294315Re: sasl on smtps: allowing plaintext
- Jul 16, 2013On Tue, Jul 16, 2013 at 10:03:57PM +0000, Viktor Dukhovni wrote:
> On Tue, Jul 16, 2013 at 11:06:47PM +0200, Vincent Pelletier wrote:Sure, this works, but why is it a problem? Why not just enforce TLS
> > Following pointers and advice from pj and adaptr on freenode,
> > I've setup postfix on my box to send mail through the mail
> > accounts I have (including the one I'm sending from now). The
> > problem is, some of my account providers do not support TLS, so
> > I have to use stunnel. Then, postfix logs
> > warning: SASL authentication failure: No worthy mechs found
> > thanks to
> > smtp_sasl_security_options = noanonymous, noplaintext
> > and queues the message for retry.
> > How can I tell postfix that plaintext auth mechanisms should be
> > allowed when sending to a specific ip (and maybe port) ?
> > Of course, I would like to keep plaintext auth disallowed
> > anywhere else.
> Separate destinations with incompatible SASL requirements by
> transport (clone smtp/unix under additional names). Configure
> each transport's SASL settings via:
where it is needed?
A Postfix which is using a relayhost is not going to connect to
random Internet sites, and it is definitely not going to attempt to
AUTH at any site not configured in $smtp_sasl_password_maps.
> mumble unix ... smtp
> -o smtp_sasl_security_options=$mumble_sasl_security_options
> mumble_sasl_security_options = ...
> example.com mumble:[mail.example.com]:587
> And similarly from sender_dependent_default_transport_maps, ...
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
- << Previous post in topic Next post in topic >>