On 6/12/15 11:50 AM, Viktor Dukhovni wrote:
On Fri, Jun 12, 2015 at 11:05:42AM -0400, Forrest wrote:
My prior config was Sendmail 8 with Cyrus SASL which did not. My guess
from this log is that AUTH is taking place unencrypted, which may be the
cause?
Surely dictionary attacks on SASL were also launched against
Sendmail... Was there nothing of the sort in your Sendmail logs?
If so perhaps this is a difference in logging rather than actual
activity.
My server advertises (EHLO):
250-PIPELINING
250-SIZE [ omitted ]
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 8BITMIME
No SASL AUTH there.
Hm. Interesting, thanks for pointing that obvious thing out :) I have
the following:
# SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = mydomain.com
smtpd_sasl_path = smtpd
I'm presently using Cyrus SASL 2.x, which I'd been using with Sendmail 8.x.
With regard to logging, perhaps you're correct that Sendmail wasn't as
verbose. But, it did log things and I don't recall seeing these issues
before.
Thanks
