dboettger's Blog

Archive for the ‘mail’ Category

If you want to test your SMTP authentication in postfix or any other MTA via commandline / telnet. You can create a BASE64 encoded passwordstring like that:

perl -MMIME::Base64 -e ‘print encode_base64(“00USERNAME00password“)’

Copy the base64.

Open a telnet console to your MTA like that:

telnet localhost 25

After you are connected send a ehlo message to the MTA.

ehlo server

The MTA should answer with something like that:


250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

These lines are important:


250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN

Then you can enter:


AUTH PLAIN BASE64String

The MTA should reply with:

235 2.7.0 Authentication successful

Advertisements

Today i had some trouble with the SMTP – authentication and postfix.
I just wanted that one group is able to authenticate against my postfix.
After reading the pam documentation for a while, i found the very nice solution to create a textfile with all allowed users.

I am using postfix sasl with pam authentication.
My /etc/pam.d/smtp now looks like that:

auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/smtp.group.allow
auth required /lib/security/pam_unix_auth.so
account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_unix_passwd.so
session required /lib/security/pam_unix_session.so

Then i created the file /etc/smtp.group.allow.
This file looks like that:


# Add all the groups which are allowed
# to authenticate against postfix sasl
smtpusers

After changing these lines only users in the group smtpusers are allowed to authenticate.
Of course this can also be used for any other service using pam authentication. Just add the line
auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/
as first line in the pam.d/SERVICE – file.


Tweets

Advertisements