First Last Prev Next    This bug is not in your last search results.
Bug 57207 - Postfix/SASL-authentication doesnt honor account lockout caused by ppolicy
Postfix/SASL-authentication doesnt honor account lockout caused by ppolicy
Status: NEW
Product: UCS
Classification: Unclassified
Component: Mail
UCS 5.0
Other All
: P5 normal (vote)
: ---
Assigned To: Mail maintainers
Mail maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2024-04-03 12:37 CEST by Dirk Ahrnke
Modified: 2024-04-24 18:17 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.137
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Ahrnke univentionstaff 2024-04-03 12:37:05 CEST 
UCS 5.0-7 errata1011,  mailserver=12.0 

reproduction: configure ppolicy-based account locking according documentation and lock an account using wrong password. 
Sending authenticated e-mails is still possible even the account is locked. 

root@server:~/univention# udm users/user list --filter uid=auth.test | grep locked
  locked: 1
  lockedTime: 20240403094914Z
root@server:~/univention# testsaslauthd -u auth.test -p $(cat test.auth.secret) -s smtp
0: OK "Success."
root@server:~/univention# testsaslauthd -u auth.test -p wrongpassword -s smtp
0: NO "authentication failed"

Note: I verified the ability to send e-mails also using swaks.
Comment 2 Erik Damrose univentionstaff 2024-04-17 10:51:41 CEST 
See bug 54507 for an initial analysis
First Last Prev Next    This bug is not in your last search results.