[opensuse] Is it possible, SMTP Auth stand alone ?

Arie Reynaldi Z

3 Apr 2009 3 Apr '09

05:54

Hi, I have 2 mail server, 1 as primary server that has POP (using qmail), the other 1 smtp (using postfix). They both in my network. I make like this because load in primary server is so high because of blocking spam and viruses. The've been work for almost 2 years, but now there's a problem, since some of our sales person needs to sent mail through our mail server, i need to make SMTP-Auth because right now the cant do it (rcpthost not allowed or Relay access denied). So question is, can I make a standalone SMTP Server with smtp-auth without using pop / imap ? I've googling, and i only see howto make smtp-server and pop/imap in the same server. regards, -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Show replies by date

Per Jessen

3 Apr 3 Apr

08:35

Arie Reynaldi Z wrote:

...

So question is, can I make a standalone SMTP Server with smtp-auth without using pop / imap ? I've googling, and i only see howto make smtp-server and pop/imap in the same server.

There is AFAIK nothing that ties the use of SMTP-AUTH to POP3 nor IMAP. SMTP-AUTH is merely an extension of the SMTP protocol to include authentication, that's all. /Per -- Per Jessen, Zürich (8.8°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Dominique Leuenberger

10:37

...

...
...
On 4/3/2009 at 5:54, Arie Reynaldi Z wrote: Hi,

I have 2 mail server, 1 as primary server that has POP (using qmail), the other 1 smtp (using postfix). They both in my network. I make like this because load in primary server is so high because of blocking spam and viruses. The've been work for almost 2 years, but now there's a problem, since some of our sales person needs to sent mail through our mail server, i need to make SMTP-Auth because right now the cant do it (rcpthost not allowed or Relay access denied). So question is, can I make a standalone SMTP Server with smtp-auth without using pop / imap ? I've googling, and i only see howto make smtp-server and pop/imap in the same server.

Hi, This is for sure possible. The biggest question for you will be how will you manage the username / passwords. In your setup, probably the best way to go (but not sure how easy it will be for you, as I don't know all of your qmail and postfix setups) would be to use LDAP auth on all the servers. The one postfix can be used for 'roaming' users to send / relay their mails, using smtp auth (will probably be the same as the existing smtp server you have... I would not expect much more load by this) And the POP/IMAP would use the same LDAP directory... thus allowing you single point of administration. I have mny postfix setup to do LDAP auth, so if you need some snippets from main.cf, let me know.. I should be able to identify the most interesting parts for you. Dominique -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Carlos E. R.

12:28

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2009-04-03 at 10:54 +0700, Arie Reynaldi Z wrote:

...

I have 2 mail server, 1 as primary server that has POP (using qmail), the other 1 smtp (using postfix). They both in my network. I make like this because load in primary server is so high because of blocking spam and viruses. The've been work for almost 2 years, but now there's a problem, since some of our sales person needs to sent mail through our mail server, i need to make SMTP-Auth because right now the cant do it (rcpthost not allowed or Relay access denied). So question is, can I make a standalone SMTP Server with smtp-auth without using pop / imap ? I've googling, and i only see howto make smtp-server and pop/imap in the same server.

smtp auth is not related to pop, unless you mean to use "pop before smtp"; if thats what you want, I don't know how it can be done. Instead, postfix uses login/pass: /usr/share/doc/packages/postfix/README_FILES/SASL_README (not the building part) (The entire postfix documentation is in your HD, no need to google) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAknV5OIACgkQtTMYHG2NR9U4UACdEumlSnD69Gac1KtVT6zzaeuJ fdAAn2lsHgktQZ4SjCrobo2KBbbzYyP7 =8ZHd -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

John Andersen

20:33

Carlos E. R. wrote:

...

