Re: Mail architecture (was Re: need help with ldapdb plugin)

From: Simon Matter (simon dot matter at ch dot sauter-bc dot com)
Date: Thu Jun 17 2004 - 01:52:23 EDT

  • Next message: michael: "Postfix + SASL2 + MySQL on Debian"

    > Simon Matter wrote:
    >>>Let's make a summary of my requirements then:
    >>>1) shell access, imap access and stmp auth for all users
    >>
    >>
    >> no problem with userPassword as SSHA in LDAP
    > Why specificaly SSHA ? I guess any kind of encrypting should be OK, no ?

    Sure, every crypt method works (only SSHA is the most common today).

    >
    >>>2) no single password transmittable in clear text
    >>
    >>
    >> no problem with ssh, imap/tls, smtp/starttls does it, transport
    >> encryption
    >> is the key here
    > And then just login autentication methods, OK. Is there a way to prevent
    > stmp auth over plain smtp however, and force smtps only ?

    I'm using it only with postfix where you have to let postfix advertise
    smtpauth only if the connection has proceeded starttls and is encrypted.
    No password is going over the wire in cleartext. You may check out the
    following options in postfix for this to work:

    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_client_restrictions = permit_sasl_authenticated
    smtpd_recipient_restrictions =
    permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
    smtpd_use_tls = yes
    smtpd_tls_auth_only = yes

    Simon


  • Next message: michael: "Postfix + SASL2 + MySQL on Debian"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD