[Web-cyradm] help with SASL auth from SMTP clients please
Bob Apthorpe
apthorpe+cyradm at cynistar.net
Fri Feb 23 16:54:23 CET 2007
Hi,
Mikko Toivola wrote:
> I've configured such a system myself, it's no biggie really, since you
> already have set up sasl & stuff. You don't have to set up any
> "duplicate" -systems, just configure your postfix to allow relaying if
> user is authenticated, that's basically it. My postfix is also set up to
> listen SMTP/SSL TCP-port (465), since my ISP is blocking port-25
> connections to anywhere else than their own mailserver (found that out
> after hours of debugging). TLS works on port 25, so it's possible to use
> that also, port 465 is strictly SSL. Blocking port-25 access seems to be
> quite common nowadays (due to viruses & spam), so I've told everyone
> just use port 465 and SSL (oh, and that's the only secure-smtp apple
> mail understands). I can post critical parts of postfix configs later
> on, now i'm in a bit of a horry. Net is also full of tutorials for this,
> just google for "postfix sasl authentication", it's not that uncommon
> setup.
FWIW, port 587 is the standard for mail submission. I have that set up
with SMTP AUTH and TLS.
In /etc/postfix/master.cf:
-----
submission inet n - n - - smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
and for SSL
-----
smtps inet n - n - 50 smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
In /etc/services (somewhere):
-----
submission 587/tcp # Submission [RFC2476]
submission 587/udp
ssmtp 465/tcp smtps # SMTP over SSL
hth,
-- Bob
More information about the Web-cyradm
mailing list