Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

smtpd_tls_security_level encrypt or may ?

918 views
Skip to first unread message

Per Jessen

unread,
Nov 12, 2010, 3:05:48 AM11/12/10
to
I'm trying to setup an SMTP service on port 587, TLS required,
authentication in plaintext allowed.

What I can't understand is the following:

with smtpd_tls_security_level=encrypt, the SMTP server does not offer
any AUTH options. With smtpd_tls_security_level=may, I get what I
want:

250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5

I also have smtpd_sasl_security_options=noanonymous.

This is with postfix 2.6.2+cyrus.


/Per Jessen, Zürich

Jeroen Geilman

unread,
Nov 12, 2010, 4:07:13 AM11/12/10
to
On 11/12/2010 09:05 AM, Per Jessen wrote:
> I'm trying to setup an SMTP service on port 587, TLS required,
> authentication in plaintext allowed.
>
> What I can't understand is the following:
>
> with smtpd_tls_security_level=encrypt, the SMTP server does not offer
> any AUTH options.

Correct.
smtpd_tls_security_options=encrypt mandates encryption.

No further communication will take place before TLS is established.

> With smtpd_tls_security_level=may, I get what I
> want:
>
> 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
>

That only seems so to you.
You need encrypt if you want mandatory TLS.

--
J.

Per Jessen

unread,
Nov 12, 2010, 4:36:00 AM11/12/10
to
Jeroen Geilman wrote:

Right, and TLS is setup correctly - what I don't quite understand is why
my server isn't offering any AUTH options? I mean, it seems to me that
it should?


/Per Jessen, Zürich

Jeroen Geilman

unread,
Nov 12, 2010, 6:05:37 AM11/12/10
to 
Which part of this don't you understand ?


/Per Jessen, Zürich

  


-- 
J.

Per Jessen

unread,
Nov 12, 2010, 6:53:05 AM11/12/10
to
Jeroen Geilman wrote:

> On 11/12/2010 10:36 AM, Per Jessen wrote:
>> Jeroen Geilman wrote:
>>
>>
>>> On 11/12/2010 09:05 AM, Per Jessen wrote:
>>>
>>>> I'm trying to setup an SMTP service on port 587, TLS required,
>>>> authentication in plaintext allowed.
>>>>
>>>> What I can't understand is the following:
>>>>
>>>> with smtpd_tls_security_level=encrypt, the SMTP server does not
>>>> offer any AUTH options.
>>>>
>>> Correct.
>>> smtpd_tls_security_options=encrypt mandates encryption.
>>>
>>> No further communication will take place before TLS is established.
>>>
>>>
>>>> With smtpd_tls_security_level=may, I get what I
>>>> want:
>>>>
>>>> 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
>>>>
>>>>
>>> That only seems so to you.
>>> You need encrypt if you want mandatory TLS.
>>>
>> Right, and TLS is setup correctly - what I don't quite understand is
>> why
>> my server isn't offering any AUTH options? I mean, it seems to me
>> that it should?
>>
>>
>>
>

> *No further communication will take place before TLS is established.*


> Which part of this don't you understand ?
>

Thanks, there's no need to be rude. I see now that TLS was not
established, which is why no AUTH options were offered. TLS was not
established as the client was unable to access the root CA revocation
list.


/Per Jessen, Zürich

0 new messages