Re: postfix relay smtp authentication
On Wed, Dec 06, 2006 at 12:13:26AM +0100, Martin Fuzzey wrote:
> Hi,
>
> I have been succesfully running postfix on Sarge as a local mailserver
> relaying all outbound mail (from multiple internal accounts) to my ISP.
>
> However my ISP has just decided to require SMTP authentication.
>
> I have set up SASL following the postfix documentation and the
> authentication phase succeeds, *however* postfix does not include the
> authenticated sender address in the AUTH section of the MAIL FROM
> message and my ISP is still refusing the message :((
>
> Looking at the source in src/smtp/smtp_proto.c:
> /*
> * We authenticate the local MTA only, but not the sender.
> */
> #ifdef USE_SASL_AUTH
> if (var_smtp_sasl_enable
> && (state->features & SMTP_FEATURE_AUTH)
> && state->sasl_passwd)
> vstring_strcat(next_command, " AUTH=<>");
> #endif
>
>
> I have "fixed" this with the following patch to the postfix code:
>
> --- postfix-2.1.5/src/smtp/smtp_proto.c 2006-12-04 22:08:23.000000000 +0100
> +++ postfix-2.1.5/src/smtp/smtp_proto.c.new 2006-12-04
> 22:33:35.943911483 +0100
> @@ -755,8 +755,11 @@
> #ifdef USE_SASL_AUTH
> if (var_smtp_sasl_enable
> && (state->features & SMTP_FEATURE_AUTH)
> - && state->sasl_passwd)
> - vstring_strcat(next_command, " AUTH=<>");
> + && state->sasl_passwd) {
> + // Patch MF 4/12/2006 Authenticate sender (for
> Tele2...)
> + QUOTE_ADDRESS(state->scratch, request->sender);
> + vstring_sprintf_append(next_command, "
> AUTH=<%s>", vstring_str(state->scratch));
> + }
> #endif
> next_state = SMTP_STATE_RCPT;
> break;
>
>
> This works BUT only for a single user since the postfix version in sarge
> (2.1.5) doesn't implement the smtp_sender_dependent_authentication
> option and my ISP actually wants the correct password for each email
> address (not just a single one for all addresses associated with the
> account.
>
> I've tried similarly patching the etch version of postfix - I can build
> the package but it won't install due to an unsatisified dependency on
> lsb_base (> 3.0.6)
I would post your question on the postfix-users list:
List-Post: <mailto:postfix-users@postfix.org>
Especially if you are talking code patches.
--
Chris.
======
" ... the official version cannot be abandoned because the implication of
rejecting it is far too disturbing: that we are subject to a government
conspiracy of `X-Files' proportions and insidiousness."
Letter to the LA Times Magazine, September 18, 2005.
Reply to: