No AUTH PLAIN with dovecot 2.0.19

Michael Wechner michael.wechner at wyona.com
Mon Sep 29 13:51:41 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Am 29.09.14 15:30, schrieb Reindl Harald:
>
>
> Am 29.09.2014 um 15:21 schrieb Michael Wechner:
>>
>> Hi Harald
>>
>> Thanks very much for your quick reply. Please see my answers inline below
>>
>>> telnet is worthless because AUTH is likely announced *after STARTTLS*
>>> http://www.postfix.org/postconf.5.html#smtp_sasl_security_options
>>
>> right, but when requesting for example mail.wyona.com, then I can see
AUTH
>
> depends on the servers configuration
>
>> hence I would assume to see it also for the new version of postfix
>> and dovecot, or do I misunderstand something?
>
> yes, you did not read
http://www.postfix.org/postconf.5.html#smtp_sasl_security_options
>
> if the server is configured in a way it offers AUTH only
> over a encrypted channel (recommended) then you need to
> use STARTTLS before you see the capability and for that
> telnet is just the wrong tool

the new server config reads (postfix mail_version = 2.7.0):

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unauth_pipelining,
permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = reject_unknown_sender_domain

and the old server config reads:

smtpd_sasl_type = dovecot
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,
                             permit_mynetworks,
                             reject_unknown_recipient_domain,
                             reject_unauth_destination,
                             reject_unauth_pipelining,
                             reject_invalid_hostname,
                             reject_unknown_sender_domain,
                             reject_rbl_client multi.uribl.com,
                             reject_rbl_client bl.spamcop.net,
                             reject_rbl_client opm.blitzed.org,
                             reject_rbl_client cbl.abuseat.org,
                             reject_rbl_client dnsbl.njabl.org

which means both configs are using

smtpd_sasl_security_options = noanonymous


But also when I am not using telnet, but Thunderbird for example, with
the new server I never receive a dialog to enter a password as I do with
the old server. This is the reason why I started to have the idea that
no authentication is being requested in the first place (and hence the
relay was rejected).

Thanks

Michael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJUKWPtAAoJECV0ivYw6bPK/7YIAOPn+52CYWaC8KJsa6FULKSF
SzilCnplLC23mRYLhQ1bnvttOMXq2XpASmh/egmkaYC49SDYfpCzawzSUn2Z3IkK
KqQbUOU79t9Qc4lTgINKwuRdWrrmx7pB9iH4IggjLfWsaCOM/1yqo6Ir55A+bm0t
VWk/U69rWixv0/QBNMqmcp0snJcgjYPh5HtQUHGk1bWZ4LlYwao3wonPJr4pedTo
bcwq3SN7rKWCE4V4DBc6luJhqlSudMI37oCYaIw4FYyNZfYEoi4gUMfjeeHVZHrQ
VGCaZPusr61GJDF2WxUw4bfoHTBvxsiBqmmaDKy00QrwJGwESI9Mabs9KJS5Mwc=
=QGL9
-----END PGP SIGNATURE-----

More information about the dovecot mailing list