<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
Am 20.12.2021 um 19:47 schrieb Alexander Dalloz:<br>
<div class="moz-forward-container">
<blockquote type="cite"
cite="mid:61940617-1299-ebc7-eca4-0517452ba754@uni-x.org">Am
20.12.2021 um 06:46 schrieb <a class="moz-txt-link-abbreviated
moz-txt-link-freetext" href="mailto:fk+postfix@celebrate.de"
moz-do-not-send="true">fk+postfix@celebrate.de</a>: <br>
<blockquote type="cite"> <br>
Prüfe ich per telnet auf Port 25, bekomme ich <br>
<br>
250-PIPELINING <br>
250-SIZE 15000000 <br>
250-ETRN <br>
250-STARTTLS <br>
250-ENHANCEDSTATUSCODES <br>
250-8BITMIME <br>
250 DSN <br>
</blockquote>
<br>
Es wäre noch möglich, dass Dein Postfix AUTH auf Port 25
anbietet nach einem erfolgreichen STARTTLS. <br>
</blockquote>
<p>Du hast Recht, ich habe das mal getestet (nachfolgende Tabelle)
und mal gegoogelt, wie ich das deaktivieren kann.<br>
Demnach müsste ja in der master.cf für den service smtp die
Option -o smtpd_sasl_auth_enable=yes gesetzt sein, da Auth nach
STARTTLS möglioch ist. Ist sie aber nicht.<br>
Für den service smtp habe ich gar keine Optionen. Laut Doku ist
per default smtpd_sasl_auth_enable=no</p>
<p>Wie kann ich Auth after STARTTLS für Port 25 deaktivieren?<br>
</p>
<p>Viele Grüße, Frank<br>
</p>
<table class="detail">
<tbody>
<tr class="toprow">
<th class="time">seconds</th>
<th class="tofrom"><br>
</th>
<th class="text">test stage and result</th>
</tr>
<tr>
</tr>
<tr class="text">
<td class="time">[000.000]</td>
<td class="tofrom"><br>
</td>
<td class="text">Trying TLS on xxx.xx.de[111.111.111.111:25]
(-1)</td>
</tr>
<tr class="text">
<td class="time">[000.094]</td>
<td class="tofrom"><br>
</td>
<td class="text"><span class="success">Server answered</span></td>
</tr>
<tr class="tome">
<td class="time">[000.674]</td>
<td class="tofrom"><‑‑ </td>
<td class="text">220 xxx.xx.de ESMTP</td>
</tr>
<tr class="text">
<td class="time">[000.674]</td>
<td class="tofrom"><br>
</td>
<td class="text"><span class="success">We are allowed to
connect</span></td>
</tr>
<tr class="fromme">
<td class="time">[000.674]</td>
<td class="tofrom"> ‑‑></td>
<td class="text">EHLO www11-do.CheckTLS.com</td>
</tr>
<tr class="tome">
<td class="time">[000.767]</td>
<td class="tofrom"><‑‑ </td>
<td class="text">250-xxx.xx.de<br>
250-PIPELINING<br>
250-SIZE 15000000<br>
250-ETRN<br>
250-STARTTLS<br>
250-ENHANCEDSTATUSCODES<br>
250-8BITMIME<br>
250 DSN</td>
</tr>
<tr class="text">
<td class="time">[000.768]</td>
<td class="tofrom"><br>
</td>
<td class="text"><span class="success">We can use this
server</span></td>
</tr>
<tr class="text">
<td class="time">[000.768]</td>
<td class="tofrom"><br>
</td>
<td class="text"><span class="success">TLS is an option on
this server</span></td>
</tr>
<tr class="fromme">
<td class="time">[000.768]</td>
<td class="tofrom"> ‑‑></td>
<td class="text">STARTTLS</td>
</tr>
<tr class="tome">
<td class="time">[000.861]</td>
<td class="tofrom"><‑‑ </td>
<td class="text">220 2.0.0 Ready to start TLS</td>
