OK, well i disabled the smtpd_tl_auth_only line.
And now whenever i try to connect via say outlook express on a client
machine...
I check the box that says, "my outgoing server requires
authentication", and i do get the password prompt, however whichever
login/password i try to use it gets rejected, over and over and over again...
any suggestions?
>X-Original-To: jstrusz@oxpub.com
>Delivered-To: jstrusz@oxpub.com
>Delivered-To: <gentoo-security@lists.gentoo.org>
>Date: Wed, 5 Oct 2005 15:15:22 +0200 (CEST)
>Subject: Re: [gentoo-security] postfix and SASL
>From: "Joerg Mertin" <smurphy@solsys.org>
>To: gentoo-security@lists.gentoo.org
>User-Agent: SquirrelMail/1.4.4
>List-Post: <mailto:gentoo-security@lists.gentoo.org>
>List-Help: <mailto:gentoo-security+help@gentoo.org>
>List-Unsubscribe: <mailto:gentoo-security+unsubscribe@gentoo.org>
>List-Subscribe: <mailto:gentoo-security+subscribe@gentoo.org>
>List-Id: Gentoo Linux mail <gentoo-security.gentoo.org>
>X-BeenThere: gentoo-security@gentoo.org
>Reply-To: gentoo-security@lists.gentoo.org
>X-Virus-Scanned: ClamAV scanned @ Stargate
>X-MIME-Autoconverted: from quoted-printable to 8bit by
>robin.gentoo.org id j95D76GO003964
>X-Virus-Scanned: This message was scanned for viruses by ClamAV.
>X-Spam-Status: No, hits=-2.599 tagged_above=-100 required=6.5 tests=BAYES_00
>X-Spam-Level:
>
>OK - as this seem to be quite difficutl for many - here my configuration
>of postfix - TLS and SASL parts only:
>
>## TLS
># Transport Layer Security
>#
>smtpd_use_tls = yes
>smtpd_tls_auth_only = yes
>smtpd_tls_key_file = /etc/ssl/postfix/stargate.solsys.org.key
>smtpd_tls_cert_file = /etc/ssl/postfix/stargate.solsys.org.crt
>smtpd_tls_CAfile = /etc/ssl/postfix/stargate.solsys.org.pem
>smtpd_tls_loglevel = 3
>smtpd_tls_received_header = yes
>smtpd_tls_session_cache_timeout = 3600s
>tls_random_source = dev:/dev/urandom
>
># SASL SUPPORT FOR CLIENTS
>#
># The following options set parameters needed by Postfix to enable
># Cyrus-SASL support for authentication of mail clients.
>#
>broken_sasl_auth_clients = yes
>smtpd_sasl_auth_enable = yes
>smtpd_sasl_security_options = noanonymous
>smtpd_data_restrictions = reject_unauth_pipelining
>smtpd_sasl_local_domain =
>
>
>This setup works here for 2 Years ...
>Cheers
>
>Joerg
>
>
><quote who="Joe Strusz">
> > Whenever i telnet to port 25, and issue the AUTH PLAIN command i receive
> > this:
> >
> > 538: Encryption required for requested authentication mechanism.
> >
> > What does this mean?
> >
> > I could really use some help on this... its been bugging me for weeks now.
> >
> > Also, I do have smtpd_tls_auth_only = yes line
> >
> >
> > Please help
> >
> > blargh.
> >
> > Your fellow befumbled gentoo user.
> >
> >
> >
> >>X-Original-To: jstrusz@oxpub.com
> >>Delivered-To: jstrusz@oxpub.com
> >>Delivered-To: <gentoo-security@lists.gentoo.org>
> >>Date: Wed, 05 Oct 2005 12:36:01 +0100
> >>From: Jonathan Wright <mail@djnauk.co.uk>
> >>User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050822)
> >>X-Accept-Language: en-us, en
> >>List-Post: <mailto:gentoo-security@lists.gentoo.org>
> >>List-Help: <mailto:gentoo-security+help@gentoo.org>
> >>List-Unsubscribe: <mailto:gentoo-security+unsubscribe@gentoo.org>
> >>List-Subscribe: <mailto:gentoo-security+subscribe@gentoo.org>
> >>List-Id: Gentoo Linux mail <gentoo-security.gentoo.org>
> >>X-BeenThere: gentoo-security@gentoo.org
> >>Reply-To: gentoo-security@lists.gentoo.org
> >>To: gentoo-security@lists.gentoo.org
> >>Subject: Re: [gentoo-security] postfix and SASL
> >>X-Virus-Scanned: This message was scanned for viruses by ClamAV.
