On 22 Apr 2019, at 10:21, Gary Smithe wrote:
It's obvious the user is failing authentication, and from what I've
read the word: UGFzc3dvcmQ6 is literally "Password:" My question
is, does that mean postfix is literally receiving that word, or is it
obfuscating the real password that was attempted?
As Wietse says, Postfix is just passing back the error message from the
SASL library.
As a direct answer: testing indicates that this what Postfix reports
when using the Dovecot SASL library and any bad username and password
combination is used. For example, the test below uses a non-existent
user, yet the response is with the encoded "Password" string that is
used as a prompt in the "login" SASL mechanism:
# openssl s_client -connect localhost:465
[...]
220 toaster.scconsult.com ESMTP Postfix
ehlo localhost.localdomain
250-toaster.scconsult.com
250-PIPELINING
250-SIZE 40960000
250-ETRN
250-AUTH PLAIN LOGIN
250-XCLIENT NAME ADDR PROTO HELO REVERSE_NAME PORT LOGIN DESTADDR
DESTPORT
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING
auth login
334 VXNlcm5hbWU6
YmlsbEBzY2NvbnN1bHQuY29t
334 UGFzc3dvcmQ6
cmVhbGx5YmFkcGFzc3dvcmQ=
535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
quit
221 2.0.0 Bye
# grep '^Apr 22 11:10.*authentication failed' mail.log
Apr 22 11:10:12 bigsky postfix/smtps/smtpd[95883]: warning:
localhost[127.0.0.1]: SASL login authentication failed: UGFzc3dvcmQ6
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole
