From: Noel Jones (no email)
Date: Mon Feb 15 2010 - 17:49:50 EST
On 2/15/2010 4:30 PM, Rob Tanner wrote:
> I have TLS turned on on my server but since that server also accepts
> incoming mail from the internet, I canít require itís use and so it is
> certainly possible that some of our users using AUTH-SMTP are still
> connecting unencrypted. Currently the only authentication mechanism we
> are using is PLAIN and so I want to use CRAM or DIGEST MD5. All the
> helps I can find on the web give instructions on building from source
> but Iím running a RedHat Enterprise server and all the libraries are
> already installed. The problem is that I canít find any instructions on
> how to configure to use mechanisms beyond PLAIN and if I specify
> noplaintext in main.cf, Postfix just hangs.
> Is anybody using any of the secure authentication mechanisms and would
> you be willing to share your configuration with me?
The easy solution is set in main.cf
smtpd_tls_auth_only = yes
so that TLS is required before AUTH is offered.
-- Noel Jones