Authenticated SMTP using CYRUS SASL and MD5 crypted password on MySQL

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Authenticated SMTP using CYRUS SASL and MD5 crypted password on MySQL

Scappatura Rocco
Hello,

I'm configuring SMTP authenticated service in Postifix. I have installed
CYRUS SASL libraries 2.1.22 and rebuilded Postfix with CYRUS SASL
support:

# find /usr -name 'libsasl*.*'
/usr/local/lib/sasl2/libsasldb.so.2.0.22
/usr/local/lib/sasl2/libsasldb.so.2
/usr/local/lib/sasl2/libsasldb.so
/usr/local/lib/sasl2/libsasldb.la
/usr/local/lib/libsasl2.so.2.0.22
/usr/local/lib/libsasl2.so.2
/usr/local/lib/libsasl2.so
/usr/local/lib/libsasl2.la

Note that I'm using Postfix+MySQL and that password are stored in
mailbox table in MD5 format.

I've configured SMTP for CYRUS SASL:

# smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login

sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: postfix
sql_passwd: ****
sql_database: postfix
sql_format: crypt
sql_select: select password from mailbox where name='%u' or
username='%u'
sql_verbose: yes

But I still cant authenticate for authenticated SMTP:

 # telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 av7.sttspa.it
ehlo sttspa.it
250-av7.sttspa.it
250-PIPELINING
250-SIZE 35840000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN AGRlYnVnAGRlYnVn
535 5.7.8 Error: authentication failed: authentication failure

I'm sure that I'm wrong in something, but I can't understand what:

Jun 10 11:00:26 av7 postfix/smtpd[26270]: warning: SASL authentication
failure: Password veri fication failed
Jun 10 11:00:26 av7 postfix/smtpd[26270]: warning: localhost[127.0.0.1]:
SASL PLAIN authentic ation failed: authentication failure

Any hint is apprecciated.

Tnx,

rocsca
Reply | Threaded
Open this post in threaded view
|

Re: Authenticated SMTP using CYRUS SASL and MD5 crypted password on MySQL

Patrick Ben Koetter
* Rocco Scappatura <[hidden email]>:

> Hello,
>
> I'm configuring SMTP authenticated service in Postifix. I have installed
> CYRUS SASL libraries 2.1.22 and rebuilded Postfix with CYRUS SASL
> support:
>
> # find /usr -name 'libsasl*.*'
> /usr/local/lib/sasl2/libsasldb.so.2.0.22
> /usr/local/lib/sasl2/libsasldb.so.2
> /usr/local/lib/sasl2/libsasldb.so
> /usr/local/lib/sasl2/libsasldb.la
> /usr/local/lib/libsasl2.so.2.0.22
> /usr/local/lib/libsasl2.so.2
> /usr/local/lib/libsasl2.so
> /usr/local/lib/libsasl2.la
>
> Note that I'm using Postfix+MySQL and that password are stored in
> mailbox table in MD5 format.
>
> I've configured SMTP for CYRUS SASL:
>
> # smtpd.conf
> pwcheck_method: auxprop
> auxprop_plugin: sql

The sql plugin requires passwords to be stored in plaintext. This is
mandatory, because this plugin can offer shared-secret mechanisms and they
require plaintext passwords.

If you want to use password stored in MD5 format, use pwcheck_method:
saslauthd and tell saslauthd to utilize the PAM framework. Then configure the
pam_mysql driver to do password verification.

p@rick

--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply | Threaded
Open this post in threaded view
|

RE: Authenticated SMTP using CYRUS SASL and MD5 crypted passwordon MySQL

Scappatura Rocco
> > # smtpd.conf
> > pwcheck_method: auxprop
> > auxprop_plugin: sql
>
> The sql plugin requires passwords to be stored in plaintext.
> This is mandatory, because this plugin can offer
> shared-secret mechanisms and they require plaintext passwords.
>
> If you want to use password stored in MD5 format, use pwcheck_method:
> saslauthd and tell saslauthd to utilize the PAM framework.

OK. How I could tell saslauthd tu use PAM framework?

> Then configure the pam_mysql driver to do password verification.

How? Is it a PAM's matter?

rocsca

Reply | Threaded
Open this post in threaded view
|

Re: Authenticated SMTP using CYRUS SASL and MD5 crypted passwordon MySQL

Patrick Ben Koetter
* Rocco Scappatura <[hidden email]>:

> > > # smtpd.conf
> > > pwcheck_method: auxprop
> > > auxprop_plugin: sql
> >
> > The sql plugin requires passwords to be stored in plaintext.
> > This is mandatory, because this plugin can offer
> > shared-secret mechanisms and they require plaintext passwords.
> >
> > If you want to use password stored in MD5 format, use pwcheck_method:
> > saslauthd and tell saslauthd to utilize the PAM framework.
>
> OK. How I could tell saslauthd tu use PAM framework?
>
> > Then configure the pam_mysql driver to do password verification.
>
> How? Is it a PAM's matter?

yes it is.

p@rick

--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply | Threaded
Open this post in threaded view
|

Re: Authenticated SMTP using CYRUS SASL and MD5 crypted passwordon MySQL

Patrick Ben Koetter
In reply to this post by Scappatura Rocco
* Rocco Scappatura <[hidden email]>:

> > > # smtpd.conf
> > > pwcheck_method: auxprop
> > > auxprop_plugin: sql
> >
> > The sql plugin requires passwords to be stored in plaintext.
> > This is mandatory, because this plugin can offer
> > shared-secret mechanisms and they require plaintext passwords.
> >
> > If you want to use password stored in MD5 format, use pwcheck_method:
> > saslauthd and tell saslauthd to utilize the PAM framework.
>
> OK. How I could tell saslauthd tu use PAM framework?

Start it manually like this:

# saslauthd -a pam

or use your systems prebuilt saslauthd configuration files
(e.g. /etc/sysconfig/saslauthd or /etc/default/saslauthd) and adjust them as
needed.

p@rick



> > Then configure the pam_mysql driver to do password verification.
>
> How? Is it a PAM's matter?
>
> rocsca
>

--
state of mind
Agentur für Kommunikation, Design und Softwareentwicklung

Patrick Koetter            Tel: 089 45227227
Echinger Strasse 3         Fax: 089 45227226
85386 Eching               Web: http://www.state-of-mind.de

Amtsgericht München        Partnerschaftsregister PR 563
Reply | Threaded
Open this post in threaded view
|

RE: Authenticated SMTP using CYRUS SASL and MD5 crypted passwordonMySQL

Scappatura Rocco
> > > > # smtpd.conf
> > > > pwcheck_method: auxprop
> > > > auxprop_plugin: sql
> > >
> > > The sql plugin requires passwords to be stored in plaintext.
> > > This is mandatory, because this plugin can offer shared-secret
> > > mechanisms and they require plaintext passwords.
> > >
> > > If you want to use password stored in MD5 format, use
> pwcheck_method:
> > > saslauthd and tell saslauthd to utilize the PAM framework.
> >
> > OK. How I could tell saslauthd tu use PAM framework?
>
> Start it manually like this:
>
> # saslauthd -a pam
>
> or use your systems prebuilt saslauthd configuration files
> (e.g. /etc/sysconfig/saslauthd or /etc/default/saslauthd) and
> adjust them as needed.

It is already adjusted. Infact:

## Path:           System/Security/SASL
## Type:           list(getpwent,kerberos5,pam,rimap,shadow,ldap)
## Default:        pam
## ServiceRestart: saslauthd
#
# Authentication mechanism to use by saslauthd.
# See man 8 saslauthd for available mechanisms.
#
SASLAUTHD_AUTHMECH=pam
#SASLAUTHD_AUTHMECH=rimap

:-)

Moreover, Ive changed:

# smtpd.conf
pwcheck_method: saslauthd
auxprop_plugin: sql
mech_list: plain login

sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: postfix
sql_passwd: postfix
sql_database: postfix
sql_format: crypt
sql_select: select password from mailbox where name='%u' or
username='%u'
sql_verbose: yes

Now I need to verify the I can autenticate an account against CYRUS. How
could I perform this?

