTH <mechlist> AUTh=<mechlist> below. > > --------------------------------------- > > telnet port 25: > > embedded postfix # telnet localhost 25 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > 220 Servidor de E-Mail Embedded > EHLO mydomain.com > 250-embedded.mydomain.com > 250-PIPELINING > 250-SIZE 10240000 > 250-VRFY > 250-ETRN > 250-STARTTLS > 250 8BITMIME > quit > 221 Bye > Connection closed by foreign host. > > -------------------------------------------- [ snipp ] Some random notes: Seems you're using microsoft telnet which is trying to use NTLM auth. AFAIK, you can't use challenge auth SASL mechanisms (DIGEST-*, NTLM, ...) with pwcheck_method:pam as it doesn't have access to the cleartext password on the server side. If you want confidentiallity on the wire (without TLS) you need to access LDAP directly via ldapdb and store your passwords in cleartext (restrict your <mechlist> to PLAIN LOGIN otherwise) > main.cf: > > smtpd_sasl_auth_enable = yes > smtpd_sasl_security_options = noanonymous > smtpd_sasl_local_domain = $myhostname > broken_sasl_auth_clients = yes > smtpd_recipient_restrictions = permit_sasl_authenticated, > permit_mynetworks, check_relay_domains cheers Paul -- [email protected] mailing list
