Hello.
I've notice a problem with SMTP AUTH in postfix with dovecot. My configuration is based on Postgresql. I've created a function in postgresql which returns password and username and attached it to password_query. Query looks like this
password_query = SELECT username_out as username, password_out as password FROM get_password(lower('%n'),lower('%d'));
Problem is when get_password returns something like this...
vmail=# SELECT username_out as username, password_out FROM get_password(lower(''),lower('')); LOG: statement: SELECT username_out as username, password_out FROM get_password(lower(''),lower('')); LOG: duration: 2.342 ms statement: SELECT username_out as username, password_out FROM get_password(lower(''),lower('')); username | password_out ----------+-------------- | (1 row)
It returns 1 empty row....
When this is attached to postfix with smtp auth with such configuration
# SMTP AUTH broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth
my serwer starts to be open relay...
I now that it returns empty string for username and password... so where is the password checked... if I dont send password as a parameter to my function.
Definition of the function looks like this:
CREATE FUNCTION get_password("login" character varying, "domain" character varying, OUT username_out character varying, OUT password_out character varying) RETURNS record
Can you help with that...
BT