On Wed, Jul 03, 2019 at 07:36:43AM +0200, Selmeci Tam?s wrote:
> Somebody suggested me to have a look at OpenSMTPD-extras. It contains
> table-passwd. I've got an idea. What if I wrote a custom module that is
> about to be called by OpenSMTPD upon authentication like table-passwd?
> (table-passwd requires another file to store credentials in, and I
> insist on using /etc/passwd only). 

auth uses the system users by default so you don't need a custom module.

i don't know what version you are using, what system you are using, if a
package was used or if you built yourself, etc... so i'll just guess the
configure options used to build opensmtpd were not correct if auth isn't
using your system users out of the box.

> The only question is that is it possible to perform this kind of
> authentication in plain text? In other words, will OpenSMTPD call my
> module if plain text authentication is tried by the client? (I don't
> have enough capacity now to play with self-signed certificates, TLS
> etc) Yes, I know, there are security concerns... But technically, is it
> possible with OpenSMTPD?

no, OpenSMTPD will not advertise AUTH over plaintext channels.

it is not an SMTP limitation, it is a decision we made years ago and you
will not have a work-around for this.

there's no excuse in 2019 to allow AUTH over plaintext :-)

Gilles Chehade                                                 @poolpOrg

https://www.poolp.org            patreon: https://www.patreon.com/gilles

You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Reply via email to