On Friday, 2009-04-03 at 10:54 +0700, Arie Reynaldi Z wrote:

...
I have 2 mail server, 1 as primary server that has POP (using qmail), the other 1 smtp (using postfix). They both in my network. I make like this because load in primary server is so high because of blocking spam and viruses. The've been work for almost 2 years, but now there's a problem, since some of our sales person needs to sent mail through our mail server, i need to make SMTP-Auth because right now the cant do it (rcpthost not allowed or Relay access denied). So question is, can I make a standalone SMTP Server with smtp-auth without using pop / imap ? I've googling, and i only see howto make smtp-server and pop/imap in the same server.

smtp auth is not related to pop, unless you mean to use "pop before smtp"; if thats what you want, I don't know how it can be done. Instead, postfix uses login/pass:

/usr/share/doc/packages/postfix/README_FILES/SASL_README

I understood the question was more concerned with feeding inbound mail from his smtp server to his pop/imap server which were on different machines. Authenticated smpt can be a bit tricky to set up, although yast has made it easier in the last few releases. Still you end up needing certs and self signed certs cause problems for some MUAs. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Matt Hayes

20:42

John Andersen wrote:

...

Authenticated smpt can be a bit tricky to set up, although yast has made it easier in the last few releases. Still you end up needing certs and self signed certs cause problems for some MUAs.

Er.. why do you need certs to do smtp-auth between one mail server and another? I've never had to do an SSL cert, unless the receiving server requires it.. then its a matter of creating a self-signed cert, tell postfix about it, configure smtp-auth for outbound mail to the receiving end, and done. -Matt -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Lew Wolfgang

21:00

Matt Hayes wrote:

...

Er.. why do you need certs to do smtp-auth between one mail server and another?

This covers the case of sending mail from a MUA to a MTA. You need to authenticate your user population as being authorized to send mail via your MTA. If you don't do this you'll be running an open relay and you'll end up in a RBL. So, your MUA (Thunderbird, Outlook, etc) needs to send user's username and password to the MTA. Since you don't want to send that kind of data in-the-clear you need to use TLS. This is the process that requires the server cert. If you self-sign your cert your user's MUA's will ask the user if they want to accept this connection. Thunderbird allows the choice of "accept permanently", but Outlook doesn't. Thus, a TB user gets bothered once, Outlook users are bothered each time they fire up their MUA. But then, if you're using Outlook you deserve to be bothered... This of course, has nothing to do with "receiving" mail at the MUA, but you have similar issues with SSL enabled pop and imap. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Matt Hayes

21:58

Lew Wolfgang wrote:

...

Matt Hayes wrote:

...
Er.. why do you need certs to do smtp-auth between one mail server and another?

This covers the case of sending mail from a MUA to a MTA. You need to authenticate your user population as being authorized to send mail via your MTA. If you don't do this you'll be running an open relay and you'll end up in a RBL.

So, your MUA (Thunderbird, Outlook, etc) needs to send user's username and password to the MTA. Since you don't want to send that kind of data in-the-clear you need to use TLS. This is the process that requires the server cert. If you self-sign your cert your user's MUA's will ask the user if they want to accept this connection. Thunderbird allows the choice of "accept permanently", but Outlook doesn't. Thus, a TB user gets bothered once, Outlook users are bothered each time they fire up their MUA. But then, if you're using Outlook you deserve to be bothered...

This of course, has nothing to do with "receiving" mail at the MUA, but you have similar issues with SSL enabled pop and imap.

Regards, Lew

er.. yeah I know how it operates.. I run postfix.. I do smtp-auth using TLS. It isn't required though, however, recommended to encrypt it. -Matt -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Arie Reynaldi Z

4 Apr 4 Apr

03:58

...

...
Matt Hayes wrote:

...
Er.. why do you need certs to do smtp-auth between one mail server and another? <--snip--> This of course, has nothing to do with "receiving" mail at the MUA, but you have similar issues with SSL enabled pop and imap.

Regards, Lew

er.. yeah I know how it operates.. I run postfix.. I do smtp-auth using TLS. It isn't required though, however, recommended to encrypt it.

Matt, so you do smtp-auth in your smtp server without pop/imap ? I'm looking postfix TLS support, hope this what I need. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Matt Hayes

04:03

Arie Reynaldi Z wrote:

...

...
...
Matt Hayes wrote:

...
Er.. why do you need certs to do smtp-auth between one mail server and another? <--snip--> This of course, has nothing to do with "receiving" mail at the MUA, but you have similar issues with SSL enabled pop and imap.