rocsca
Reply | Threaded
Open this post in threaded view
|

Re: Authenticated SMTP using CYRUS SASL and MD5 crypted passwordonMySQL

Patrick Ben Koetter
* Rocco Scappatura <[hidden email]>:

> It is already adjusted. Infact:
>
> ## Path:           System/Security/SASL
> ## Type:           list(getpwent,kerberos5,pam,rimap,shadow,ldap)
> ## Default:        pam
> ## ServiceRestart: saslauthd
> #
> # Authentication mechanism to use by saslauthd.
> # See man 8 saslauthd for available mechanisms.
> #
> SASLAUTHD_AUTHMECH=pam
> #SASLAUTHD_AUTHMECH=rimap
>
> :-)
>
> Moreover, Ive changed:
>
> # smtpd.conf
> pwcheck_method: saslauthd

Reduce smtpd.conf to this:

pwcheck_method: saslauthd
mech_list: plain login


> Now I need to verify the I can autenticate an account against CYRUS. How
> could I perform this?

Use testsaslauthd and read its help text. You need to something like this:

$ testsaslauthd -u user -p password -s smtp


>
> rocsca

--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply | Threaded
Open this post in threaded view
|

RE: Authenticated SMTP using CYRUS SASL and MD5 cryptedpasswordonMySQL

Scappatura Rocco
> * Rocco Scappatura <[hidden email]>:
> > It is already adjusted. Infact:
> >
> > ## Path:           System/Security/SASL
> > ## Type:           list(getpwent,kerberos5,pam,rimap,shadow,ldap)
> > ## Default:        pam
> > ## ServiceRestart: saslauthd
> > #
> > # Authentication mechanism to use by saslauthd.
> > # See man 8 saslauthd for available mechanisms.
> > #
> > SASLAUTHD_AUTHMECH=pam
> > #SASLAUTHD_AUTHMECH=rimap
> >
> > :-)
> >
> > Moreover, Ive changed:
> >
> > # smtpd.conf
> > pwcheck_method: saslauthd
>
> Reduce smtpd.conf to this:
>
> pwcheck_method: saslauthd
> mech_list: plain login
>
>
> > Now I need to verify the I can autenticate an account
> against CYRUS.
> > How could I perform this?
>
> Use testsaslauthd and read its help text. You need to
> something like this:
>
> $ testsaslauthd -u user -p password -s smtp
>

Maybe I need to compile CYRUS SASL with saslauthd support... :-)

# ./configure --enable-anon --enable-plain --enable-login --enable-sql
--disable-krb4 --disa
ble-otp --disable-cram --disable-digest
--with-mysql=/usr/local/mysql/lib/mysql --without-pam
--without-saslauthd --without-pwcheck --with-dblib=berkeley
--with-bdb-libdir --with-bdb-incdi
r --with-openssl --with-plugindir=/usr/local/lib/sasl2

rocsca
Reply | Threaded
Open this post in threaded view
|

RE: Authenticated SMTP using CYRUS SASL and MD5 cryptedpasswordonMySQL

Scappatura Rocco
 

> > Use testsaslauthd and read its help text. You need to
> something like
> > this:
> >
> > $ testsaslauthd -u user -p password -s smtp
> >
>
> Maybe I need to compile CYRUS SASL with saslauthd support... :-)
>
> # ./configure --enable-anon --enable-plain --enable-login --enable-sql
> --disable-krb4 --disa
> ble-otp --disable-cram --disable-digest
> --with-mysql=/usr/local/mysql/lib/mysql --without-pam
> --without-saslauthd --without-pwcheck --with-dblib=berkeley
> --with-bdb-libdir --with-bdb-incdi r --with-openssl
> --with-plugindir=/usr/local/lib/sasl2
>

BTW, what features are stricly necessary to enable?

rocsca
Reply | Threaded
Open this post in threaded view
|

Re: Authenticated SMTP using CYRUS SASL and MD5 crypted password on MySQL

Juan Miscaro-2
In reply to this post by Patrick Ben Koetter
2008/6/10 Patrick Ben Koetter <[hidden email]>:

> The sql plugin requires passwords to be stored in plaintext. This is
> mandatory, because this plugin can offer shared-secret mechanisms and they
> require plaintext passwords.
>
> If you want to use password stored in MD5 format, use pwcheck_method:
> saslauthd and tell saslauthd to utilize the PAM framework. Then configure the
> pam_mysql driver to do password verification.

