[mdlug] Setting up SSL/TLS/SASL on Postfix
Robert Adkins II
radkins at impelind.com
Fri Feb 1 16:26:21 EST 2013
Would you run both of these instances using the same main.cf file? I have
seen an article suggesting using two different setups ex: /etc/postfix-in
and /etc/postfix-out with duplications of all the files inside the core
/etc/postfix directory, but with modifications specific to each instance.
If possible and equally as secure, I'd prefer to run it all using the same
configuration file to cut down on having to go back and forth between
multiple locations if I have to change something down the road.
Any hints/locations of where I can find more information to read on that?
--
Regards,
Rob
> -----Original Message-----
> From: mdlug-bounces at mdlug.org
> [mailto:mdlug-bounces at mdlug.org] On Behalf Of Dan Pritts
> Sent: Thursday, January 31, 2013 12:19 PM
> To: MDLUG's Main discussion list
> Subject: Re: [mdlug] Setting up SSL/TLS/SASL on Postfix
>
> Hi Rob -
>
> I suggest you set up SASL+mandatory SSL on port 587, the
> "submission" port.
>
> Then set up port 25 as you would normally.
>
> With this you run separate instances of smtpd on each port.
> See master.cf to see how this is set up.
>
> Hint for folks running this on redhat, make sure you install
> the various cyrus-sasl-plain and cyrus-sasl-md5 packages.
>
> danno
>
>
> On Jan 31, 2013, at 8:36 AM, Robert Adkins II
> <radkins at impelind.com> wrote:
>
> > In all my reading on setting this up, I never came across anything
> > saying anything like, "Hey, you should look at, maybe modify the
> > configuration file and definitely make certain that your system is
> > running 'saslauthd' to use this authentication with Postfix."
> >
> > So, that is what the problem was. I did figure that out
> with using the
> > strace command.
> >
> > Thanks a bunch for that information.
> >
> > Now I'm at a point where the test server is able to accept secure
> > connections from the client, using unencrypted passwords. I don't
> > entirely feel that is the safest configuration, but it is an SSL
> > connection, so it should be fine. Please advise if it would
> be best to
> > add another layer to the process.
> >
> > I am now concerned with the email server still being capable of
> > receiving email from outside maile server sources without denying
> > access due to lacking an SSL connection and or an account on the
> > server. Is there something that I need to review or confirm
> in order to allay this concern?
> >
> > Thanks again,
> > Rob Adkins
> >
> >
> >> -----Original Message-----
> >> From: mdlug-bounces at mdlug.org
> >> [mailto:mdlug-bounces at mdlug.org] On Behalf Of Adam Tauno Williams
> >> Sent: Tuesday, January 22, 2013 5:39 PM
> >> To: 'MDLUG's Main discussion list'
> >> Subject: Re: [mdlug] Setting up SSL/TLS/SASL on Postfix
> >>
> >> On Tue, 2013-01-22 at 16:07 -0500, Robert Adkins II wrote:
> >>> When I run testsaslauthd I end up with the following response:
> >>> Connect() : No such file or directory
> >>> 0:
> >>
> >> Really?!?! In all my years I've never seen that message.
> >>
> >> I presume you have started the saslauthd service?
> >>
> >> You should use the tool to see what testsaslauthd can't
> find; in this
> >> case "strace".
> >>
> >>
> <http://www.whitemiceconsulting.com/2012/10/d-is-for-debugging.html>
> >>
> >>> Which strongly indicates that something else is missing.
> >> So, off I go
> >>> to see what that might be.
> >>
> >>
> >> _______________________________________________
> >> mdlug mailing list
> >> mdlug at mdlug.org
> >> http://mdlug.org/mailman/listinfo/mdlug
> >>
> >
> > _______________________________________________
> > mdlug mailing list
> > mdlug at mdlug.org
> > http://mdlug.org/mailman/listinfo/mdlug
>
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug
>
More information about the mdlug
mailing list