Am Montag, 5. April 2004 14:50 schrieb Markus Feilner:
First of all thanks to all the helpful people out there! I have postfix, cyrus and saslauthd running on a suse 9.0 box. postfix and cyrus use tls and sslauthd to authenticate users against pam. In my /etc/pam.d/smtp and imap files i have working definitions for active directory/samba3/winbind, so that both local linux users and windows users can access the mailserver.
But: With this combination, only few possibilities are left for encryption: - imap is sort of ok (I hope), since this is manged over ssl, however I would prefer cramd or digest encryption additionally. But I was told: this does not work not with saslauthd and pam. Why?
1. The Protocol which saslauthd speaks, does not allow to use cram-md5 or digest-md5. Cyrus-SASL (The Library) must have access to the passwords. With the protocol of saslauthd the Lib can only ask if a Password for a given User is Ok or Not. There is no possibility to fetch a password through saslauthd. 2. The *-MD5-Mechanisms need the unencrypted plaintext-password. Normally pam uses encrypted ones.
- If I activate tls in postfix, local delivery to cyrus fails with the message: MUST ISSUE A STARTTLS COMMAND.
Please give the Source of this message.
So my questions are: 1) How can I make my setup more secure?
With saslauthd use SSL/TLS. Without saslauthd, store your passwords unencrypted and use Mechanisms like digest-md5 or cram-md5. So the Password doesn't walk over the line.
2) How can I setup postfix with cyrus and tls and working local delivery?
?? Postfix --tls--> Cyrus-IMAP ?? -- Andreas