| View previous topic :: View next topic |
| Author |
Message |
grudge
Tux's lil' helper
Joined: 26 Oct 2002
Posts: 77
Location: South Africa
|
 Posted: Fri Feb 13, 2004 6:29 am Post subject: smtp authentication - Postfix |
 |
|
| We're currently using postfix as our office internal smtp server. All email on the internal network sent to this server can go out without any auth. And you can't connect to the server from outside (internet) due to the firewall. I'm planning on opening up the firewall port for smtp, but I'm trying to setup the postfix so that a user needs to authenticate against the email server before he/she can send email. I've looked through postfix's config files, but can't seem to find anything. Any ideas ? |
|
| Back to top |
|
 |
lutzh
n00b
Joined: 27 Sep 2003
Posts: 45
Location: Hamburg, Germany
|
| Posted: Fri Feb 13, 2004 8:52 am Post subject: |
|
|
I did that on Debian with postfix 1.x, so you might have to look for the config files in alternative locations on your Gentoo install.
Tell postfix to allow SMTP AUTH using SASL in /etc/postfix/main.cf =
| Code: |
# Enable SMTP AUTH with SASL
smtpd_sasl_auth_enable = yes
# Your security realm (if you use sasldb, see below) (usually hostname)
# smtpd_sasl_local_domain = whatever
# optional: no anonymous login
smtpd_sasl_security_options = noanonymous
# workaround for some old clients
broken_sasl_auth_clients = yes
# allow my network and logged in
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
|
So postfix will use SASL to authenticate the user. But how does SASL do it?
You have to tell it in /etc/postfix/sasl/smtpd.conf
Options are to use a separate password file (pwcheck_method:sasldb), so system passwords and mail passwords are different. It kind of depends on your idea of how the users change their mail passwords. We allow that through a web interface (a squirrelmail plugin), in which case it was easier when system and smtp password are the same. That's why we use pwcheck (pwcheck_method:pwcheck).
I know this is probably a bit brief. Maybe you want to look at
http://www.mandrakesecure.net/en/docs/postfix-sasl.php (obviously not gentoo specific, only just found that page, looks helpful though), and try it out, and if you have problems, just post them here again. |
|
| Back to top |
|
|
Woolong
n00b
Joined: 03 Feb 2004
Posts: 62
Location: Hong Kong
|
| Posted: Mon Feb 16, 2004 12:42 pm Post subject: Postfix relay from "untrustd" clients? |
|
|
Hi,
I use pwcheck_method:saslauthd, and then
vi /etc/conf.d/saslauthd
| Code: |
SASL_AUTHMECH=shadow
SASL_RIMAP_HOSTNAME=""
SASL_TIME_OF_DAY_LOGIN_RESTRICTIONS=yes
SASLAUTHD_OPTS="-a ${SASL_AUTHMECH}"
|
Is there any difference from pwcheck_method:pwcheck?
Also, postfix doesn't want to relay mail from "untrusted" clients. It will only relay from clients that are in "mynetworks". That's a problem because most of our non-local clients don't have static IPs.
Any help is appreciated! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
