[Dovecot] Dovecot, Postfix and SMTP AUTH....
Hello.
I've notice a problem with SMTP AUTH in postfix with dovecot. My configuration is based on Postgresql. I've created a function in postgresql which returns password and username and attached it to password_query. Query looks like this
password_query = SELECT username_out as username, password_out as password FROM get_password(lower('%n'),lower('%d'));
Problem is when get_password returns something like this...
vmail=# SELECT username_out as username, password_out FROM get_password(lower(''),lower('')); LOG: statement: SELECT username_out as username, password_out FROM get_password(lower(''),lower('')); LOG: duration: 2.342 ms statement: SELECT username_out as username, password_out FROM get_password(lower(''),lower('')); username | password_out ----------+-------------- | (1 row)
It returns 1 empty row....
When this is attached to postfix with smtp auth with such configuration
# SMTP AUTH broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth
my serwer starts to be open relay...
I now that it returns empty string for username and password... so where is the password checked... if I dont send password as a parameter to my function.
Definition of the function looks like this:
CREATE FUNCTION get_password("login" character varying, "domain" character varying, OUT username_out character varying, OUT password_out character varying) RETURNS record
Can you help with that...
BT
Zrob numer kumplom >> http://link.interia.pl/f1a5d
You may not get a reply because your home domain is in the SURBL list, so your message will likely end up in everyone's spam folder. I've pasted the SpamAssassin report below.
Content analysis details: (5.7 points, 5.0 required)
pts rule name description
-------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] 4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist [URIs: interia.pl] 3.8 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist [URIs: interia.pl]
Kenneth Porter schreef:
You may not get a reply because your home domain is in the SURBL list, so your message will likely end up in everyone's spam folder. I've pasted the SpamAssassin report below.
Content analysis details: (5.7 points, 5.0 required)
pts rule name description
-------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] 4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist [URIs: **interia**.pl] 3.8 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist [URIs: **interia**.pl]
You might wanna remove/obfuscate the offending URI then eh? :) Your reply is flagged as spam this way as well..
Regards,
Stephan
On Wednesday, April 25, 2007 9:29 PM +0200 Stephan Bosch <stephan@rename-it.nl> wrote:
You might wanna remove/obfuscate the offending URI then eh? :) Your reply is flagged as spam this way as well..
Hehe, I thought about that but couldn't see how to cc him, unless I bcc'd him.
On Tue, 2007-04-24 at 16:39 +0200, Bartosz Toczek wrote:
Problem is when get_password returns something like this... .. username | password_out ----------+-------------- |
Isn't it possible to make PostgreSQL function not return a row?
Anyway, there's nothing in Dovecot side you can do for now, but for v1.1 I changed the code so that NULL password doesn't automatically mean that any password is valid (it requires now also returning "nopassword" field).
participants (4)
-
Bartosz Toczek
-
Kenneth Porter
-
Stephan Bosch
-
Timo Sirainen