Am Freitag, 12. März 2004 16:49 schrieb Andreas Winkelmann:
Am Freitag, 12. März 2004 16:25 schrieb Markus Feilner:
Now smtp, imap and pop work - with: smtp: tls+plain pop: ssl+plain imap:tls+"einfacher text" -Whatever that means...
Can i make that more secure?
Use a real pam-module.
OK. any hints for a working pam- configuration? The suse default /etc/pam.d/smtp does not work here...
What is "default"? pam_unix2? Ok, my (Backup from the Default) file /etc/pam.d/smtp is:
auth required /lib/security/pam_unix_auth.so account required /lib/security/pam_unix_acct.so password required /lib/security/pam_unix_passwd.so session required /lib/security/pam_unix_session.so and same are pop and imap The errors I get, when I try to send/retrieve mail via the box POP: Mar 12 17:13:00 linuxbox pop3d[11665]: starttls: SSLv3 with cipher RC4-MD5 (128/128 bits new) no authentication Mar 12 17:13:00 linuxbox pop3d[11665]: could not find password (...) IMAP: Mar 12 17:13:22 linuxbox saslauthd[11588]: do_auth : auth failure: [user=mfeilner] [service=imap] [realm=] [mech=pam] [reason=PAM auth error] Mar 12 17:13:22 linuxbox imapd[11564]: badlogin: fqdn[w.x.y.z] plaintext mfeilner SASL(-13): authentication failure: checkpass failed (...) SMTP: Mar 12 17:17:38 linuxbox postfix/smtpd[11685]: < unknown[192.168.0.117]: AUTH PLAIN bWZlaWxuZXIAbWZlaWxuZXIAYWdhZGlyMDM= Mar 12 17:17:38 linuxbox postfix/smtpd[11685]: smtpd_sasl_authenticate: sasl_method PLAIN, init_response bWZlaWxuZXIAbWZlaWxuZXIAYWdhZGlyMDM= Mar 12 17:17:38 linuxbox postfix/smtpd[11685]: smtpd_sasl_authenticate: decoded initial response mfeilner Mar 12 17:17:40 linuxbox postfix/smtpd[11685]: warning: SASL authentication failure: Password verification failed Mar 12 17:17:40 linuxbox postfix/smtpd[11685]: warning: unknown[192.168.0.117]: SASL PLAIN authentication failed Mar 12 17:17:40 linuxbox postfix/smtpd[11685]: > unknown[192.168.0.117]: 535 Error: authentication failed
# postconf smtpd_sasl_local_domain
should be empty.
It is.
And force tls/ssl.
You mean for pop, right? smtp and imap use it. How can I force That?
Postfix: Look for "smtpd_tls_auth_only = yes" or "smtpd_enforce_tls = yes".
It is. ;-)
Hmm, which POP/IMAP-Daemon do you use? I know only Cyrus-IMAP.
Yes. And i have the two lines in cyrus.conf: # pop3 cmd="pop3d" listen="pop3" prefork=0 pop3s cmd="pop3d -s" listen="pop3s" prefork=0 Those are the only ones I found concerning pop from the cyrus-imap package, (of course I have the tls lines in imapd.conf)
-- Andreas
-- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net