View Single Post
  #14  
Old 18th January 2010, 03:41
aurasdoom aurasdoom is offline
Junior Member
 
Join Date: Jan 2010
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Another bug I found when using SMTP SASL authentication.
I tried to authenticat with something like emailuser@mydomain.com and it's password but SASL queries the mysql users table like this:
Quote:
81 Query SELECT password FROM mail_user WHERE email = 'emailuser'
81 Query SELECT password FROM mail_user WHERE email = 'emailuser'
And I don't imagine why not because it's setup like this:
Quote:
# cat smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: localhost
sql_user: ispconfig
sql_passwd: ***
sql_database: dbispconfig
sql_select: select password from mail_user where email = '%u'
Emphasis on what I have bolded. Shouldn't it check for the full emailuser@mydomain.com ?

I've even changed it to %u@%d and it still queries without the domain. This is madness

Last edited by aurasdoom; 18th January 2010 at 03:48.
Reply With Quote