</tr>
<tr class="text">
<td class="time">[000.861]</td>
<td class="tofrom"><br>
</td>
<td class="text"><span class="success">STARTTLS command
works on this server</span></td>
</tr>
<tr class="text">
<td class="time">[001.197]</td>
<td class="tofrom"><br>
</td>
<td class="text"><span class="success">Connection converted
to SSL</span></td>
</tr>
<tr class="text">
<td class="time"><br>
</td>
<td class="tofrom"><br>
</td>
<td class="text">SSLVersion in use: TLSv1_2</td>
</tr>
<tr class="text">
<td class="time"><br>
</td>
<td class="tofrom"><br>
</td>
<td class="text">Cipher in use:
ECDHE-ECDSA-AES256-GCM-SHA384</td>
</tr>
<tr class="text">
<td class="time"><br>
</td>
<td class="tofrom"><br>
</td>
<td class="text">Perfect Forward Secrecy: yes</td>
</tr>
<tr class="text">
<td class="time"><br>
</td>
<td class="tofrom"><br>
</td>
<td class="text"><span class="bold">Certificate #1 of 4
(sent by MX):</span></td>
</tr>
<tr class="text">
<td class="time"><br>
</td>
<td class="tofrom"><br>
</td>
<td class="text">Cert VALIDATED: ok</td>
</tr>
<tr class="text">
<td class="time"><br>
</td>
<td class="tofrom"><br>
</td>
<td class="text">Cert VALIDATED: ok</td>
</tr>
<tr class="text">
<td class="time"><br>
</td>
<td class="tofrom"><br>
</td>
<td class="text">Cert VALIDATED: ok</td>
</tr>
<tr class="text">
<td class="time"><br>
</td>
<td class="tofrom"><br>
</td>
<td class="text"><span class="bold">Certificate #4 of 4
(sent by MX):</span></td>
</tr>
<tr class="text">
<td class="time"><br>
</td>
<td class="tofrom"><br>
</td>
<td class="text">Cert VALIDATED: </td>
</tr>
<tr class="fromme">
<td class="time">[001.286]</td>
<td class="tofrom"> ~~></td>
<td class="text">EHLO www11-do.CheckTLS.com</td>
</tr>
<tr class="tome">
<td class="time">[001.380]</td>
<td class="tofrom"><~~ </td>
<td class="text">250-xxx.xx.de<br>
250-PIPELINING<br>
250-SIZE 15000000<br>
250-ETRN<br>
<font color="#ff0000">250-AUTH PLAIN<br>
250-AUTH=PLAIN</font><br>
250-ENHANCEDSTATUSCODES<br>
250-8BITMIME<br>
250 DSN</td>
</tr>
<tr class="text">
<td class="time">[001.380]</td>
<td class="tofrom"><br>
</td>
<td class="text"><span class="success">TLS successfully
started on this server</span></td>
</tr>
<tr class="fromme">
<td class="time">[001.380]</td>
<td class="tofrom"> ~~></td>
<td class="text">MAIL FROM:<a class="moz-txt-link-rfc2396E"
href="mailto:test@checktls.com" moz-do-not-send="true"><test@checktls.com></a></td>
</tr>
<tr class="tome">
<td class="time">[001.474]</td>
<td class="tofrom"><~~ </td>
<td class="text">250 2.1.0 Ok</td>
</tr>
<tr class="text">
<td class="time">[001.474]</td>
<td class="tofrom"><br>
</td>
<td class="text"><span class="success">Sender is OK</span></td>
</tr>
<tr class="fromme">
<td class="time">[001.475]</td>
<td class="tofrom"> ~~></td>
<td class="text">QUIT</td>
</tr>
<tr class="tome">
<td class="time">[001.568]</td>
<td class="tofrom"><~~ </td>
<td class="text">221 2.0.0 Bye</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>