postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: AUTH on port 587

Re: AUTH on port 587

From: Jeroen Geilman <jeroen_at_nospam>
Date: Sun Oct 31 2010 - 12:27:20 GMT
To: postfix-users@postfix.org

On 10/31/2010 01:20 PM, Janos Dohanics wrote:
> In master.cf I have enabled port 587:
>
> submission inet n - n - - smtpd
> -o smtpd_tls_security_level=encrypt
> -o smtpd_sasl_auth_enable=yes
> -o
> smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,reject
>
> However, when I telnet, AUTH does not seem to be offered:
>
> # telnet mail.example.com 587
> Trying xxx.xxx.xxx.xxx...
> Connected to mail.example.com.
> Escape character is '^]'.
> 220 mail.example.com ESMTP Postfix
> ehlo me
> 250-mail.example.com
> 250-PIPELINING
> 250-SIZE 49152000
> 250-ETRN
> 250-STARTTLS
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> ^]
>
> Still, when I submit mail with Thunderbird, it asks for
> username/password, and if correct, the message is accepted.
>

You are enforcing TLS.
Nothing will be communicated until TLS is established, including
authentication information.

 From the TLS_README:

When TLS layer encryption is required ("smtpd_tls_security_level
<http://www.postfix.org/postconf.5.html#smtpd_tls_security_level> =
encrypt" or the obsolete "smtpd_enforce_tls
<http://www.postfix.org/postconf.5.html#smtpd_enforce_tls> = yes"),
/*the Postfix SMTP server will announce and accept AUTH only after the
TLS layer has been activated*/ with STARTTLS.

-- J.