[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] postfix smtp client: only plaintext ?



SuSE 9.0
postfix-2.0.14-41

postfix/smtp client refuses to use noplaintext AUTH methods.
Plaintext LOGIN seems to work just well, see below.

What am I missing?
Are CRAM-MD5 and DIGEST-MD5 plaintext auth methods?

Thanks,
	Lars Ellenberg



smtp_sasl_security_options = noanonymous, noplaintext

postfix/smtp: < IP[IP]: 220 [...] ESMTP [...]
postfix/smtp: > IP[IP]: EHLO its.me
postfix/smtp: < IP[IP]: 250-[...]
postfix/smtp: < IP[IP]: 250-PIPELINING
postfix/smtp: < IP[IP]: 250-SIZE
postfix/smtp: < IP[IP]: 250-ETRN
postfix/smtp: < IP[IP]: 250-AUTH LOGIN PLAIN ANONYMOUS CRAM-MD5 DIGEST-MD5
postfix/smtp: < IP[IP]: 250-AUTH=LOGIN PLAIN ANONYMOUS CRAM-MD5 DIGEST-MD5
postfix/smtp: < IP[IP]: 250-XVERP
postfix/smtp: < IP[IP]: 250 8BITMIME
postfix/smtp: server features: 0x2f size 0
postfix/smtp: maps_find: smtp_sasl_passwd: hash:/etc/postfix/saslpass: \
	[IP] = lars:secret
postfix/smtp: smtp_sasl_passwd_lookup: host `IP' user `lars' pass `secret`
postfix/smtp: starting new SASL client
postfix/smtp: name_mask: noanonymous
postfix/smtp: name_mask: noplaintext
postfix/smtp: smtp_sasl_authenticate: IP[IP]: SASL mechanisms \
		LOGIN PLAIN ANONYMOUS CRAM-MD5 DIGEST-MD5
postfix/smtp: warning: SASL authentication failure: No worthy mechs found
postfix/smtp: connect to subsystem private/defer

Doh.


smtp_sasl_security_options = noanonymous

[...]
postfix/smtp: starting new SASL client
postfix/smtp: name_mask: noanonymous
postfix/smtp: smtp_sasl_authenticate: IP[IP]: SASL mechanisms \
		LOGIN PLAIN ANONYMOUS CRAM-MD5 DIGEST-MD5
postfix/smtp: > IP[IP]: AUTH LOGIN
postfix/smtp: < IP[IP]: 334 VXNlcm5hbWU6
postfix/smtp: smtp_sasl_authenticate: IP[IP]: decoded challenge: Username:
postfix/smtp: smtp_sasl_get_user: lars
postfix/smtp: smtp_sasl_get_passwd: secret
postfix/smtp: smtp_sasl_authenticate: IP[IP]: uncoded client response lars
postfix/smtp: > IP[IP]: bGFycw==
postfix/smtp: < IP[IP]: 334 UGFzc3dvcmQ6
postfix/smtp: smtp_sasl_authenticate: IP[IP]: decoded challenge: Password:
postfix/smtp: smtp_sasl_authenticate: IP[IP]: uncoded client response secret
postfix/smtp: > IP[IP]: c2VjcmV0Cg==
postfix/smtp: < IP[IP]: 235 Authentication successful


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here