--On Thursday, December 10, 2015 11:49 AM -0800 Quanah Gibson-Mount
<qua...@zimbra.com> wrote:
--On Thursday, December 10, 2015 2:29 PM -0500 Wietse Venema
<wie...@porcupine.org> wrote:
Quanah Gibson-Mount:
--On Thursday, December 10, 2015 2:02 PM -0500 Wietse Venema
<wie...@porcupine.org> wrote:
> This is not completely trivial because the port information needs
> to be consistent with information from proxies, postscreen, and
> XCLIENT, otherwise results will be incorrect.
Ok, good to know. Is there any general timeline on when that will be
available for testing?
No. Time is in short supply, especially for functionality that has
been missing for 15+ years.
Ok, thanks. Not sure if it falls into the legal issue of required source
port logging that Belgium has implemented or not. I.e., being able to
tie the source port logged at the smtp server to a specific sasl auth
request.
After deploying live with this patch, we found ports 465/587 were busted:
Jan 5 12:40:12 edge01 postfix/submission/smtpd[63043]: connect from
edge01.zimbra.com[10.210.0.174]
Jan 5 12:40:12 edge01 postfix/submission/smtpd[63043]: Anonymous TLS
connection established from edge01.zimbra.com[10.210.0.174]: TLSv1.2 with
cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jan 5 12:40:12 edge01 postfix/submission/smtpd[63043]: warning:
server_addr=, client_addr=10.210.0.174
Jan 5 12:40:12 edge01 postfix/submission/smtpd[63043]: warning: SASL
per-connection server initialization: invalid parameter supplied
Jan 5 12:40:12 edge01 postfix/submission/smtpd[63043]: fatal: SASL
per-connection initialization failed
From the command line with openssl, it'd drop with:
250 DSN
read:errno=0
So we will be working further on this patch, and will push back whatever
further changes are necessary.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
