On 6/15/2012 9:26 AM, Alain Deseine wrote: > When i try locally, using telnet, it's ok again : > > *ks3094730:~ # telnet localhost 25 > Trying ::1... > Connected to localhost. > Escape character is '^]'. > 220 xxx.hhhh.fr ESMTP Postfix > EHLO TETE > 250-AUTH GSSAPI LOGIN PLAIN DIGEST-MD5 > *
Notice that AUTH is offered in your basic test. > *250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN > * But ignored. > *MAIL FROM:eaz...@ezaezae.eu > 250 2.1.0 Ok > RCPT TO:zzz.ee...@gmail.com > 250 2.1.5 Ok > DATA > 354 End data with <CR><LF>.<CR><LF> > test > . > 250 2.0.0 Ok: queued as E0DA123AEB > QUIT > 221 2.0.0 Bye > Connection closed by foreign host. > ks3094730:~ #* > > > The problem begin when i try to use the webmail installed on the same > host. > > Here is the logs i get : > > *Jun 15 15:15:44 xxxx dovecot: imap-login: Login: user=<x...@xxxx.fr>, > method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=14359, TLS > Jun 15 15:15:44 xxxx postfix/smtpd[14241]: connect from > localhost[127.0.0.1] > Jun 15 15:15:44 xxxx postfix/smtpd[14241]: warning: > localhost[127.0.0.1]: SASL LOGIN authentication failed: authentication > failure > Jun 15 15:15:44 xxxx postfix/smtpd[14241]: lost connection after AUTH > from localhost[127.0.0.1] > Jun 15 15:15:44 xxxx postfix/smtpd[14241]: disconnect from > localhost[127.0.0.1] > * The CLIENT disconnects after the AUTH failed, not POSTFIX. > I don't understand because i setup postfix to NOT use SASL > authentication for localhost : > That statement is incorrect. You ALLOW localhost OR SASL authenticated to relay but nothing says disable for localhost. > *mynetworks_style = host > smtpd_recipient_restrictions = > permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination > * > I certainly miss something, but don't know why and the fact it's work > through a simple telnet session and not from the webmail seems very > strange to me. > > The webmail is open xchange. > > Any idea ? I think you should FIX the authentication of webmail. Webmail is a source of exploits especially if it is public facing. The more information you have of which account is leaking, the better you will be in the future. Brian
