Hello, I'm having a problem with postfix in F12. I used to have my email server setup with F10. My setup had TLS enabled (self signed certs) with SASL using pwcheck_method=auxprop and CRAM-MD5 DIGEST-MD5. I had virtual accounts. Everything worked great until I installed F12. It was a clean install. My issue now is the following: If I disable TLS, postfix works as expected. If I enable it, I cannot authenticate. Without TLS I can telnet to my server and I get 250-AUTH CRAM-MD5 DIGEST-MD5 250-AUTH=CRAM-MD5 DIGEST-MD5. However, once I enable TLS this doesn't show. My mail client says the server does not support CRAM-MD5 or any other method of authentication I try when TLS is on.
I've tested the certs with openssl and I don't get any errors.
I've been running my mail server on Fedora since FC3 and I've never encountered this issue. Has anyone had this problem? A solution will be appreciated.
Thanks in advance.
Froinds
On 01/01/2010 11:41 PM, froinds J wrote:
Hello, I'm having a problem with postfix in F12. I used to have my email server setup with F10. My setup had TLS enabled (self signed certs) with SASL using pwcheck_method=auxprop and CRAM-MD5 DIGEST-MD5. I had virtual accounts. Everything worked great until I installed F12. It was a clean install. My issue now is the following: If I disable TLS, postfix works as expected. If I enable it, I cannot authenticate. Without TLS I can telnet to my server and I get 250-AUTH CRAM-MD5 DIGEST-MD5
What auxprop plugin are you using?
Cheers, Raman
On Sat, Jan 2, 2010 at 2:42 AM, Raman Gupta rocketraman@fastmail.fm wrote:
On 01/01/2010 11:41 PM, froinds J wrote:
Hello, I'm having a problem with postfix in F12. I used to have my email server setup with F10. My setup had TLS enabled (self signed certs) with SASL using pwcheck_method=auxprop and CRAM-MD5 DIGEST-MD5. I had virtual accounts. Everything worked great until I installed F12. It was a clean install. My issue now is the following: If I disable TLS, postfix works as expected. If I enable it, I cannot authenticate. Without TLS I can telnet to my server and I get 250-AUTH CRAM-MD5 DIGEST-MD5
What auxprop plugin are you using?
Cheers, Raman
None. What should I use? Froinds
On 01/02/2010 02:58 AM, froinds J wrote:
On Sat, Jan 2, 2010 at 2:42 AM, Raman Gupta <rocketraman@fastmail.fm mailto:rocketraman@fastmail.fm> wrote:
On 01/01/2010 11:41 PM, froinds J wrote: Hello, I'm having a problem with postfix in F12. I used to have my email server setup with F10. My setup had TLS enabled (self signed certs) with SASL using pwcheck_method=auxprop and CRAM-MD5 DIGEST-MD5. I had virtual accounts. Everything worked great until I installed F12. It was a clean install. My issue now is the following: If I disable TLS, postfix works as expected. If I enable it, I cannot authenticate. Without TLS I can telnet to my server and I get 250-AUTH CRAM-MD5 DIGEST-MD5 What auxprop plugin are you using? Cheers, RamanNone. What should I use? Froinds
I guess that depends on how your virtual users are configured.
I don't use auxprop myself -- I configure saslauthd to authenticate via pam (pwcheck_method: saslauthd). Then configure the /etc/pam.d/smtp file as desired (mine uses pam_mysql.so to authenticate virtual users against a mysql table).
However, based on the docs at http://www.postfix.org/SASL_README.html it appears that if you use auxprop, it should be configured with a plugin, like "auxprop_plugin: sql" or "auxprop_plugin: sasldb".
If you do switch to saslauthd (pam) note the following warning from the same docs:
IMPORTANT: The Cyrus SASL password verification services pwcheck and saslauthd can only support the plaintext mechanisms PLAIN or LOGIN. However, the Cyrus SASL library doesn't know this, and will happily advertise other authentication mechanisms that the SASL library implements, such as DIGEST-MD5. As a result, if a remote SMTP client chooses any mechanism other than PLAIN or LOGIN while pwcheck or saslauthd are used, authentication will fail. Thus you may need to limit the list of mechanisms advertised by the Postfix SMTP server.
Cheers, Raman
-
froinds J -
Raman Gupta