Hello.
I've notice a problem with SMTP AUTH in postfix with dovecot. My
configuration is based on Postgresql. I've created a function in
postgresql which returns password and username and attached it to
password_query. Query looks like this
password_query = SELECT username_out as username, password_out as
password FROM get_password(lower('%n'),lower('%d'));
Problem is when get_password returns something like this...
vmail=# SELECT username_out as username, password_out FROM
get_password(lower(''),lower(''));
LOG: statement: SELECT username_out as username, password_out FROM
get_password(lower(''),lower(''));
LOG: duration: 2.342 ms statement: SELECT username_out as username,
password_out FROM get_password(lower(''),lower(''));
username | password_out
----------+--------------
|
(1 row)
It returns 1 empty row....
When this is attached to postfix with smtp auth with such configuration
# SMTP AUTH
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
my serwer starts to be open relay...
I now that it returns empty string for username and password... so where
is the password checked... if I dont send password as a parameter to my
function.
Definition of the function looks like this:
CREATE FUNCTION get_password("login" character varying,
"domain"
character varying, OUT username_out character varying, OUT password_out
character varying) RETURNS record
Can you help with that...
BT
----------------------------------------------------------------------
Zrob numer kumplom >> http://link.interia.pl/f1a5d
Kenneth Porter
2007-Apr-25 19:02 UTC
[Dovecot] (SPAM? 05.7) Dovecot, Postfix and SMTP AUTH....
You may not get a reply because your home domain is in the SURBL list, so your message will likely end up in everyone's spam folder. I've pasted the SpamAssassin report below.> Content analysis details: (5.7 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- -0.0 SPF_HELO_PASS > SPF: HELO matches SPF record > -0.0 SPF_PASS SPF: sender matches SPF record > -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > [score: 0.0000] > 4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL > blocklist [URIs: interia.pl] > 3.8 URIBL_AB_SURBL Contains an URL listed in the AB SURBL > blocklist [URIs: interia.pl]
On Tue, 2007-04-24 at 16:39 +0200, Bartosz Toczek wrote:> Problem is when get_password returns something like this.....> username | password_out > ----------+-------------- > |Isn't it possible to make PostgreSQL function not return a row? Anyway, there's nothing in Dovecot side you can do for now, but for v1.1 I changed the code so that NULL password doesn't automatically mean that any password is valid (it requires now also returning "nopassword" field). -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20070513/8983382d/attachment.bin>