Univention Bugzilla – Bug 57207
Postfix/SASL-authentication doesnt honor account lockout caused by ppolicy
Last modified: 2024-04-24 18:17:53 CEST
UCS 5.0-7 errata1011, mailserver=12.0 reproduction: configure ppolicy-based account locking according documentation and lock an account using wrong password. Sending authenticated e-mails is still possible even the account is locked. root@server:~/univention# udm users/user list --filter uid=auth.test | grep locked locked: 1 lockedTime: 20240403094914Z root@server:~/univention# testsaslauthd -u auth.test -p $(cat test.auth.secret) -s smtp 0: OK "Success." root@server:~/univention# testsaslauthd -u auth.test -p wrongpassword -s smtp 0: NO "authentication failed" Note: I verified the ability to send e-mails also using swaks.
See bug 54507 for an initial analysis