Am 2024-12-22 01:39, schrieb Peter via Postfix-users:
On 22/12/24 02:54, Michael Tokarev via Postfix-users wrote:
However, there are other mechanisms being developed, for example
OAUTH2,
which, in terms of Cyrus SASL, does not work with saslauthd at all,
I don't see why it wouldn't.
so
ne
On 22/12/24 23:22, Michael Tokarev via Postfix-users wrote:
Cyrus SASL is a separate thing in people minds because it is a
separate, independent library/subsystem. You can install a separate
package named this way. But in Dovecot it is an integral part of a
larger system, it is not viewed like
22.12.2024 13:13, Tomasz Pala via Postfix-users wrote:
Well, Cyrus is also not SASL-only...
https://doc.dovecot.org/2.3/admin_manual/sasl/ is what I mean.
Cyrus SASL is a separate thing in people minds because it is a
separate, independent library/subsystem. You can install a separate
packag
On 2024-12-22 07:53, Michael Tokarev via Postfix-users wrote:
>
> It is not true for you, but not for most others who treat dovecot like
> a mailbox storage/access solution (IMAP/POP/etc). Sure it is capable
> to provide just the auth part, it's just not what people think about it.
Well, Cyrus i
22.12.2024 11:53, Peter via Postfix-users wrote:
On 22/12/24 19:53, Michael Tokarev via Postfix-users wrote:
However, there are other mechanisms being developed, for example OAUTH2,
which, in terms of Cyrus SASL, does not work with saslauthd at all,
I don't see why it wouldn't.
saslauthd h
On 2024-12-22 01:42, Peter via Postfix-users wrote:
>>
>> What's worth mentioning is that PLAIN/LOGIN also requires cleartext
>> password storage - on the client side.
>
> This is not entirely true. It is possible for a client to store
> passwords in an encrypted db which is decrypted with its o
22.12.2024 11:53, Peter via Postfix-users wrote:
[people treat dovecot sasl as part of dovecot]
I realize that, but it's fairly easy to implement and easy to configure dovecot to only provide the SASL backend plus it does appear to be the most
comprehensive, easiest to implement solution for SA
On 22/12/24 19:53, Michael Tokarev via Postfix-users wrote:
22.12.2024 03:39, Peter via Postfix-users wrote:
On 22/12/24 02:54, Michael Tokarev via Postfix-users wrote:
However, there are other mechanisms being developed, for example OAUTH2,
which, in terms of Cyrus SASL, does not work with sa
22.12.2024 03:39, Peter via Postfix-users wrote:
On 22/12/24 02:54, Michael Tokarev via Postfix-users wrote:
However, there are other mechanisms being developed, for example OAUTH2,
which, in terms of Cyrus SASL, does not work with saslauthd at all,
I don't see why it wouldn't.
saslauthd ha
On 22/12/24 03:19, Tomasz Pala via Postfix-users wrote:
What's worth mentioning is that PLAIN/LOGIN also requires cleartext
password storage - on the client side.
This is not entirely true. It is possible for a client to store
passwords in an encrypted db which is decrypted with its own pass
On 22/12/24 02:54, Michael Tokarev via Postfix-users wrote:
However, there are other mechanisms being developed, for example OAUTH2,
which, in terms of Cyrus SASL, does not work with saslauthd at all,
I don't see why it wouldn't.
so
needs direct integration within postfix in a form of plugin
21.12.2024 19:51, Wietse Venema via Postfix-users wrote:
Michael Tokarev via Postfix-users:
I still yet to see the reason for this, besides a statement "chroot is
painless for freebsd but for linux is unsupportable", which is nothing
but a big old myth, since the two works the same.
That is a
Michael Tokarev via Postfix-users:
> I still yet to see the reason for this, besides a statement "chroot is
> painless for freebsd but for linux is unsupportable", which is nothing
> but a big old myth, since the two works the same.
That is a myth, because we already discussed that glibc needs fil
21.12.2024 18:31, Wietse Venema via Postfix-users wrote:
Michael Tokarev via Postfix-users:
It *feels* like postfix needs some separation of this sasl stuff into
its own process somehow, similar to how proxymap is done, so that
eg cyrus sasl code is not linked directly into smtp[d] with all it
Michael Tokarev via Postfix-users:
> There's nothing in the docs saying if dovecot sasl can work with
> non-plaintext mechanisms. In almost all docs and examples I've
> found, dovecot side of the config is configured with
> "auth_mechanisms = plain login". There are some vague references
> to usa
On 2024-12-21 14:54, Michael Tokarev via Postfix-users wrote:
>
> cleartext password (storage) is required for many SASL mechanisms over
> than PLAIN. And none of these mechanisms work with -a pam or with
[...]
> However, there are other mechanisms being developed, for example OAUTH2,
What's wor
21.12.2024 16:16, Viktor Dukhovni via Postfix-users wrote:
On Sat, Dec 21, 2024 at 01:51:46PM +0300, Michael Tokarev via Postfix-users
wrote:
...
As far as I can see, Cyrus SASL can work with plaintext methods
using saslauthd (which has very simple username,password => ok|bad
protocol), and ca
On 2024-12-21 11:51, Michael Tokarev via Postfix-users wrote:
>
> We've basically two big kinds of SASL mechanisms: plaintext
> (which are login and plain) and non-plaintest (everything else).
[...]
> There's nothing in the docs saying if dovecot sasl can work with
> non-plaintext mechanisms. In
On Sat, Dec 21, 2024 at 01:51:46PM +0300, Michael Tokarev via Postfix-users
wrote:
> Hi!
>
> I'm trying to get a "big picture" about how postfix works with
> various SASL options. It looks like there's a big overview
> missing in the docs somehow.
>
> We've basically two big kinds of SASL mecha
[ No need to "Cc:" me in replies, just reply to the list. It is
unfortunate that mailman moves my address from "From:" to "Reply-To:",
that's very much not my intent. ]
On Tue, Jul 09, 2024 at 11:50:40AM +1000, hkhk_exact10 wrote:
> > with much additional configuration needed for pam_ldap.
>
>
> with much additional configuration needed for pam_ldap.
>
Can you please provide some details about the configuration for this part.
As mentioned, I have configure ldap via saslauthd by below configurations
]# egrep -v "^#|^$" /etc/sysconfig/saslauthd
SOCKETDIR=/run/saslauthd
MECH=ldap
FLAGS=
Hi Patrick,
Cyrus SASL is able to use saslauthd in order to authenticate users in
> /etc/passwd. I don’t know what you did with Cyrus SASL to configure AD
> authentication, but assuming it would be a method called foobar you would
> configure Cyrus SASL to use the following list of password verifi
On Mon, Jul 08, 2024 at 08:39:54AM +0200, Patrick Ben Koetter via Postfix-users
wrote:
> > I want to setup SMTP authentication in such a way that the user
> > should first be looked locally (/etc/passwd) and then in AD. Is it
> > possible to do so? I was able to configure AD auth via sasl (cyrus)
Sandeep,
> Am 08.07.2024 um 07:37 schrieb hkhk_exact10 via Postfix-users
> :
>
> Hi All,
>
> I want to setup SMTP authentication in such a way that the user should first
> be looked locally (/etc/passwd) and then in AD. Is it possible to do so? I
> was able to configure AD auth via sasl (cyru
Wietse Venema via Postfix-users:
Fixed with Postfix 3.8.3, 3.7.8, 3.6.12, 3.5.22:
that's all right. thank you Wietse.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Northwind via Postfix-users:
> Hello,
>
> Is it possible to set mail.log for recording sasl login usernames?
>
> May 29 06:52:45 mx postfix/smtps/smtpd[3022855]: warning:
> unknown[138.185.193.64]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
> May 29 06:52:57 mx postfix/smtpd[3023133]: warnin
On 5/28/24 5:39 AM, Christophe Kalt via Postfix-users wrote:
smtpd_delay_reject to no
I had it at yes.
Changed it.
--john
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
On 28/05/2024 11:39, Christophe Kalt via Postfix-users wrote:
On Sun, May 26, 2024 at 5:57 AM John Fawcett via Postfix-users
wrote:
For submission I only use xbl (return code 127.0.0.4) excluding
other other data contained in zen like pbl that lists isp dynamic
ip ranges from whic
On Sun, May 26, 2024 at 5:57 AM John Fawcett via Postfix-users <
postfix-users@postfix.org> wrote:
For submission I only use xbl (return code 127.0.0.4) excluding other
other data contained in zen like pbl that lists isp dynamic ip ranges from
which you would normally expect to get connections t
On Sun, May 26, 2024 at 5:57 AM John Fawcett via Postfix-users <
postfix-users@postfix.org> wrote:
> For submission I only use xbl (return code 127.0.0.4) excluding other
> other data contained in zen like pbl that lists isp dynamic ip ranges from
> which you would normally expect to get connectio
postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]
John Hill via Postfix-users:
Is this the same thing?
On 25.05.24 15:54, Wietse Venema via Postfix-users wrote:
See https://www.spamhaus.org/faqs/dnsbl-usage/#200 for a table
with the purpose of different lookup results.
To block xbl
On 27/05/2024 13:31, John Hill via Postfix-users wrote:
On 5/27/24 4:13 AM, Matus UHLAR - fantomas via Postfix-users wrote:
> postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]
John Hill via Postfix-users:
Is this the same thing?
On 25.05.24 15:54, Wietse Venema via Postfix-users
On 5/27/24 4:13 AM, Matus UHLAR - fantomas via Postfix-users wrote:
> postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]
John Hill via Postfix-users:
Is this the same thing?
On 25.05.24 15:54, Wietse Venema via Postfix-users wrote:
See https://www.spamhaus.org/faqs/dnsbl-usage/#200
> postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]
John Hill via Postfix-users:
Is this the same thing?
On 25.05.24 15:54, Wietse Venema via Postfix-users wrote:
See https://www.spamhaus.org/faqs/dnsbl-usage/#200 for a table
with the purpose of different lookup results.
To block x
On 25/05/2024 20:50, John Hill via Postfix-users wrote:
On 5/25/24 11:22 AM, John Fawcett via Postfix-users wrote:
On 24/05/2024 03:03, John Hill via Postfix-users wrote:
I learn something every time I read this group, when I can keep up
with the conversation!
I had auth on ports I did no
On 5/25/24 3:54 PM, Wietse Venema via Postfix-users wrote:
John Hill via Postfix-users:
postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]
Is this the same thing?
See https://www.spamhaus.org/faqs/dnsbl-usage/#200 for a table
with the purpose of different lookup results.
To block xbl
John Hill via Postfix-users:
> > postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]
> Is this the same thing?
See https://www.spamhaus.org/faqs/dnsbl-usage/#200 for a table
with the purpose of different lookup results.
To block xbl listed clients with postscreen, one would configure
xbl.sp
On 5/25/24 11:22 AM, John Fawcett via Postfix-users wrote:
On 24/05/2024 03:03, John Hill via Postfix-users wrote:
I learn something every time I read this group, when I can keep up
with the conversation!
I had auth on ports I did not need. I use auth on submission port
587, for users acces
On 24/05/2024 03:03, John Hill via Postfix-users wrote:
I learn something every time I read this group, when I can keep up
with the conversation!
I had auth on ports I did not need. I use auth on submission port 587,
for users access.
I do get a boat load of failed login attempts on 587. F
On 5/24/24 9:33 AM, Matus UHLAR - fantomas via Postfix-users wrote:
On 24.05.24 07:36, John Hill via Postfix-users wrote:
What command do you use to reset the connection?
no command, just rule in OUTPUT chain:
1710 649K REJECT 6 -- * * 0.0.0.0/0
0.0.0.0/0
On 24.05.24 07:36, John Hill via Postfix-users wrote:
What command do you use to reset the connection?
no command, just rule in OUTPUT chain:
1710 649K REJECT 6-- * * 0.0.0.0/00.0.0.0/0
tcp spt:25 match-set block-smtp dst reject-with icmp-port-unre
What command do you use to reset the connection?
On 5/24/24 6:18 AM, Matus UHLAR - fantomas via Postfix-users wrote:
On 23.05.24 21:03, John Hill via Postfix-users wrote:
I use Fail2Ban to block the failed IP. The script writes it into the
nftables table immediately.
I think this keeps Postfi
On 23.05.24 21:03, John Hill via Postfix-users wrote:
I use Fail2Ban to block the failed IP. The script writes it into the
nftables table immediately.
I think this keeps Postfix waiting and times out, not a big deal. Is
there a cli that my bash script could force disconnect the ip from
Postfi
Will do it. Tonight.
Thanks
On May 23, 2024 9:11 PM, Wietse Venema via Postfix-users
wrote:
John Hill via Postfix-users:
> I learn something every time I read this group, when I can keep up with
> the conversation!
>
> I had auth on ports I did not need. I use auth on submission port 5
John Hill via Postfix-users:
> I learn something every time I read this group, when I can keep up with
> the conversation!
>
> I had auth on ports I did not need. I use auth on submission port 587,
> for users access.
>
> I do get a boat load of failed login attempts on 587. Funny how a China,
Wietse Venema via Postfix-users:
> Viktor Dukhovni via Postfix-users:
> > On Fri, Oct 06, 2023 at 06:50:38PM -0400, Wietse Venema via Postfix-users
> > wrote:
> >
> > > +} else {
> > > + server->username = mystrdup(serverout);
> > > + printable(server->username, '?');
> >
> > I might note th
On Fri, 6 Oct 2023, Wietse Venema via Postfix-users wrote:
> Jozsef Kadlecsik via Postfix-users:
> > +sasl_username = xsasl_server_get_username(state->sasl_server);
> > +if (sasl_username != 0) {
> > + state->sasl_username = mystrdup(sasl_username);
> > + printable(stat
Hello,
On Fri, 6 Oct 2023, Wietse Venema via Postfix-users wrote:
> Has this been tested:
>
> - With Cyrus SASL?
>
> - With Dovecot auth?
It was tested with Cyrus SASL only.
> - With malformed AUTH commands?
No, I tested valid AUTH commands with successful and unsuccessful
authentications
Viktor Dukhovni via Postfix-users:
> On Fri, Oct 06, 2023 at 06:50:38PM -0400, Wietse Venema via Postfix-users
> wrote:
>
> > +} else {
> > + server->username = mystrdup(serverout);
> > + printable(server->username, '?');
>
> I might note that when UTF8 is enabled, this does correctly le
On Fri, Oct 06, 2023 at 06:50:38PM -0400, Wietse Venema via Postfix-users wrote:
> +} else {
> + server->username = mystrdup(serverout);
> + printable(server->username, '?');
I might note that when UTF8 is enabled, this does correctly leaves valid
UTF8 characters undisturbed.
However
Wietse Venema via Postfix-users:
> I think I can take it from here.
Wietse
20231006
Clenaup: attempt to log the SASL username after authentication
failure. This appends ", sasl_username=xxx" to SASL authentication
failure logging. Based on code by Jozsef Kadlecsik
Jozsef Kadlecsik via Postfix-users:
> +sasl_username = xsasl_server_get_username(state->sasl_server);
> +if (sasl_username != 0) {
> + state->sasl_username = mystrdup(sasl_username);
> + printable(state->sasl_username, '?');
1) There is no corresponding myfree() call.
2) There is
Jozsef Kadlecsik:
> If I increase the log_level to 4 in the sasl config for smtpd and add -v
> to smtpd in master.cf, then the username is reported in the log:
Of course the login name is sent via the AUTH command, and it will
show up in the raw protocol logging. Your example is for the LOGIN
mec
On Fri, 6 Oct 2023, Jozsef Kadlecsik via Postfix-users wrote:
> However it's a debug mode, cannot be used in production. It is clear that
> SASL protocol is not implemented and thus the messages have no meaning,
> just reported. However, it seems the data is there and available.
>
> Would you c
Hi Wietse,
On Fri, 6 Oct 2023, Wietse Venema via Postfix-users wrote:
> Jozsef Kadlecsik via Postfix-users:
> > Hi,
> >
> > Is there a way to get the SASL username logged for the failed
> > authentications together with the client IP data? Postfix can log half of
> > the information the connec
Jozsef Kadlecsik via Postfix-users:
> Hi,
>
> Is there a way to get the SASL username logged for the failed
> authentications together with the client IP data? Postfix can log half of
> the information the connecting client IP address, while Cyrus saslauthd
> the second one the username. Howeve
Wietse Venema via Postfix-users:
> If we change the syntax of smtp_sasl_password_maps entries, then
> that will require a new configuration parameter to indicate how the
> lookup result should be parsed.
>
> My preference would be:
>
> smtp_sasl_password_map_result_delimiter
I implemented a sim
Hi,
> Am 13.08.2023 um 02:06 schrieb Wietse Venema via Postfix-users
> :
>
…
> My preference would be:
>
> smtp_sasl_password_map_result_delimiter
>printable character or C escape (like \t for TAB)
>default = : (for backwards compatibility)
>must not be empty
>must not be multi
Wietse Venema via Postfix-users:
> There is a tool that given a JSONschema will generate a parser in
> C that populates a C structure, at github.com/badicsalex/json_schema_to_c
> (~300 LOC). This depends on github.com/zserge/jsmn (~500 LOC). The
> generated parser is much bigger, over 35 kLOC for t
Viktor Dukhovni via Postfix-users:
> On Sun, Aug 13, 2023 at 01:47:05PM -0400, Wietse Venema via Postfix-users
> wrote:
>
> > > Any votes for JSON? :-)
> > >
> > > { "account": "user:foo", "base64password": "" }
> >
> > Before other people start to chime in, let me set some expe
On Sun, Aug 13, 2023 at 01:47:05PM -0400, Wietse Venema via Postfix-users wrote:
> > Any votes for JSON? :-)
> >
> > { "account": "user:foo", "base64password": "" }
>
> Before other people start to chime in, let me set some expectations.
My suggestion of JSON is largely in jest.
Viktor Dukhovni via Postfix-users:
> On Sat, Aug 12, 2023 at 08:05:52PM -0400, Wietse Venema via Postfix-users
> wrote:
>
> > My preference would be:
> >
> > smtp_sasl_password_map_result_delimiter
> > printable character or C escape (like \t for TAB)
> > default = : (for backwards comp
On Sat, Aug 12, 2023 at 08:05:52PM -0400, Wietse Venema via Postfix-users wrote:
> My preference would be:
>
> smtp_sasl_password_map_result_delimiter
> printable character or C escape (like \t for TAB)
> default = : (for backwards compatibility)
> must not be empty
> must not be
zonie via Postfix-users:
>
>
> > Wietse Venema via Postfix-users :
> >
> > ?zonie via Postfix-users:
> >> Hello,
> >>
> >> currently it's not possible to specify a username containing a colon ?:?
> >> inside a ?smtp_sasl_password_map?, as the colon is used to split username
> >> and password
> Wietse Venema via Postfix-users :
>
> zonie via Postfix-users:
>> Hello,
>>
>> currently it's not possible to specify a username containing a colon ?:?
>> inside a ?smtp_sasl_password_map?, as the colon is used to split username
>> and password from each other.
>>
>> Is this limitation i
>> Hello,
>>
>> currently it's not possible to specify a username containing a colon ?:?
>> inside a ?smtp_sasl_password_map?, as the colon is used to split username
>> and password from each other.
>>
>> Is this limitation intentionally or was it just overlooked?
>
> Just like the UNIX login
zonie via Postfix-users:
> Hello,
>
> currently it's not possible to specify a username containing a colon ?:?
> inside a ?smtp_sasl_password_map?, as the colon is used to split username and
> password from each other.
>
> Is this limitation intentionally or was it just overlooked?
Just like t
On 2022-06-04 02:01, Nathan Dehnel wrote:
Found it, the old password was in /etc/nullmailer/remotes.
+1
On 2022-06-04 01:01, Nathan Dehnel wrote:
The error is triggered by me running
echo "test" | mail -s "test" log...@gentooserver.dehnel.info
on another computer. I don't recall ever dealing with passwords when
SENDING mail to an account.
that mail command is done outside of permit_mynetworks on
> On Fri, Jun 3, 2022 at 5:38 PM Wietse Venema wrote:
> >
> > Nathan Dehnel:
> > > Jun 03 17:14:51 gentooserver postfix/submission/smtpd[5]: <
> > > unknown[10.0.0.152]:
> >
> > The Postfix SMTP server receives that password from the remote SMTP
> > client.
Nathan Dehnel:
> The error is trig
Found it, the old password was in /etc/nullmailer/remotes.
Thanks.
On Fri, Jun 3, 2022 at 6:01 PM Nathan Dehnel wrote:
>
> The error is triggered by me running
> echo "test" | mail -s "test" log...@gentooserver.dehnel.info
> on another computer. I don't recall ever dealing with passwords when
> S
The error is triggered by me running
echo "test" | mail -s "test" log...@gentooserver.dehnel.info
on another computer. I don't recall ever dealing with passwords when
SENDING mail to an account.
On Fri, Jun 3, 2022 at 5:38 PM Wietse Venema wrote:
>
> Nathan Dehnel:
> > Jun 03 17:14:51 gentooserve
Nathan Dehnel:
> Jun 03 17:14:51 gentooserver postfix/submission/smtpd[5]: <
> unknown[10.0.0.152]:
The Postfix SMTP server receives that password from the remote SMTP
client.
> So something is passing around the old password, and I need to know
> how to change it.
That depends on what the
I have fixed the opendkim error by mounting /run/opendkim into smtpd's
chroot. However the SASL error is still present. I got this in the
debug log:
Jun 03 17:14:51 gentooserver postfix/submission/smtpd[5]: <
unknown[10.0.0.152]:
Jun 03 17:14:53 gentooserver postfix/submission/smtpd[5]:
x
On 2022-06-03 01:17, Nathan Dehnel wrote:
I restarted it and that did not fix it. Here is my opendkim config:
try change unix socket to inet , hope this atleast solve it, but unix
socket should work aswell case could be that parent dir does not exists
or is owned by another user
I restarted it and that did not fix it. Here is my opendkim config:
# This is a simple config file for signing and verifying
#LogWhy yes
Syslog yes
SyslogSuccess yes
Canonicalizationrelaxed/relaxed
Domainexample.com
Selectordefa
I restarted it and that did not fix it. Here is my opendkim config:
On Thu, Jun 2, 2022 at 4:36 AM Benny Pedersen wrote:
>
> On 2022-06-02 00:34, Nathan Dehnel wrote:
> > I had a working email server until I changed the unix login password
> > for a user, and now postfix errors when mail is sent
On 2022-06-02 00:34, Nathan Dehnel wrote:
I had a working email server until I changed the unix login password
for a user, and now postfix errors when mail is sent to that user, and
the mail does not appear in the inbox. How can I fix this? Thanks
postfix.service:
Jun 01 17:15:50 gentooserver p
> On 1 Jun 2022, at 6:34 pm, Nathan Dehnel wrote:
>
> I had a working email server until I changed the unix login password
> for a user, and now postfix errors when mail is sent to that user, and
> the mail does not appear in the inbox. How can I fix this? Thanks
You're mistaken, mail sent *to*
On 20/02/22 05:35, Bill Cole wrote:
We have listed all IPs. We can use a FW rule, but its heavy and hard to
manage. A Postfix list may be easier.
On Linux, using ipsets instead of putting IPs directly in rules helps
a lot with managing large lists. Fail2ban can do its work via ipsets.
An alt
On 2022-02-19 at 06:43:59 UTC-0500 (Sat, 19 Feb 2022 12:43:59 +0100)
Emmanuel BILLOT
is rumored to have said:
Hi,
We have SMTPS server with SASL auth fro posting messages from external
networks (internal xtoo). Since weeks we found a lot (very big) amount
of
SASL LOGIN authentication failed
On 19.02.22 12:43, Emmanuel BILLOT wrote:
We have SMTPS server with SASL auth fro posting messages from external
networks (internal xtoo). Since weeks we found a lot (very big) amount of
SASL LOGIN authentication failed: authentication failure
in our logs.
Client IPs are foreigns and not real
On Mon, Feb 07, 2022 at 12:46:54AM -0500, Ruben Safir wrote:
> I pulled dovecot off of 587 and turned on stmpd settings in master.cf
> but not I need to assign the certs to the postfix settings. So I am
> kind of lost. If postfix is sitting on 587 then it needs to to the
> cryptography which see
>>
> On Sat, Jan 22, 2022 at 05:56:31PM -0500, Joe Acquisto-j4 wrote:
>
>> >> > noauth unix - - n - - smtp
>> >> > -o smtp_sasl_enable=no
>> >> > -o smtp_sender_dependent_authentication=no
>> >> > -o smtp_sasl_password_maps=
>> >>
>>
On Sat, Jan 22, 2022 at 05:56:31PM -0500, Joe Acquisto-j4 wrote:
> >> > noauth unix - - n - - smtp
> >> > -o smtp_sasl_enable=no
> >> > -o smtp_sender_dependent_authentication=no
> >> > -o smtp_sasl_password_maps=
> >>
> >> My initial
> On Sat, Jan 22, 2022 at 05:11:02PM -0500, Joe Acquisto-j4 wrote:
>
>> > Therefore your master.cf file needs to have an least one additional
>> > smtp-based transport, with either SASL disabled entirely, and/or
>> > sender-dependent authentication disabled, or perhaps a variant
>> > password tab
On Sat, Jan 22, 2022 at 05:11:02PM -0500, Joe Acquisto-j4 wrote:
> > Therefore your master.cf file needs to have an least one additional
> > smtp-based transport, with either SASL disabled entirely, and/or
> > sender-dependent authentication disabled, or perhaps a variant
> > password table... B
> On Sat, Jan 22, 2022 at 02:03:29PM -0500, Joe Acquisto-j4 wrote:
>
>> > IIRC Wietse already suggested a work-around, by making the
>> > sender-dependent authentication settings be transport-specific.
>> >
>> > In particular the internal nexthop that does not do SASL should be
>> > handled by a
On Sat, Jan 22, 2022 at 02:03:29PM -0500, Joe Acquisto-j4 wrote:
> > IIRC Wietse already suggested a work-around, by making the
> > sender-dependent authentication settings be transport-specific.
> >
> > In particular the internal nexthop that does not do SASL should be
> > handled by a transport
> On Sat, Jan 22, 2022 at 08:01:27AM +1100, raf wrote:
>
>> > It is an issue with email that postfix has received, via fetchmail, and is
>> > attempting to deliver to another system. Authentication is being
>> > attempted, without it being required or requested, at least as far as I
>> > can
>
On Sat, Jan 22, 2022 at 08:01:27AM +1100, raf wrote:
> > It is an issue with email that postfix has received, via fetchmail, and is
> > attempting to deliver to another system. Authentication is being
> > attempted, without it being required or requested, at least as far as I can
> > tell.
>
>
On Thu, Jan 20, 2022 at 12:01:46PM -0500, Joe Acquisto-j4
wrote:
> > On Tue, Jan 18, 2022 at 07:22:40PM -0500, Joe Acquisto-j4
> >
> > wrote:
> >
> >> . . .
> >> > I would imagine that Postfix can only authenticate to
> >> > servers that have entries in /etc/postfix/sasl_passwd.
> >> >
> >>
> On Tue, Jan 18, 2022 at 07:22:40PM -0500, Joe Acquisto-j4
>
> wrote:
>
>> . . .
>> > I would imagine that Postfix can only authenticate to
>> > servers that have entries in /etc/postfix/sasl_passwd.
>> >
>> > smtp_sasl_password_maps (default: empty)
>> >
>> > Optional Postfix SMTP cli
On Tue, Jan 18, 2022 at 07:22:40PM -0500, Joe Acquisto-j4
wrote:
> . . .
> > I would imagine that Postfix can only authenticate to
> > servers that have entries in /etc/postfix/sasl_passwd.
> >
> > smtp_sasl_password_maps (default: empty)
> >
> > Optional Postfix SMTP client lookup table
> Wietse Venema:
>> Joe Acquisto-j4:
>> > For version 3.7.4, is there a means of disabling for smtp per user,
>> > per domain, per IP, when "smtp_sender_dependent_authentication =
>> > yes"?
>>
>> Postfix will search smtp_sasl_password_maps by sender first, and
>> if that is not found, then by des
. . .
> I would imagine that Postfix can only authenticate to
> servers that have entries in /etc/postfix/sasl_passwd.
>
> smtp_sasl_password_maps (default: empty)
>
> Optional Postfix SMTP client lookup tables with one
> username:password entry per sender, remote hostname
> or next
> Wietse Venema:
>> Joe Acquisto-j4:
>> > For version 3.7.4, is there a means of disabling for smtp per user,
>> > per domain, per IP, when "smtp_sender_dependent_authentication =
>> > yes"?
>>
>> Postfix will search smtp_sasl_password_maps by sender first, and
>> if that is not found, then by des
Wietse Venema:
> Joe Acquisto-j4:
> > For version 3.7.4, is there a means of disabling for smtp per user,
> > per domain, per IP, when "smtp_sender_dependent_authentication =
> > yes"?
>
> Postfix will search smtp_sasl_password_maps by sender first, and
> if that is not found, then by destination.
Joe Acquisto-j4:
> For version 3.7.4, is there a means of disabling for smtp per user,
> per domain, per IP, when "smtp_sender_dependent_authentication =
> yes"?
Postfix will search smtp_sasl_password_maps by sender first, and
if that is not found, then by destination.
If you don't want Postfix t
On Mon, Jan 17, 2022 at 10:04:13PM -0500, Joe Acquisto-j4
wrote:
> > On 2022-01-17 at 20:09:55 UTC-0500 (Mon, 17 Jan 2022 20:09:55 -0500)
> > Joe Acquisto-j4
> > is rumored to have said:
> >
> >
> >> Sorry for the garbled message. Looking for the config files, etc that
> >> are normally req
1 - 100 of 516 matches
Mail list logo
