[SOLVED] TLS / SASL authentication, dovecot and postfix

TonyAR · 10-14-2010, 06:34 AM

I am running the following on CentOS 5.5 (Final)

dovecot 1.0.7

saslauthd 2.1.22

When I send an email via TLS I see the following log entries.

Code:

Oct 14 11:53:06 ns2 postfix/smtpd[11372]: connect from unknown[172.16.1.159]
Oct 14 11:53:06 ns2 postfix/smtpd[11372]: setting up TLS connection from unknown[172.16.1.159]
Oct 14 11:53:06 ns2 postfix/smtpd[11372]: TLS connection established from unknown[172.16.1.159]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Oct 14 11:53:06 ns2 postfix/smtpd[11372]: DD178DAC3F: client=unknown[172.16.1.159], sasl_method=PLAIN, sasl_username=tony

What I'm really curious about is there is an intial TLS connection with a 256 bit cipher, but then..

The last entry states "sasl_method=PLAIN" - so surely this is not encrypted?

Or am I misunderstanding how it works?

Any comment / help / explanations appreciated.

Thanks.

Berhanie · 10-14-2010, 08:03 AM

PLAIN means that the password is transmitted in plaintext, i.e. it's not hashed in some way. This is not a problem, since you're using an encryption layer. Something to note is that saslauthd is not needed for dovecot.

TonyAR · 10-14-2010, 11:40 AM

Quote:

Originally Posted by Berhanie

PLAIN means that the password is transmitted in plaintext, i.e. it's not hashed in some way. This is not a problem, since you're using an encryption layer. Something to note is that saslauthd is not needed for dovecot.

I tried to follow a guide to setup Dovecot without saslauthd and failed.

At least I managed to get saslauth working!

And as it seems ok I'm happy.

Thanks for your input.