> >>X-Spam-Status: No, hits=-2.599 tagged_above=-100 required=6.5
> >> tests=BAYES_00
> >>X-Spam-Level:
> >>
> >>Benjamin A'Lee wrote:
> >>>>Not sure but: why on port 25 and not on 465 ?
> >>>I don't think it actually matters which port; IIRC it just enables
> >>>STARTTLS by default on 465.
> >>
> >>Port 465 is for SSL (i.e. secure communication before any
> >>application data is transferred) and Port 25 accepts TLS (where the
> >>data is secured once both parties accept, however, application data
> >>transfer has occurred).
> >>
> >>Anyway, with telnet you can't talk on port 465 :)
> >>
> >> > I have confirmed postfix is indeed compiled with SASL support. And i
> >> > have TLS working great. However when i telnet to port 25 and issue
> >> the
> >> > ehlo command, i do receive the starttls etc... yet no AUTH PLAIN
> >> > lines...
> >>
> >>Depending on the configuration, AUTH PLAIN can either be disabled,
> >>or more likely, it's only send should STARTTLS be issued. I have the
> >>following lines in my main.cf:
> >>
> >>-- cut -----------------------------------------
> >># SMTPD SERVER CONTROLS
> >>smtpd_sasl_auth_enable = yes
> >>smtpd_sasl_security_options = noanonymous, noplaintext
> >>broken_sasl_auth_clients = yes
> >>smtpd_sasl_local_domain =
> >>smtpd_recipient_restrictions = permit_sasl_authenticated,
> >>permit_mynetworks, reject_unauth_destination
> >>
> >>smtpd_use_tls = yes
> >>smtpd_tls_auth_only = yes
> >>smtpd_tls_key_file = /etc/postfix/cacert/kenny.key
> >>smtpd_tls_cert_file = /etc/postfix/cacert/kenny.pem
> >>smtpd_tls_CAfile = /etc/postfix/cacert/cacert.pem
> >>smtpd_tls_loglevel = 1
> >>smtpd_tls_received_header = yes
> >>smtpd_tls_session_cache_timeout = 3600s
> >>tls_random_source = dev:/dev/urandom
> >>-- cut -----------------------------------------
> >>
> >>TLS is enabled, but smtpd_tls_auth_only will only permit
> >>authorization from clients who have issued (and successfully
> >>negotiated) the STARTTLS comment.
> >>
> >>Also, you can define what methods Postfix accepts by modifying the
> >>smtp_sasl_security_options directive.
> >>
> >>HTH,
> >>
> >>--
> >> Jonathan Wright ~ mail at djnauk.co.uk
> >> ~ www.djnauk.co.uk
> >>--
> >> 2.6.12-gentoo-r6-djnauk-b2 AMD Athlon(tm) XP 2100+
> >> up 5 days, 3:02, 4 users, load average: 0.72, 0.97, 0.71
> >>--
> >> "I don't mind straight people as long as they act gay in
> >> public."
> >>
> >> ~ T-shirt worn by Dennis Rodman of the Chicago Bulls
> >>--
> >>gentoo-security@gentoo.org mailing list
> >
> >
> > Joe Strusz
> >
> > IT Assistant
> > Oxford Publishing, Inc.
> > 307 West Jackson Avenue
> > Oxford, MS 38655-2154
> > 800-247-3881
> > 662-236-5510x40
> > jstrusz@oxpub.com
> > http://www.nightclub.com
> >
> >
> > --
> > gentoo-security@gentoo.org mailing list
> >
> >
>
>
>--
>------------------------------------------------------------------------
>| Joerg Mertin : smurphy@solsys.org (Home)|
>| in Forchheim/Germany : smurphy@linux.de (Alt1)|
>| Stardust's LiNUX System : |
>| Web: http://www.solsys.org |
>------------------------------------------------------------------------
>PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A
>
>
>
>--
>gentoo-security@gentoo.org mailing list
Joe Strusz
IT Assistant
Oxford Publishing, Inc.
307 West Jackson Avenue
Oxford, MS 38655-2154
800-247-3881
662-236-5510x40
jstrusz@oxpub.com
http://www.nightclub.com
--
gentoo-security@gentoo.org mailing list
And now whenever i try to connect via say outlook express on a client
machine...
I check the box that says, "my outgoing server requires
authentication", and i do get the password prompt, however whichever
login/password i try to use it gets rejected, over and over and over again...
any suggestions?
>X-Original-To: jstrusz@oxpub.com
>Delivered-To: jstrusz@oxpub.com
>Delivered-To: <gentoo-security@lists.gentoo.org>
>Date: Wed, 5 Oct 2005 15:15:22 +0200 (CEST)
>Subject: Re: [gentoo-security] postfix and SASL
>From: "Joerg Mertin" <smurphy@solsys.org>
>To: gentoo-security@lists.gentoo.org
>User-Agent: SquirrelMail/1.4.4
>List-Post: <mailto:gentoo-security@lists.gentoo.org>
>List-Help: <mailto:gentoo-security+help@gentoo.org>
>List-Unsubscribe: <mailto:gentoo-security+unsubscribe@gentoo.org>
>List-Subscribe: <mailto:gentoo-security+subscribe@gentoo.org>
>List-Id: Gentoo Linux mail <gentoo-security.gentoo.org>
>X-BeenThere: gentoo-security@gentoo.org
>Reply-To: gentoo-security@lists.gentoo.org
>X-Virus-Scanned: ClamAV scanned @ Stargate
>X-MIME-Autoconverted: from quoted-printable to 8bit by
>robin.gentoo.org id j95D76GO003964
>X-Virus-Scanned: This message was scanned for viruses by ClamAV.
>X-Spam-Status: No, hits=-2.599 tagged_above=-100 required=6.5 tests=BAYES_00
>X-Spam-Level:
>
>OK - as this seem to be quite difficutl for many - here my configuration
>of postfix - TLS and SASL parts only:
>
>## TLS
># Transport Layer Security
>#
>smtpd_use_tls = yes
>smtpd_tls_auth_only = yes
>smtpd_tls_key_file = /etc/ssl/postfix/stargate.solsys.org.key
>smtpd_tls_cert_file = /etc/ssl/postfix/stargate.solsys.org.crt
>smtpd_tls_CAfile = /etc/ssl/postfix/stargate.solsys.org.pem
>smtpd_tls_loglevel = 3
>smtpd_tls_received_header = yes
>smtpd_tls_session_cache_timeout = 3600s
>tls_random_source = dev:/dev/urandom
>
># SASL SUPPORT FOR CLIENTS
>#
># The following options set parameters needed by Postfix to enable
># Cyrus-SASL support for authentication of mail clients.
>#
>broken_sasl_auth_clients = yes
>smtpd_sasl_auth_enable = yes
>smtpd_sasl_security_options = noanonymous
>smtpd_data_restrictions = reject_unauth_pipelining
>smtpd_sasl_local_domain =
>
>
>This setup works here for 2 Years ...
>Cheers
>
>Joerg
>
>
><quote who="Joe Strusz">
> > Whenever i telnet to port 25, and issue the AUTH PLAIN command i receive
> > this:
> >
> > 538: Encryption required for requested authentication mechanism.
> >
> > What does this mean?
> >
> > I could really use some help on this... its been bugging me for weeks now.
> >
> > Also, I do have smtpd_tls_auth_only = yes line
> >
> >
> > Please help
> >
> > blargh.
> >
> > Your fellow befumbled gentoo user.
> >
> >
> >
> >>X-Original-To: jstrusz@oxpub.com
> >>Delivered-To: jstrusz@oxpub.com
> >>Delivered-To: <gentoo-security@lists.gentoo.org>
> >>Date: Wed, 05 Oct 2005 12:36:01 +0100
> >>From: Jonathan Wright <mail@djnauk.co.uk>
> >>User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050822)
> >>X-Accept-Language: en-us, en
> >>List-Post: <mailto:gentoo-security@lists.gentoo.org>
> >>List-Help: <mailto:gentoo-security+help@gentoo.org>
> >>List-Unsubscribe: <mailto:gentoo-security+unsubscribe@gentoo.org>
> >>List-Subscribe: <mailto:gentoo-security+subscribe@gentoo.org>
> >>List-Id: Gentoo Linux mail <gentoo-security.gentoo.org>
> >>X-BeenThere: gentoo-security@gentoo.org
> >>Reply-To: gentoo-security@lists.gentoo.org
> >>To: gentoo-security@lists.gentoo.org
> >>Subject: Re: [gentoo-security] postfix and SASL
> >>X-Virus-Scanned: This message was scanned for viruses by ClamAV.
