Re: missing 250-AUTH LOGIN PLAIN after ehlo

From: Victor Duchovni (no email)
Date: Thu Mar 11 2010 - 10:37:51 EST

  • Next message: Victor Duchovni: "Re: Warning message"

    On Thu, Mar 11, 2010 at 04:23:53PM +0100, Jiri Vitek wrote:

    > 220 mx1.funlife.cz ESMTP
    > EHLO cita
    > 250-mx1.funlife.cz
    > 250-PIPELINING
    > 250-SIZE 15360000
    > 250-VRFY
    > 250-ETRN
    > 250-STARTTLS
    > 250-ENHANCEDSTATUSCODES
    > 250-8BITMIME
    > 250 DSN

    Try the test from the server itself, to rule out firewalls messing with
    server EHLO responses.

    > cita at relax ~ $ telnet mx1.funlife.cz smtp
    > Trying 82.208.35.125...
    > Connected to mx1.funlife.cz.
    > Escape character is '^]'.
    > 220 mx1.funlife.cz ESMTP
    > HELO cita
    > 250 mx1.funlife.cz
    > AUTH LOGIN dGVzdEAzc2l4dHkuZXU=
    > 334 UGFzc3dvcmQ6
    > dGVzdA==
    > 235 2.7.0 Authentication successful

    The account "" with password "test" should deleted ASAP.
    Do not post encoded SASL handshakes to public mailing lists.

    Passwords this trivial get exploited by spambots, never provision
    accounts named "test" with a password of "test".

    > postconf:

    Don't post "postconf output", use "postconf -n" only.

    > broken_sasl_auth_clients = yes
    > smtpd_sasl_auth_enable = yes
    > smtpd_sasl_path = private/auth
    > smtpd_sasl_type = dovecot
    > smtpd_tls_auth_only = no

    Dovecot SASL is enabled in the SMTP server for both TLS and plaintext
    sessions, so it is not Postfix that is hiding "AUTH" in the EHLO
    response.

    -- 
    	Viktor.
    P.S. Morgan Stanley is looking for a New York City based, Senior Unix
    system/email administrator to architect and sustain our perimeter email
    environment.  If you are interested, please drop me a note.
    

  • Next message: Victor Duchovni: "Re: Warning message"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD