Another bug I found when using SMTP SASL authentication.
I tried to authenticat with something like
emailuser@mydomain.com and it's password but SASL queries the mysql users table like this:
Quote:
81 Query SELECT password FROM mail_user WHERE email = 'emailuser'
81 Query SELECT password FROM mail_user WHERE email = 'emailuser'
|
And I don't imagine why not because it's setup like this:
Quote:
# cat smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: localhost
sql_user: ispconfig
sql_passwd: ***
sql_database: dbispconfig
sql_select: select password from mail_user where email = '%u'
|
Emphasis on what I have bolded. Shouldn't it check for the full
emailuser@mydomain.com ?
I've even changed it to %u@%d and it still queries without the domain. This is madness