Hello.

I've notice a problem with SMTP AUTH in postfix with dovecot. My configuration is based on Postgresql. I've created a function in postgresql which returns password and username and attached it to password_query. Query looks like this

password_query = SELECT username_out as username, password_out as password FROM get_password(lower('%n'),lower('%d'));

Problem is when get_password returns something like this...

vmail=# SELECT username_out as username, password_out FROM get_password(lower(''),lower('')); LOG: statement: SELECT username_out as username, password_out FROM get_password(lower(''),lower('')); LOG: duration: 2.342 ms statement: SELECT username_out as username, password_out FROM get_password(lower(''),lower('')); username | password_out ----------+-------------- | (1 row)

It returns 1 empty row....

When this is attached to postfix with smtp auth with such configuration

# SMTP AUTH broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth

my serwer starts to be open relay...

I now that it returns empty string for username and password... so where is the password checked... if I dont send password as a parameter to my function.

Definition of the function looks like this:

CREATE FUNCTION get_password("login" character varying, "domain" character varying, OUT username_out character varying, OUT password_out character varying) RETURNS record

Can you help with that...

BT