I think it's possible without PAM if you're using Courier with its authdeamond.

/juan
Reply | Threaded
Open this post in threaded view
|

RE: Authenticated SMTP using CYRUS SASL and MD5 crypted password on MySQL

Scappatura Rocco
> 2008/6/10 Patrick Ben Koetter <[hidden email]>:
>
> > The sql plugin requires passwords to be stored in
> plaintext. This is
> > mandatory, because this plugin can offer shared-secret
> mechanisms and
> > they require plaintext passwords.
> >
> > If you want to use password stored in MD5 format, use
> pwcheck_method:
> > saslauthd and tell saslauthd to utilize the PAM framework. Then
> > configure the pam_mysql driver to do password verification.
>
> I think it's possible without PAM if you're using Courier
> with its authdeamond.
>

My platform is just an SMTP Gateway, I don't want to install any courier
product.. I neither know the performance effect that could have
authdaemond. I prefer to use PAM.

Could somebody give me some instruction on how to configure a such CYRUS
SASL authentication?

rocsca

Reply | Threaded
Open this post in threaded view
|

RE: Authenticated SMTP using CYRUS SASL and MD5 crypted passwordonMySQL

Scappatura Rocco
In reply to this post by Patrick Ben Koetter
> > > > # smtpd.conf
> > > > pwcheck_method: auxprop
> > > > auxprop_plugin: sql
> > >
> > > The sql plugin requires passwords to be stored in plaintext.
> > > This is mandatory, because this plugin can offer shared-secret
> > > mechanisms and they require plaintext passwords.
> > >
> > > If you want to use password stored in MD5 format, use
> pwcheck_method:
> > > saslauthd and tell saslauthd to utilize the PAM framework.
> >
> > OK. How I could tell saslauthd tu use PAM framework?
>
> Start it manually like this:
>
> # saslauthd -a pam
>
> or use your systems prebuilt saslauthd configuration files
> (e.g. /etc/sysconfig/saslauthd or /etc/default/saslauthd) and
> adjust them as needed.

Hello,

I ve enabled PAM as auth backend. I ve installed pam_mysql driver
(pam_mysql-0.7RC1). Now I have to setup CYRUS SASL to authenticate STMP
authenticated access.. Could somebody give me an hint?

rocsca
Reply | Threaded
Open this post in threaded view
|

RE: Authenticated SMTP using CYRUS SASL and MD5 crypted passwordonMySQL

Scappatura Rocco
> > > > > # smtpd.conf
> > > > > pwcheck_method: auxprop
> > > > > auxprop_plugin: sql
> > > >
> > > > The sql plugin requires passwords to be stored in plaintext.
> > > > This is mandatory, because this plugin can offer shared-secret
> > > > mechanisms and they require plaintext passwords.
> > > >
> > > > If you want to use password stored in MD5 format, use
> > pwcheck_method:
> > > > saslauthd and tell saslauthd to utilize the PAM framework.
> > >
> > > OK. How I could tell saslauthd tu use PAM framework?
> >
> > Start it manually like this:
> >
> > # saslauthd -a pam
> >
> > or use your systems prebuilt saslauthd configuration files (e.g.
> > /etc/sysconfig/saslauthd or /etc/default/saslauthd) and
> adjust them as
> > needed.
>
> Hello,
>
> I ve enabled PAM as auth backend. I ve installed pam_mysql
> driver (pam_mysql-0.7RC1). Now I have to setup CYRUS SASL to
> authenticate STMP authenticated access.. Could somebody give
> me an hint?
>

Here theoutput of saslfinger for server configuration. Even if I think
that the problem now is to let work PAM with pam_mysql driver for
authentication on DB.

saslfinger - postfix Cyrus sasl configuration Wed Jun 11 11:54:24 CEST
2008
version: 1.0.2
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.5.2
System:
Welcome to SUSE Linux Enterprise Server 10 (i586) - Kernel \r (\l).

-- smtpd is linked to --
        libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0xb7eb1000)

-- active SMTP AUTH and TLS parameters for smtpd --
smtpd_sasl_auth_enable = yes


-- listing of /usr/lib/sasl2 --
total 1744
drwxr-xr-x 2 root    root      4096 Jun 11 11:44 .
drwxr-xr-x 5 root    root      4096 Jun 10 18:40 ..
-rwxr-xr-x 1 root    root       692 Jun 10 18:40 libanonymous.la
-rwxr-xr-x 1 root    root     55912 Jun 10 18:40 libanonymous.so
-rwxr-xr-x 1 root    root     55912 Jun 10 18:40 libanonymous.so.2
-rwxr-xr-x 1 root    root     55912 Jun 10 18:40 libanonymous.so.2.0.22
-rwxr-xr-x 1 root    root       680 Jun 10 18:40 libcrammd5.la
-rwxr-xr-x 1 root    root     62014 Jun 10 18:40 libcrammd5.so
-rwxr-xr-x 1 root    root     62014 Jun 10 18:40 libcrammd5.so.2
-rwxr-xr-x 1 root    root     62014 Jun 10 18:40 libcrammd5.so.2.0.22
-rwxr-xr-x 1 root    root       710 Jun 10 18:40 libdigestmd5.la
-rwxr-xr-x 1 root    root    127119 Jun 10 18:40 libdigestmd5.so
-rwxr-xr-x 1 root    root    127119 Jun 10 18:40 libdigestmd5.so.2
-rwxr-xr-x 1 root    root    127119 Jun 10 18:40 libdigestmd5.so.2.0.22
-rwxr-xr-x 1 root    root       676 Jun 10 18:40 liblogin.la
-rwxr-xr-x 1 root    root     57112 Jun 10 18:40 liblogin.so
-rwxr-xr-x 1 root    root     57112 Jun 10 18:40 liblogin.so.2
-rwxr-xr-x 1 root    root     57112 Jun 10 18:40 liblogin.so.2.0.22
-rwxr-xr-x 1 root    root       676 Jun 10 18:40 libplain.la
-rwxr-xr-x 1 root    root     57598 Jun 10 18:40 libplain.so
-rwxr-xr-x 1 root    root     57598 Jun 10 18:40 libplain.so.2
-rwxr-xr-x 1 root    root     57598 Jun 10 18:40 libplain.so.2.0.22
-rwxr-xr-x 1 root    root       692 Jun 10 18:40 libsasldb.la
-rwxr-xr-x 1 root    root     98694 Jun 10 18:40 libsasldb.so
-rwxr-xr-x 1 root    root     98694 Jun 10 18:40 libsasldb.so.2
-rwxr-xr-x 1 root    root     98694 Jun 10 18:40 libsasldb.so.2.0.22
-rwxr-xr-x 1 root    root       699 Jun 10 18:40 libsql.la
-rwxr-xr-x 1 root    root     74841 Jun 10 18:40 libsql.so
-rwxr-xr-x 1 root    root     74841 Jun 10 18:40 libsql.so.2
-rwxr-xr-x 1 root    root     74841 Jun 10 18:40 libsql.so.2.0.22
-r-------- 1 postfix postfix    337 Jun 11 11:44 smtpd.conf

-- listing of /usr/local/lib/sasl2 --
total 1744
drwxr-xr-x 2 root    root      4096 Jun 11 11:44 .
drwxr-xr-x 5 root    root      4096 Jun 10 18:40 ..
-rwxr-xr-x 1 root    root       692 Jun 10 18:40 libanonymous.la
-rwxr-xr-x 1 root    root     55912 Jun 10 18:40 libanonymous.so
-rwxr-xr-x 1 root    root     55912 Jun 10 18:40 libanonymous.so.2
-rwxr-xr-x 1 root    root     55912 Jun 10 18:40 libanonymous.so.2.0.22
-rwxr-xr-x 1 root    root       680 Jun 10 18:40 libcrammd5.la
-rwxr-xr-x 1 root    root     62014 Jun 10 18:40 libcrammd5.so
-rwxr-xr-x 1 root    root     62014 Jun 10 18:40 libcrammd5.so.2
-rwxr-xr-x 1 root    root     62014 Jun 10 18:40 libcrammd5.so.2.0.22
-rwxr-xr-x 1 root    root       710 Jun 10 18:40 libdigestmd5.la
-rwxr-xr-x 1 root    root    127119 Jun 10 18:40 libdigestmd5.so
-rwxr-xr-x 1 root    root    127119 Jun 10 18:40 libdigestmd5.so.2
-rwxr-xr-x 1 root    root    127119 Jun 10 18:40 libdigestmd5.so.2.0.22
-rwxr-xr-x 1 root    root       676 Jun 10 18:40 liblogin.la
-rwxr-xr-x 1 root    root     57112 Jun 10 18:40 liblogin.so
-rwxr-xr-x 1 root    root     57112 Jun 10 18:40 liblogin.so.2
-rwxr-xr-x 1 root    root     57112 Jun 10 18:40 liblogin.so.2.0.22
-rwxr-xr-x 1 root    root       676 Jun 10 18:40 libplain.la
-rwxr-xr-x 1 root    root     57598 Jun 10 18:40 libplain.so
-rwxr-xr-x 1 root    root     57598 Jun 10 18:40 libplain.so.2
-rwxr-xr-x 1 root    root     57598 Jun 10 18:40 libplain.so.2.0.22
-rwxr-xr-x 1 root    root       692 Jun 10 18:40 libsasldb.la
-rwxr-xr-x 1 root    root     98694 Jun 10 18:40 libsasldb.so
-rwxr-xr-x 1 root    root     98694 Jun 10 18:40 libsasldb.so.2
-rwxr-xr-x 1 root    root     98694 Jun 10 18:40 libsasldb.so.2.0.22
-rwxr-xr-x 1 root    root       699 Jun 10 18:40 libsql.la
-rwxr-xr-x 1 root    root     74841 Jun 10 18:40 libsql.so
-rwxr-xr-x 1 root    root     74841 Jun 10 18:40 libsql.so.2
-rwxr-xr-x 1 root    root     74841 Jun 10 18:40 libsql.so.2.0.22
-r-------- 1 postfix postfix    337 Jun 11 11:44 smtpd.conf




-- content of /usr/lib/sasl2/smtpd.conf --
# smtpd.conf
pwcheck_method: saslauthd
#auxprop_plugin: sql
mech_list: plain login CRAM-MD5 DIGEST-MD5

#sql_engine: mysql
#sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
#sql_database: postfix
#sql_format: crypt
#sql_select: select password from mailbox where name='%u' or
username='%u'
#sql_verbose: yes
log_level: 3

-- content of /usr/local/lib/sasl2/smtpd.conf --
# smtpd.conf
pwcheck_method: saslauthd
#auxprop_plugin: sql
mech_list: plain login CRAM-MD5 DIGEST-MD5

#sql_engine: mysql
#sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
#sql_database: postfix
#sql_format: crypt
#sql_select: select password from mailbox where name='%u' or
username='%u'
#sql_verbose: yes
log_level: 3


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       n       -       -       smtpd
    -o cleanup_service_name=pre-cleanup
pickup    fifo  n       -       n       60      1       pickup
    -o cleanup_service_name=pre-cleanup
    -o content_filter=
cleanup   unix  n       -       n       -       0       cleanup
    -o mime_header_checks=
    -o nested_header_checks=
    -o body_checks=
    -o header_checks=
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension}
${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
smtp-amavis unix -      -       n     -       8  smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20
    -o smtp_connect_timeout=1
    -o smtp_helo_timeout=1

127.0.0.1:10025 inet n  -       n     -       -  smtpd
    -o content_filter=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o smtpd_milters=
    -o local_header_rewrite_clients=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o
receive_override_options=no_header_body_checks,no_unknown_recipient_chec
k
s

pre-cleanup  unix n     -       n       -       0       cleanup
    -o virtual_alias_maps=
    -o canonical_maps=
    -o sender_canonical_maps=
    -o recipient_canonical_maps=
    -o masquerade_domains=
retry     unix  -       -       n       -       -       error
proxywrite unix -       -       n       -       1       proxymap

-- mechanisms on localhost --
250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN


-- end of saslfinger output --