> Yes, again from the quote from Wietse that you snipped out:
>
> > Dovecot tells Postfix the supported mechanism names and their
> > security properties.
O.K. Thanks.
I read but did not understand the quote above. Your explanation was clearer
and I understood it the first time.
Thanks again,
On 13/07/16 16:30, Michael Fox wrote:
> Ah. So you're saying that for each auth mechanism configured in the SASL
> implementation (dovecot in my case), the SASL implementation is sending
> Postfix a tuple which includes the mechanism name and which categories it
> fits into, rather than Postfix ke
> >
> > I think the actual security features list is dependant on the SASL
> > implementation, and which mechs satisfy each security feature is defined
> > in cyrus and dovecot sasl.
Ah. So you're saying that for each auth mechanism configured in the SASL
implementation (dovecot in my case), the
On 13/07/16 15:56, Peter wrote:
> On 13/07/16 15:38, Michael Fox wrote:
>> Thanks. But again, the question is *NOT* about the terminology or the
>> general meaning or definition of the categories. The question is
>> specifically asking which authentication mechanisms Postfix places in those
>> ca
On 13/07/16 15:38, Michael Fox wrote:
> Thanks. But again, the question is *NOT* about the terminology or the
> general meaning or definition of the categories. The question is
> specifically asking which authentication mechanisms Postfix places in those
> categories.
I think the actual security
>
> This is standard terminology, and therefore not defined in either
> Postfix or SASL RFC.
>
> Active network attack: an attacker modifies the communication between
> parties.
>
> Mutual authentication: each party authenticates to the other party.
Thanks. But again, the question is *NOT* abo
Wietse:
> > You can find out about SASL active etc. attacks in RFC 4422
> > https://tools.ietf.org/html/rfc4422
>
Michael Fox:
> Thanks. Yes, that describes the attack categories. But it doesn't answer
> the above question. Is the categorization documented somewhere? If not,
> how are we to kn
> In other words, how do I know which mechanisms will be
> > disallowed with "noactive" or "nodictionary" or allowed by
> "forward_secrecy"
> > or "mutual_auth"? I'm unable to connect the dots.
>
> You can find out about SASL active etc. attacks in RFC 4422
> https://tools.ietf.org/html/rfc4422
>
Wietse:
> Dovecot tells Postfix the supported mechanism names and their
> security properties. Postfix intersects that with the main.cf
> settings, and announces the mechanisms that remain.
Michael Fox:
> O.K. Thanks.
>
> Can be more specific about which SASL mechanisms are allowed or disallow
>
> Michael Fox:
> > http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options says
> "the
> > following security features are defined for the cyrus server .".
> Dovecot is
> > not mentioned. So, is it correct to interpret this to mean that this
> > postfix setting is a noop when dovecot
Michael Fox:
> http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options says "the
> following security features are defined for the cyrus server .". Dovecot is
> not mentioned. So, is it correct to interpret this to mean that this
> postfix setting is a noop when dovecot is used for sas
11 matches
Mail list logo
