On Thu, Jun 23, 2022 at 09:34:35AM -0300, Luc GMail wrote:
> Now I wonder what is the point of requiring b64 hashes when they can be
> decoded so easily...
Use of base64 encoding allows arbitrary binary data to be exchanged via
the ASCII text SMTP protocol. It merely resolves an impedance mismatch
between the underlying security mechanisms and SMTP. It is not meant to
provide any confidentiality.
> > As for why authentication is failing, is "saslauthd" actually installed
> > and running with a sensible backend (e.g. "-a pam") specified?.
>
> Yes.
>
> # ps aux | grep saslauthd
> root 32304 0.0 0.2 18364 2512 ? Ss 07:37 0:00
> /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 2
> root 32305 0.0 0.0 18364 916 ? S 07:37 0:00
> /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 2
Your Postfix SMTP service chrooted, you need to provide a mux socket
*inside* the chroot jail, or else (simpler) turn off chroot for the
submission services in master.cf.
> How do I test credentials now?
By typing the SASL commands at the running "openssl s_client" program,
which only exits once the connection is closed (e.g. by sending QUIT
or killing it by typing <Ctrl>-C).
> > openssl s_client -starttls smtp -connect localhost:587
>
> It works and generates a lot of output, including a certificate.
You can make it less verbose if you prefer:
openssl s_client -brief -starttls smtp -connect localhost:587
> # openssl s_client -starttls smtp -connect localhost:587
> CONNECTED(00000003)
> [...]
> read R BLOCK
[ Type your input here ]
--
Viktor.
