Re: SASL query

2008-08-17 Thread punit jain
Thanks . This clears my doubt. :-) On Sat, Aug 16, 2008 at 6:50 PM, Patrick Ben Koetter <[EMAIL PROTECTED]>wrote: > * Wietse Venema <[EMAIL PROTECTED]>: > > Patrick Ben Koetter: > > > A reasonable setting is: > > > > > > smtpd_sasl_security_options = noanonymous > > > > > > This allows any availa

Re: SASL query

2008-08-16 Thread Patrick Ben Koetter
* Wietse Venema <[EMAIL PROTECTED]>: > Patrick Ben Koetter: > > A reasonable setting is: > > > > smtpd_sasl_security_options = noanonymous > > > > This allows any available mechanism except for anonymous, as it is highly > > exploitable in the context of SMTP. (It's usable in the context of FTP o

Re: SASL query

2008-08-16 Thread Wietse Venema
Patrick Ben Koetter: > A reasonable setting is: > > smtpd_sasl_security_options = noanonymous > > This allows any available mechanism except for anonymous, as it is highly > exploitable in the context of SMTP. (It's usable in the context of FTP or IMAP > shared folder access). > > Another reason

Re: SASL query

2008-08-15 Thread Patrick Ben Koetter
* punit jain <[EMAIL PROTECTED]>: > Hi Patrick, > > I was going through link > http://postfix.state-of-mind.de/patrick.koetter/smtpauth/smtp_auth_mailclients.html > > " It appears that clients try authentication methods in the order as > advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5) w

Re: SASL query

2008-08-15 Thread punit jain
Hi Patrick, I was going through link http://postfix.state-of-mind.de/patrick.koetter/smtpauth/smtp_auth_mailclients.html " It appears that clients try authentication methods in the order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5) which means that if you disable plaintext passwor

Re: SASL query

2008-08-14 Thread Jorey Bump
Patrick Ben Koetter wrote, at 08/14/2008 08:22 AM: The order in which mechanisms are listed in $mech_list or in which they are announced as SMTP capability is irrelevant. The client chooses the "best" mechanism by it's own logic. Note that this has become a blessing from a support point of vie

Re: SASL query

2008-08-14 Thread Patrick Ben Koetter
* punit jain <[EMAIL PROTECTED]>: > Hi All, > > I have a query on SASL mechanism. > > I have enabled 3 mechanisms and that can be seen as : - > > ehlo localhost > 250-proxy.test.com > 250-PIPELINING > 250-SIZE 1024 > 250-VRFY > 250-ETRN > 250-STARTTLS > 250-AUTH LOGIN CRAM-MD5 PLAIN > 250-AU

SASL query

2008-08-14 Thread punit jain
Hi All, I have a query on SASL mechanism. I have enabled 3 mechanisms and that can be seen as : - ehlo localhost 250-proxy.test.com 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN CRAM-MD5 PLAIN 250-AUTH=LOGIN CRAM-MD5 PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250