> >>X-Spam-Status: No, hits=-2.599 tagged_above=-100 required=6.5
> >> tests=BAYES_00
> >>X-Spam-Level:
> >>
> >>Benjamin A'Lee wrote:
> >>>>Not sure but: why on port 25 and not on 465 ?
> >>>I don't think it actually matters which port; IIRC it just enables
> >>>STARTTLS by default on 465.
> >>
> >>Port 465 is for SSL (i.e. secure communication before any
> >>application data is transferred) and Port 25 accepts TLS (where the
> >>data is secured once both parties accept, however, application data
> >>transfer has occurred).
> >>
> >>Anyway, with telnet you can't talk on port 465 :)
> >>
> >> > I have confirmed postfix is indeed compiled with SASL support. And i
> >> > have TLS working great. However when i telnet to port 25 and issue
> >> the
> >> > ehlo command, i do receive the starttls etc... yet no AUTH PLAIN
> >> > lines...
> >>
> >>Depending on the configuration, AUTH PLAIN can either be disabled,
> >>or more likely, it's only send should STARTTLS be issued. I have the
> >>following lines in my main.cf:
> >>
> >>-- cut -----------------------------------------
> >># SMTPD SERVER CONTROLS
> >>smtpd_sasl_auth_enable = yes
> >>smtpd_sasl_security_options = noanonymous, noplaintext
> >>broken_sasl_auth_clients = yes
> >>smtpd_sasl_local_domain =
> >>smtpd_recipient_restrictions = permit_sasl_authenticated,
> >>permit_mynetworks, reject_unauth_destination
> >>
> >>smtpd_use_tls = yes
> >>smtpd_tls_auth_only = yes
> >>smtpd_tls_key_file = /etc/postfix/cacert/kenny.key
> >>smtpd_tls_cert_file = /etc/postfix/cacert/kenny.pem
> >>smtpd_tls_CAfile = /etc/postfix/cacert/cacert.pem
> >>smtpd_tls_loglevel = 1
> >>smtpd_tls_received_header = yes
> >>smtpd_tls_session_cache_timeout = 3600s
> >>tls_random_source = dev:/dev/urandom
> >>-- cut -----------------------------------------
> >>
> >>TLS is enabled, but smtpd_tls_auth_only will only permit
> >>authorization from clients who have issued (and successfully
> >>negotiated) the STARTTLS comment.
> >>
> >>Also, you can define what methods Postfix accepts by modifying the
> >>smtp_sasl_security_options directive.
> >>
> >>HTH,
> >>
> >>--
> >> Jonathan Wright ~ mail at djnauk.co.uk
> >> ~ www.djnauk.co.uk
> >>--
> >> 2.6.12-gentoo-r6-djnauk-b2 AMD Athlon(tm) XP 2100+
> >> up 5 days, 3:02, 4 users, load average: 0.72, 0.97, 0.71
> >>--
> >> "I don't mind straight people as long as they act gay in
> >> public."
> >>
> >> ~ T-shirt worn by Dennis Rodman of the Chicago Bulls
> >>--
> >>gentoo-security@gentoo.org mailing list
> >
> >
> > Joe Strusz
> >
> > IT Assistant
> > Oxford Publishing, Inc.
> > 307 West Jackson Avenue
> > Oxford, MS 38655-2154
> > 800-247-3881
> > 662-236-5510x40
> > jstrusz@oxpub.com
> > http://www.nightclub.com
> >
> >
> > --
> > gentoo-security@gentoo.org mailing list
> >
> >
>
>
>--
>------------------------------------------------------------------------
>| Joerg Mertin : smurphy@solsys.org (Home)|
>| in Forchheim/Germany : smurphy@linux.de (Alt1)|
>| Stardust's LiNUX System : |
>| Web: http://www.solsys.org |
>------------------------------------------------------------------------
>PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A
>
>
>
>--
>gentoo-security@gentoo.org mailing list
Joe Strusz
IT Assistant
Oxford Publishing, Inc.
307 West Jackson Avenue
Oxford, MS 38655-2154
800-247-3881
662-236-5510x40
jstrusz@oxpub.com
http://www.nightclub.com
--
gentoo-security@gentoo.org mailing list