[horde] SMTP auth with TLS?

Vince LaMonica vjl at vjl.org
Tue Oct 3 12:24:19 PDT 2006 

Hi all,

I am having problems getting IMP to send mail, and as this is configured 
in Horde, I thought I'd ask for some hints here.

I'm running postfix with the following smtpd/tls config:

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks 
permit_sasl_authenticated reject_unauth_destination

smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/certs/server.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_CAfile = /etc/postfix/certs/ca2.pem
smtpd_tls_CApath = /etc/postfix/certs
smtpd_tls_auth_only = yes

tls_random_source = dev:/dev/urandom

smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s

Postfix answers an EHLO with the following:

250-mail.example.com
250-PIPELINING
250-SIZE 21000000
250-VRFY
250-ETRN
250-STARTTLS
250 8BITMIME

However, IMP does not appear to like that, as the postfix logs show it 
disconnecting directly after submitting the EHLO. SMTH-AUTH is configured 
correctly in Postfix, using a signed certificate so that userids/passwds 
are transmitted encrypted. However, no matter how I configure Horde's 
"mailer" settings [plain, login, cram, digest, best], I still get this 
error. From the horde log:

Oct 03 15:13:55 HORDE [error] [imp] LOGIN authentication failure [SMTP: 
SMTP server does no support authentication (code: 250, response: 
mail.example.com
PIPELINING
SIZE 21000000
VRFY
ETRN
STARTTLS
8BITMIME)] [on line 1042 of 
"/var/www/html/www.example.com/commonmail/imp/compose.php"]

[btw, *small* error - typo in the error text - "no" should be "not"].

The error message is also a bit deseptive - postfix has been configured to 
*only* accept smtp auth [with TLS], yet the error makes it sound like it 
is not properly configured.

BTW, /usr/local/lib/sasl2/smtpd.conf is:

#global params
log_level: 3
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
saslauthd_path: /var/state/saslauthd/mux

Does Horde/IMP support smth auth over TLS?

TIA,

/vjl/

-- 
Vince J. LaMonica       Knowledge is knowing a street is one way.
vjl at cullasaja.com  <*>  Wisdom is still looking in both directions.

       When there's nothing else to read: http://w3log.vjl.org/

More information about the horde mailing list