Whenever i telnet to port 25, and issue the AUTH PLAIN command i receive this:
538: Encryption required for requested authentication mechanism.
What does this mean?
I could really use some help on this... its been bugging me for weeks now.
Also, I do have smtpd_tls_auth_only = yes line
Please help
blargh.
Your fellow befumbled gentoo user.
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Delivered-To: <[email protected]>
Date: Wed, 05 Oct 2005 12:36:01 +0100
From: Jonathan Wright <[EMAIL PROTECTED]>
User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050822)
X-Accept-Language: en-us, en
List-Post: <mailto:[email protected]>
List-Help: <mailto:[EMAIL PROTECTED]>
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
List-Subscribe: <mailto:[EMAIL PROTECTED]>
List-Id: Gentoo Linux mail <gentoo-security.gentoo.org>
X-BeenThere: [email protected]
Reply-To: [email protected]
To: [email protected]
Subject: Re: [gentoo-security] postfix and SASL
X-Virus-Scanned: This message was scanned for viruses by ClamAV.
X-Spam-Status: No, hits=-2.599 tagged_above=-100 required=6.5 tests=BAYES_00
X-Spam-Level:
Benjamin A'Lee wrote:
Not sure but: why on port 25 and not on 465 ?
I don't think it actually matters which port; IIRC it just enables
STARTTLS by default on 465.
Port 465 is for SSL (i.e. secure communication before any
application data is transferred) and Port 25 accepts TLS (where the
data is secured once both parties accept, however, application data
transfer has occurred).
Anyway, with telnet you can't talk on port 465 :)
> I have confirmed postfix is indeed compiled with SASL support. And i
> have TLS working great. However when i telnet to port 25 and issue the
> ehlo command, i do receive the starttls etc... yet no AUTH PLAIN
> lines...
Depending on the configuration, AUTH PLAIN can either be disabled,
or more likely, it's only send should STARTTLS be issued. I have the
following lines in my main.cf:
-- cut -----------------------------------------
# SMTPD SERVER CONTROLS
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous, noplaintext
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain =
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/cacert/kenny.key
smtpd_tls_cert_file = /etc/postfix/cacert/kenny.pem
smtpd_tls_CAfile = /etc/postfix/cacert/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
-- cut -----------------------------------------
TLS is enabled, but smtpd_tls_auth_only will only permit
authorization from clients who have issued (and successfully
negotiated) the STARTTLS comment.
Also, you can define what methods Postfix accepts by modifying the
smtp_sasl_security_options directive.
HTH,
--
Jonathan Wright ~ mail at djnauk.co.uk
~ www.djnauk.co.uk
--
2.6.12-gentoo-r6-djnauk-b2 AMD Athlon(tm) XP 2100+
up 5 days, 3:02, 4 users, load average: 0.72, 0.97, 0.71
--
"I don't mind straight people as long as they act gay in
public."
~ T-shirt worn by Dennis Rodman of the Chicago Bulls
--
[email protected] mailing list
Joe Strusz
IT Assistant
Oxford Publishing, Inc.
307 West Jackson Avenue
Oxford, MS 38655-2154
800-247-3881
662-236-5510x40
[EMAIL PROTECTED]
http://www.nightclub.com
--
[email protected] mailing list
