On 11.08.25 22:56, James Feeney via Postfix-users wrote:
On Tue, 2025-08-12 at 12:21 +1000, Viktor Dukhovni via Postfix-users wrote:
Outdated threat model. DO NOT do this. Use a PAM backend with strong
password hashes.
Aha.
The PLAIN mechanism DOES NOT REQUIRE cleartext password storage, and
SHOULD be deployed with a backend that stores password hashes.
Aha.
No, the Postfix filter is optional, if you're willing to tolerate whatever
mechanisms SASL offers, and with the Postfix filter set, it should be
possible to let SASL adverise whatever mechanisms it has available. You
should not have to set both. I've never done it.
Aha.
Thanks for that, Viktor.
Many pointers for the SASL README.
Don't you by any change use Debian or its derivative (e.g. Ubuntu)?
In former versions, SASL had quite different Cyrus SASL configuration:
https://wiki.debian.org/PostfixAndSASL
I haven't checked Debian 13 yet...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
There's a long-standing bug relating to the x86 architecture that
allows you to install Windows. -- Matthew D. Fuller
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
