[opensuse] Is it possible, SMTP Auth stand alone ?
Hi, I have 2 mail server, 1 as primary server that has POP (using qmail), the other 1 smtp (using postfix). They both in my network. I make like this because load in primary server is so high because of blocking spam and viruses. The've been work for almost 2 years, but now there's a problem, since some of our sales person needs to sent mail through our mail server, i need to make SMTP-Auth because right now the cant do it (rcpthost not allowed or Relay access denied). So question is, can I make a standalone SMTP Server with smtp-auth without using pop / imap ? I've googling, and i only see howto make smtp-server and pop/imap in the same server. regards, -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Arie Reynaldi Z wrote:
So question is, can I make a standalone SMTP Server with smtp-auth without using pop / imap ? I've googling, and i only see howto make smtp-server and pop/imap in the same server.
There is AFAIK nothing that ties the use of SMTP-AUTH to POP3 nor IMAP. SMTP-AUTH is merely an extension of the SMTP protocol to include authentication, that's all. /Per -- Per Jessen, Zürich (8.8°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 4/3/2009 at 5:54, Arie Reynaldi Z
wrote: Hi, I have 2 mail server, 1 as primary server that has POP (using qmail), the other 1 smtp (using postfix). They both in my network. I make like this because load in primary server is so high because of blocking spam and viruses. The've been work for almost 2 years, but now there's a problem, since some of our sales person needs to sent mail through our mail server, i need to make SMTP-Auth because right now the cant do it (rcpthost not allowed or Relay access denied). So question is, can I make a standalone SMTP Server with smtp-auth without using pop / imap ? I've googling, and i only see howto make smtp-server and pop/imap in the same server.
Hi, This is for sure possible. The biggest question for you will be how will you manage the username / passwords. In your setup, probably the best way to go (but not sure how easy it will be for you, as I don't know all of your qmail and postfix setups) would be to use LDAP auth on all the servers. The one postfix can be used for 'roaming' users to send / relay their mails, using smtp auth (will probably be the same as the existing smtp server you have... I would not expect much more load by this) And the POP/IMAP would use the same LDAP directory... thus allowing you single point of administration. I have mny postfix setup to do LDAP auth, so if you need some snippets from main.cf, let me know.. I should be able to identify the most interesting parts for you. Dominique -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2009-04-03 at 10:54 +0700, Arie Reynaldi Z wrote:
I have 2 mail server, 1 as primary server that has POP (using qmail), the other 1 smtp (using postfix). They both in my network. I make like this because load in primary server is so high because of blocking spam and viruses. The've been work for almost 2 years, but now there's a problem, since some of our sales person needs to sent mail through our mail server, i need to make SMTP-Auth because right now the cant do it (rcpthost not allowed or Relay access denied). So question is, can I make a standalone SMTP Server with smtp-auth without using pop / imap ? I've googling, and i only see howto make smtp-server and pop/imap in the same server.
smtp auth is not related to pop, unless you mean to use "pop before smtp"; if thats what you want, I don't know how it can be done. Instead, postfix uses login/pass: /usr/share/doc/packages/postfix/README_FILES/SASL_README (not the building part) (The entire postfix documentation is in your HD, no need to google) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAknV5OIACgkQtTMYHG2NR9U4UACdEumlSnD69Gac1KtVT6zzaeuJ fdAAn2lsHgktQZ4SjCrobo2KBbbzYyP7 =8ZHd -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
On Friday, 2009-04-03 at 10:54 +0700, Arie Reynaldi Z wrote:
I have 2 mail server, 1 as primary server that has POP (using qmail), the other 1 smtp (using postfix). They both in my network. I make like this because load in primary server is so high because of blocking spam and viruses. The've been work for almost 2 years, but now there's a problem, since some of our sales person needs to sent mail through our mail server, i need to make SMTP-Auth because right now the cant do it (rcpthost not allowed or Relay access denied). So question is, can I make a standalone SMTP Server with smtp-auth without using pop / imap ? I've googling, and i only see howto make smtp-server and pop/imap in the same server.
smtp auth is not related to pop, unless you mean to use "pop before smtp"; if thats what you want, I don't know how it can be done. Instead, postfix uses login/pass:
/usr/share/doc/packages/postfix/README_FILES/SASL_README
I understood the question was more concerned with feeding inbound mail from his smtp server to his pop/imap server which were on different machines. Authenticated smpt can be a bit tricky to set up, although yast has made it easier in the last few releases. Still you end up needing certs and self signed certs cause problems for some MUAs. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
Authenticated smpt can be a bit tricky to set up, although yast has made it easier in the last few releases. Still you end up needing certs and self signed certs cause problems for some MUAs.
Er.. why do you need certs to do smtp-auth between one mail server and another? I've never had to do an SSL cert, unless the receiving server requires it.. then its a matter of creating a self-signed cert, tell postfix about it, configure smtp-auth for outbound mail to the receiving end, and done. -Matt -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Matt Hayes wrote:
Er.. why do you need certs to do smtp-auth between one mail server and another?
This covers the case of sending mail from a MUA to a MTA. You need to authenticate your user population as being authorized to send mail via your MTA. If you don't do this you'll be running an open relay and you'll end up in a RBL. So, your MUA (Thunderbird, Outlook, etc) needs to send user's username and password to the MTA. Since you don't want to send that kind of data in-the-clear you need to use TLS. This is the process that requires the server cert. If you self-sign your cert your user's MUA's will ask the user if they want to accept this connection. Thunderbird allows the choice of "accept permanently", but Outlook doesn't. Thus, a TB user gets bothered once, Outlook users are bothered each time they fire up their MUA. But then, if you're using Outlook you deserve to be bothered... This of course, has nothing to do with "receiving" mail at the MUA, but you have similar issues with SSL enabled pop and imap. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Lew Wolfgang wrote:
Matt Hayes wrote:
Er.. why do you need certs to do smtp-auth between one mail server and another?
This covers the case of sending mail from a MUA to a MTA. You need to authenticate your user population as being authorized to send mail via your MTA. If you don't do this you'll be running an open relay and you'll end up in a RBL.
So, your MUA (Thunderbird, Outlook, etc) needs to send user's username and password to the MTA. Since you don't want to send that kind of data in-the-clear you need to use TLS. This is the process that requires the server cert. If you self-sign your cert your user's MUA's will ask the user if they want to accept this connection. Thunderbird allows the choice of "accept permanently", but Outlook doesn't. Thus, a TB user gets bothered once, Outlook users are bothered each time they fire up their MUA. But then, if you're using Outlook you deserve to be bothered...
This of course, has nothing to do with "receiving" mail at the MUA, but you have similar issues with SSL enabled pop and imap.
Regards, Lew
er.. yeah I know how it operates.. I run postfix.. I do smtp-auth using TLS. It isn't required though, however, recommended to encrypt it. -Matt -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Matt Hayes wrote:
Er.. why do you need certs to do smtp-auth between one mail server and another? <--snip--> This of course, has nothing to do with "receiving" mail at the MUA, but you have similar issues with SSL enabled pop and imap.
Regards, Lew
er.. yeah I know how it operates.. I run postfix.. I do smtp-auth using TLS. It isn't required though, however, recommended to encrypt it.
Matt, so you do smtp-auth in your smtp server without pop/imap ? I'm looking postfix TLS support, hope this what I need. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Arie Reynaldi Z wrote:
Matt Hayes wrote:
Er.. why do you need certs to do smtp-auth between one mail server and another? <--snip--> This of course, has nothing to do with "receiving" mail at the MUA, but you have similar issues with SSL enabled pop and imap.
Regards, Lew er.. yeah I know how it operates.. I run postfix.. I do smtp-auth using TLS. It isn't required though, however, recommended to encrypt it.
Matt, so you do smtp-auth in your smtp server without pop/imap ? I'm looking postfix TLS support, hope this what I need.
