On Tue, Aug 31, 2010 at 01:53:21PM +1000, Jean-Yves Avenard wrote:
> Hi
>
> On 31 August 2010 03:42, Victor Duchovni
> <victor.ducho...@morganstanley.com> wrote:
> >
> > Probably not surprising when the Cyrus library is pre-empted by Apple's
> > "pw" server, and the mechanism list is defined in an Apple-specific
> > configuration parameter.
>
> I just compiled sendmail for mac os 10.6.
>
> And it's behaving perfectly with Apple's cyrus library, when you use
> sendmail's confAUTH option.
You'll find the same thing if you compile the official Postfix. It
is not Apple's Cyrus library that is the issue. The Apple Postfix
server is modified to implement SASL mechanisms without Cyrus SASL,
via Apple's directory and password services. This is convenient in
many ways, but the integration exposes some warts. Please file
a bug report with Apple.
In the mean-time retest Postfix with the real Cyrus library, not
Apple's "pw_server".
>
> 250-AUTH DIGEST-MD5 CRAM-MD5
> 250-STARTTLS
>
> Over TLS:
> 250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
>
> So whatever sendmail is doing to check if it's a secure login method
> is working, the one in postfix doesn't seem to
No, what's "not working" is the lack of integration between the Apple
security framework (bypassing Cyrus SASL) and the Postfix controls that
make mechanisms dependent on the TLS security level.
--
Viktor.
