-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Am 29.09.14 15:30, schrieb Reindl Harald:
Am 29.09.2014 um 15:21 schrieb Michael Wechner:
Hi Harald
Thanks very much for your quick reply. Please see my answers inline below
telnet is worthless because AUTH is likely announced *after STARTTLS* http://www.postfix.org/postconf.5.html#smtp_sasl_security_options
right, but when requesting for example mail.wyona.com, then I can see
AUTH
depends on the servers configuration
hence I would assume to see it also for the new version of postfix and dovecot, or do I misunderstand something?
yes, you did not read
http://www.postfix.org/postconf.5.html#smtp_sasl_security_options
if the server is configured in a way it offers AUTH only over a encrypted channel (recommended) then you need to use STARTTLS before you see the capability and for that telnet is just the wrong tool
the new server config reads (postfix mail_version = 2.7.0):
smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/dovecot-auth smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sender_restrictions = reject_unknown_sender_domain
and the old server config reads:
smtpd_sasl_type = dovecot smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_path = private/auth broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_recipient_domain, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_unknown_sender_domain, reject_rbl_client multi.uribl.com, reject_rbl_client bl.spamcop.net, reject_rbl_client opm.blitzed.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dnsbl.njabl.org
which means both configs are using
smtpd_sasl_security_options = noanonymous
But also when I am not using telnet, but Thunderbird for example, with the new server I never receive a dialog to enter a password as I do with the old server. This is the reason why I started to have the idea that no authentication is being requested in the first place (and hence the relay was rejected).
Thanks
Michael
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org
iQEcBAEBCgAGBQJUKWPtAAoJECV0ivYw6bPK/7YIAOPn+52CYWaC8KJsa6FULKSF SzilCnplLC23mRYLhQ1bnvttOMXq2XpASmh/egmkaYC49SDYfpCzawzSUn2Z3IkK KqQbUOU79t9Qc4lTgINKwuRdWrrmx7pB9iH4IggjLfWsaCOM/1yqo6Ir55A+bm0t VWk/U69rWixv0/QBNMqmcp0snJcgjYPh5HtQUHGk1bWZ4LlYwao3wonPJr4pedTo bcwq3SN7rKWCE4V4DBc6luJhqlSudMI37oCYaIw4FYyNZfYEoi4gUMfjeeHVZHrQ VGCaZPusr61GJDF2WxUw4bfoHTBvxsiBqmmaDKy00QrwJGwESI9Mabs9KJS5Mwc= =QGL9 -----END PGP SIGNATURE-----