[mdlug] Setting up SSL/TLS/SASL on Postfix

Dan Pritts danno at dogcheese.net
Thu Jan 31 12:18:41 EST 2013 

Hi Rob -

I suggest you set up SASL+mandatory SSL on port 587, the "submission" port.

Then set up port 25 as you would normally.

With this you run separate instances of smtpd on each port.  See master.cf to see how this is set up.  

Hint for folks running this on redhat, make sure you install the various cyrus-sasl-plain and cyrus-sasl-md5 packages.  

danno


On Jan 31, 2013, at 8:36 AM, Robert Adkins II <radkins at impelind.com> wrote:

> In all my reading on setting this up, I never came across anything saying
> anything like, "Hey, you should look at, maybe modify the configuration file
> and definitely make certain that your system is running 'saslauthd' to use
> this authentication with Postfix."
> 
> So, that is what the problem was. I did figure that out with using the
> strace command.
> 
> Thanks a bunch for that information.
> 
> Now I'm at a point where the test server is able to accept secure
> connections from the client, using unencrypted passwords. I don't entirely
> feel that is the safest configuration, but it is an SSL connection, so it
> should be fine. Please advise if it would be best to add another layer to
> the process.
> 
> I am now concerned with the email server still being capable of receiving
> email from outside maile server sources without denying access due to
> lacking an SSL connection and or an account on the server. Is there
> something that I need to review or confirm in order to allay this concern?
> 
> Thanks again,
> Rob Adkins
> 
> 
>> -----Original Message-----
>> From: mdlug-bounces at mdlug.org 
>> [mailto:mdlug-bounces at mdlug.org] On Behalf Of Adam Tauno Williams
>> Sent: Tuesday, January 22, 2013 5:39 PM
>> To: 'MDLUG's Main discussion list'
>> Subject: Re: [mdlug] Setting up SSL/TLS/SASL on Postfix
>> 
>> On Tue, 2013-01-22 at 16:07 -0500, Robert Adkins II wrote:
>>> When I run testsaslauthd I end up with the following response:
>>> Connect() : No such file or directory
>>> 0:
>> 
>> Really?!?!  In all my years I've never seen that message.
>> 
>> I presume you have started the saslauthd service?
>> 
>> You should use the tool to see what testsaslauthd can't find; 
>> in this case "strace".
>> 
>> <http://www.whitemiceconsulting.com/2012/10/d-is-for-debugging.html>
>> 
>>> Which strongly indicates that something else is missing. 
>> So, off I go 
>>> to see what that might be.
>> 
>> 
>> _______________________________________________
>> mdlug mailing list
>> mdlug at mdlug.org
>> http://mdlug.org/mailman/listinfo/mdlug
>> 
> 
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug

More information about the mdlug mailing list