Here are some fun factoids: SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf -Matt -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Matt, so you do smtp-auth in your smtp server without pop/imap ? I'm looking postfix TLS support, hope this what I need.
Here are some fun factoids:
SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details
Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf
I'll look into it.. I got some hints : http://www.howtoforge.com/postfix-smtp-authentication-on-the-secure-port-onl... . Hope it's easy enough to understand for my slow brain.. :) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2009-04-04 at 08:58 +0700, Arie Reynaldi Z wrote:
Matt, so you do smtp-auth in your smtp server without pop/imap ? I'm looking postfix TLS support, hope this what I need.
Just what do you understand by smtp-auth? What we understand by that is _not_ related at all to pop/imap. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAknXSmQACgkQtTMYHG2NR9VLigCfbZOwkQE4gtKruTmYzi5jBOxC 7bMAn2C+18uhT1qS3/DOHcvLqjqm3yBn =ftDA -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
Carlos E. R. wrote:
On Friday, 2009-04-03 at 10:54 +0700, Arie Reynaldi Z wrote:
I have 2 mail server, 1 as primary server that has POP (using qmail), the other 1 smtp (using postfix). They both in my network. I make like this because load in primary server is so high because of blocking spam and viruses. The've been work for almost 2 years, but now there's a problem, since some of our sales person needs to sent mail through our mail server, i need to make SMTP-Auth because right now the cant do it (rcpthost not allowed or Relay access denied). So question is, can I make a standalone SMTP Server with smtp-auth without using pop / imap ? I've googling, and i only see howto make smtp-server and pop/imap in the same server. smtp auth is not related to pop, unless you mean to use "pop before smtp"; if thats what you want, I don't know how it can be done. Instead, postfix uses login/pass:
/usr/share/doc/packages/postfix/README_FILES/SASL_README
I understood the question was more concerned with feeding inbound mail from his smtp server to his pop/imap server which were on different machines.
Authenticated smpt can be a bit tricky to set up, although yast has made it easier in the last few releases. Still you end up needing certs and self signed certs cause problems for some MUAs.
No, you don't need ssl certificates to authenticate to Postfix. If you are using cleartext passwords it is recommended to encrypt the connection. It is possible to use use client certificates to authenticate, though it is a bit unusual and AFAIK only possible in more current versions of Postfix. To answer the original question: the official documentation at www.postfix.org is very explicit on how to configure smtp authentication so a user can authenticate to the server in order to use the server as a relay. http://www.postfix.org/SASL_README.html Though it would be nice to know if the system in question is actually using Postfix. (^-^) -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2009-04-03 at 21:50 +0200, Sandy Drobic wrote: ...
Though it would be nice to know if the system in question is actually using Postfix. (^-^)
He said so, yes: ] I have 2 mail server, 1 as primary server that has POP (using qmail), ] the other 1 smtp (using postfix). They both in my network. I make like - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAknWcl4ACgkQtTMYHG2NR9WBeQCfcgb2GAeLTqsGIjq/uBRd1OUa aI8Anitc27lxY7guKJWcuTuhElm+hpVX =u3cc -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
On Friday, 2009-04-03 at 21:50 +0200, Sandy Drobic wrote:
...
Though it would be nice to know if the system in question is actually using Postfix. (^-^)
He said so, yes:
] I have 2 mail server, 1 as primary server that has POP (using qmail), ] the other 1 smtp (using postfix). They both in my network. I make like
Which one does he want to configure? I have a bit of trouble to really understand what he wants exactly. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2009-04-03 at 23:22 +0200, Sandy Drobic wrote:
Though it would be nice to know if the system in question is actually using Postfix. (^-^)
He said so, yes:
] I have 2 mail server, 1 as primary server that has POP (using qmail), ] the other 1 smtp (using postfix). They both in my network. I make like
Which one does he want to configure? I have a bit of trouble to really understand what he wants exactly.
:-) My Xtall ball says the smtp aka postfix server. What exactly he wants is a bit foggy, as I didn't pay for the X ray extension. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAknWijYACgkQtTMYHG2NR9UmtQCcDEKp3dTnC5l+22Av2/DoOOTw rl8AnjLOzC5gBvViGIEESiFc4DLcmV/n =k+lK -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
smtp auth is not related to pop, unless you mean to use "pop before smtp"; if thats what you want, I don't know how it can be done. Instead, postfix uses login/pass:
/usr/share/doc/packages/postfix/README_FILES/SASL_README
I understood the question was more concerned with feeding inbound mail from his smtp server to his pop/imap server which were on different machines.
Authenticated smpt can be a bit tricky to set up, although yast has made it easier in the last few releases. Still you end up needing certs and self signed certs cause problems for some MUAs.
I see that Yast has 'Outgoing Mail' and 'Authentication' option in it. Is this what I want to make SMTP-AUTH ? All need just to make this server (postfix) can be use for our employee outside my network. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 04/04/2009 09:56 AM, Arie Reynaldi Z wrote:
I see that Yast has 'Outgoing Mail' and 'Authentication' option in it. Is this what I want to make SMTP-AUTH ? All need just to make this server (postfix) can be use for our employee outside my network.
You will need to also start saslauthd, and I would agree you should setup more than just authentication, you should also setup ssl encrypted connections to encrypt the login credentials used to authenticate, so also use TLS. A working setup can be gotten from using Yast. More advanced tweaking can be added by adding POSTFIX_ADD_ variables to /etc/sysconfig/postfix and you keep the convenience of Yast, with extra perks. -- Joe Morris Registered Linux user 231871 running openSUSE 11.1 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Arie Reynaldi Z wrote:
smtp auth is not related to pop, unless you mean to use "pop before smtp"; if thats what you want, I don't know how it can be done. Instead, postfix uses login/pass:
/usr/share/doc/packages/postfix/README_FILES/SASL_README I understood the question was more concerned with feeding inbound mail from his smtp server to his pop/imap server which were on different machines.
Authenticated smpt can be a bit tricky to set up, although yast has made it easier in the last few releases. Still you end up needing certs and self signed certs cause problems for some MUAs.
I see that Yast has 'Outgoing Mail' and 'Authentication' option in it. Is this what I want to make SMTP-AUTH ? All need just to make this server (postfix) can be use for our employee outside my network.
This will make Postfix authenticate to ANOTHER server, in other words, it is cthe client side, when Postfix is sending mail for example to a relayserver. In your case you want the server side of Postfix to offer authentication. The easiest way is to set up local users on your Postfix server, but don't give them a login shell. Then configure Postfix for sasl authentication. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2009-04-04 at 08:56 +0700, Arie Reynaldi Z wrote:
I see that Yast has 'Outgoing Mail' and 'Authentication' option in it. Is this what I want to make SMTP-AUTH ?
No. That's client side. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAknXSowACgkQtTMYHG2NR9WqTwCfTk6AfwVNhQoiBXc7DpDHAoaL 9A0An2iTJTTkiot0WqYzfG7qEjmiUwPq =pOGc -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 04/04/2009 07:54 PM, Carlos E. R. wrote:
On Saturday, 2009-04-04 at 08:56 +0700, Arie Reynaldi Z wrote:
I see that Yast has 'Outgoing Mail' and 'Authentication' option in it. Is this what I want to make SMTP-AUTH ?
No. That's client side.
It is possible to configure the server side via etc/sysconfig Editor. Just set POSTFIX_SMTP_AUTH_SERVER="yes" and enable saslauthd, though if the users were not system users I would suspect more would need to be done. -- Joe Morris Registered Linux user 231871 running openSUSE 11.1 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (9)
-
Arie Reynaldi Z
-
Carlos E. R.
-
Dominique Leuenberger
-
Joe Morris
-
John Andersen
-
Lew Wolfgang
-
Matt Hayes
-
Per Jessen
-
Sandy Drobic