Regards, Lew er.. yeah I know how it operates.. I run postfix.. I do smtp-auth using TLS. It isn't required though, however, recommended to encrypt it.

Matt, so you do smtp-auth in your smtp server without pop/imap ? I'm looking postfix TLS support, hope this what I need.

Here are some fun factoids: SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf -Matt -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Arie Reynaldi Z

04:38

...

...
Matt, so you do smtp-auth in your smtp server without pop/imap ? I'm looking postfix TLS support, hope this what I need.

Here are some fun factoids:

SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details

Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf

I'll look into it.. I got some hints : http://www.howtoforge.com/postfix-smtp-authentication-on-the-secure-port-onl... . Hope it's easy enough to understand for my slow brain.. :) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Carlos E. R.

13:54

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2009-04-04 at 08:58 +0700, Arie Reynaldi Z wrote:

...

Matt, so you do smtp-auth in your smtp server without pop/imap ? I'm looking postfix TLS support, hope this what I need.

Just what do you understand by smtp-auth? What we understand by that is _not_ related at all to pop/imap. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAknXSmQACgkQtTMYHG2NR9VLigCfbZOwkQE4gtKruTmYzi5jBOxC 7bMAn2C+18uhT1qS3/DOHcvLqjqm3yBn =ftDA -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Sandy Drobic

3 Apr 3 Apr

21:50

John Andersen wrote:

...

Carlos E. R. wrote:

...
On Friday, 2009-04-03 at 10:54 +0700, Arie Reynaldi Z wrote:

...
I have 2 mail server, 1 as primary server that has POP (using qmail), the other 1 smtp (using postfix). They both in my network. I make like this because load in primary server is so high because of blocking spam and viruses. The've been work for almost 2 years, but now there's a problem, since some of our sales person needs to sent mail through our mail server, i need to make SMTP-Auth because right now the cant do it (rcpthost not allowed or Relay access denied). So question is, can I make a standalone SMTP Server with smtp-auth without using pop / imap ? I've googling, and i only see howto make smtp-server and pop/imap in the same server. smtp auth is not related to pop, unless you mean to use "pop before smtp"; if thats what you want, I don't know how it can be done. Instead, postfix uses login/pass:

/usr/share/doc/packages/postfix/README_FILES/SASL_README

I understood the question was more concerned with feeding inbound mail from his smtp server to his pop/imap server which were on different machines.

Authenticated smpt can be a bit tricky to set up, although yast has made it easier in the last few releases. Still you end up needing certs and self signed certs cause problems for some MUAs.

No, you don't need ssl certificates to authenticate to Postfix. If you are using cleartext passwords it is recommended to encrypt the connection. It is possible to use use client certificates to authenticate, though it is a bit unusual and AFAIK only possible in more current versions of Postfix. To answer the original question: the official documentation at www.postfix.org is very explicit on how to configure smtp authentication so a user can authenticate to the server in order to use the server as a relay. http://www.postfix.org/SASL_README.html Though it would be nice to know if the system in question is actually using Postfix. (^-^) -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Carlos E. R.

22:32

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2009-04-03 at 21:50 +0200, Sandy Drobic wrote: ...

...

Though it would be nice to know if the system in question is actually using Postfix. (^-^)

He said so, yes: ] I have 2 mail server, 1 as primary server that has POP (using qmail), ] the other 1 smtp (using postfix). They both in my network. I make like - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAknWcl4ACgkQtTMYHG2NR9WBeQCfcgb2GAeLTqsGIjq/uBRd1OUa aI8Anitc27lxY7guKJWcuTuhElm+hpVX =u3cc -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Sandy Drobic

23:22

Carlos E. R. wrote:

...

On Friday, 2009-04-03 at 21:50 +0200, Sandy Drobic wrote:

...

...
Though it would be nice to know if the system in question is actually using Postfix. (^-^)

He said so, yes:

] I have 2 mail server, 1 as primary server that has POP (using qmail), ] the other 1 smtp (using postfix). They both in my network. I make like

Which one does he want to configure? I have a bit of trouble to really understand what he wants exactly. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Carlos E. R.

4 Apr 4 Apr