Re: Postfix, No SMTP AUTH when TLS is enabled

2010-01-02 Thread Raman Gupta

On 01/02/2010 02:58 AM, froinds J wrote:



On Sat, Jan 2, 2010 at 2:42 AM, Raman Gupta mailto:rocketra...@fastmail.fm>> wrote:

On 01/01/2010 11:41 PM, froinds J wrote:

Hello,
I'm having a problem with postfix in F12.
I used to have my email server setup with F10. My setup had TLS
enabled (self signed certs) with SASL using
pwcheck_method=auxprop and
CRAM-MD5 DIGEST-MD5. I had virtual accounts.
Everything worked great until I installed F12. It was a clean
install.
My issue now is the following:
If I disable TLS, postfix works as expected. If I enable it, I
cannot
authenticate. Without TLS I can telnet to my server and I get
250-AUTH
CRAM-MD5 DIGEST-MD5


What auxprop plugin are you using?

Cheers,
Raman


None. What should I use?
Froinds


I guess that depends on how your virtual users are configured.

I don't use auxprop myself -- I configure saslauthd to authenticate 
via pam (pwcheck_method: saslauthd). Then configure the 
/etc/pam.d/smtp file as desired (mine uses pam_mysql.so to 
authenticate virtual users against a mysql table).


However, based on the docs at http://www.postfix.org/SASL_README.html 
it appears that if you use auxprop, it should be configured with a 
plugin, like "auxprop_plugin: sql" or "auxprop_plugin: sasldb".


If you do switch to saslauthd (pam) note the following warning from 
the same docs:


IMPORTANT: The Cyrus SASL password verification services pwcheck and 
saslauthd can only support the plaintext mechanisms PLAIN or LOGIN. 
However, the Cyrus SASL library doesn't know this, and will happily 
advertise other authentication mechanisms that the SASL library 
implements, such as DIGEST-MD5. As a result, if a remote SMTP client 
chooses any mechanism other than PLAIN or LOGIN while pwcheck or 
saslauthd are used, authentication will fail. Thus you may need to 
limit the list of mechanisms advertised by the Postfix SMTP server.


Cheers,
Raman

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines


Re: Postfix, No SMTP AUTH when TLS is enabled

2010-01-02 Thread froinds J
On Sat, Jan 2, 2010 at 2:42 AM, Raman Gupta  wrote:

> On 01/01/2010 11:41 PM, froinds J wrote:
>
>> Hello,
>> I'm having a problem with postfix in F12.
>> I used to have my email server setup with F10. My setup had TLS
>> enabled (self signed certs) with SASL using pwcheck_method=auxprop and
>> CRAM-MD5 DIGEST-MD5. I had virtual accounts.
>> Everything worked great until I installed F12. It was a clean install.
>> My issue now is the following:
>> If I disable TLS, postfix works as expected. If I enable it, I cannot
>> authenticate. Without TLS I can telnet to my server and I get 250-AUTH
>> CRAM-MD5 DIGEST-MD5
>>
>
> What auxprop plugin are you using?
>
> Cheers,
> Raman
>

None. What should I use?
Froinds
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Postfix, No SMTP AUTH when TLS is enabled

2010-01-01 Thread Raman Gupta

On 01/01/2010 11:41 PM, froinds J wrote:

Hello,
I'm having a problem with postfix in F12.
I used to have my email server setup with F10. My setup had TLS
enabled (self signed certs) with SASL using pwcheck_method=auxprop and
CRAM-MD5 DIGEST-MD5. I had virtual accounts.
Everything worked great until I installed F12. It was a clean install.
My issue now is the following:
If I disable TLS, postfix works as expected. If I enable it, I cannot
authenticate. Without TLS I can telnet to my server and I get 250-AUTH
CRAM-MD5 DIGEST-MD5


What auxprop plugin are you using?

Cheers,
Raman

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines