smtp_sasl_mechanism_filter doesn't wok

2009-05-27 Thread Zero Zeibov 
I try to limit auth mech in postfix 2.6.1 on FreeBSD 6.4. For this
I've added to main.conf:

smtp_sasl_mechanism_filter = plain, login

But simple test by telnet shows following:

Connected to x.x.x.x.
Escape character is '^]'.
220 xxx.xxx.com.ua ESMTP Postfix
ehlo 1
250-xxx.xxx.com.ua
250-PIPELINING
250-SIZE 1024
250-ETRN
250-STARTTLS
250-AUTH NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
250-AUTH=NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

I also tried to limit auth mechs in /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mechlist: PLAIN LOGIN
But it doesn't help.
How I can remove such auth mechs as GSSAPI DIGEST-MD5 CRAM-MD5?

Re: smtp_sasl_mechanism_filter doesn't wok

2009-05-27 Thread Ralf Hildebrandt 
* Zero Zeibov :
> I try to limit auth mech in postfix 2.6.1 on FreeBSD 6.4. For this
> I've added to main.conf:
> 
> smtp_sasl_mechanism_filter = plain, login

smtpd_sasl_mechanism_filter = plain, login

-- 
Ralf Hildebrandt
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.computerbeschimpfung.de
"General Failure's Fault. Not Yours."  -Anon.

Re: smtp_sasl_mechanism_filter doesn't wok

2009-05-27 Thread Zero Zeibov 
Here's filtered output from postconf

# postconf | grep sasl_mechanism
lmtp_sasl_mechanism_filter =
smtp_sasl_mechanism_filter = plain, login

I didn't find option smtpd_sasl_mechanism_filter on postfix manual

2009/5/27 Ralf Hildebrandt :
> * Zero Zeibov :
>> I try to limit auth mech in postfix 2.6.1 on FreeBSD 6.4. For this
>> I've added to main.conf:
>>
>> smtp_sasl_mechanism_filter = plain, login
>
> smtpd_sasl_mechanism_filter = plain, login
>
> --
> Ralf Hildebrandt
> Postfix - Einrichtung, Betrieb und Wartung       Tel. +49 (0)30-450 570-155
> http://www.computerbeschimpfung.de
> "General Failure's Fault. Not Yours."  -Anon.
>

Re: smtp_sasl_mechanism_filter doesn't wok

2009-05-27 Thread Wietse Venema 
Zero Zeibov:
> I try to limit auth mech in postfix 2.6.1 on FreeBSD 6.4. For this
> I've added to main.conf:
> 
> smtp_sasl_mechanism_filter = plain, login

Read carefully.

AS DOCUMENTED, this applies to the Postfix SMTP CLIENT.

Wietse

> But simple test by telnet shows following:
> 
> Connected to x.x.x.x.
> Escape character is '^]'.
> 220 xxx.xxx.com.ua ESMTP Postfix
> ehlo 1
> 250-xxx.xxx.com.ua
> 250-PIPELINING
> 250-SIZE 1024
> 250-ETRN
> 250-STARTTLS
> 250-AUTH NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
> 250-AUTH=NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> 
> I also tried to limit auth mechs in /usr/local/lib/sasl2/smtpd.conf
> pwcheck_method: saslauthd
> mechlist: PLAIN LOGIN

Why do you believe that this is the correct pathname for the file?

Wietse

> But it doesn't help.
> How I can remove such auth mechs as GSSAPI DIGEST-MD5 CRAM-MD5?
> 
>

Re: smtp_sasl_mechanism_filter doesn't wok

2009-05-27 Thread Victor Duchovni 
On Wed, May 27, 2009 at 02:11:26PM +0300, Zero Zeibov wrote:

> I didn't find option smtpd_sasl_mechanism_filter on postfix manual

It does not exist. Server-side SASL mechanism lists are set in
the server's SASL configuration file.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: smtp_sasl_mechanism_filter doesn't wok

2009-05-27 Thread Patrick Ben Koetter 
* Zero Zeibov :
> I try to limit auth mech in postfix 2.6.1 on FreeBSD 6.4. For this
> I've added to main.conf:
> 
> smtp_sasl_mechanism_filter = plain, login

This does not apply to the SMTP server smtpd, but only to the SMTP client
smtp.

> But simple test by telnet shows following:
> 
> Connected to x.x.x.x.
> Escape character is '^]'.
> 220 xxx.xxx.com.ua ESMTP Postfix
> ehlo 1
> 250-xxx.xxx.com.ua
> 250-PIPELINING
> 250-SIZE 1024
> 250-ETRN
> 250-STARTTLS
> 250-AUTH NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
> 250-AUTH=NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> 
> I also tried to limit auth mechs in /usr/local/lib/sasl2/smtpd.conf
> pwcheck_method: saslauthd
> mechlist: PLAIN LOGIN

The name of the parameter is "mech_list" not "mechlist".
Fix that first. 
If that doesn't do it all, create a symlink from /usr/lib/sasl2/ to
/usr/local/lib/sasl2/. This is what Cyrus SASL usually expects. Mileage on
FreeBSD might differ. I can't tell. I don't run FreeBSD.

p...@rick


> But it doesn't help.
> How I can remove such auth mechs as GSSAPI DIGEST-MD5 CRAM-MD5?

-- 
All technical answers asked privately will be automatically answered on
the list and archived for public access unless privacy is explicitely
required and justified.

saslfinger (debugging SMTP AUTH):