Re: Postfix TLS with STMP Auth
On Fri, Apr 08, 2005 at 12:15:52PM -0400, Theodore Knab wrote:
> Has anyone setup Postfix with a 'self signed' cert using STMP AUTH.
>
> This this type of solution allows people from off-site to send email
> though the mail gateway without allowing unauthorized SPAMMERS
> from relaying stuff.
>
> In conjunction with IMAPS (IMAP over SSL) (port 993), people can securely
> use email clients off site.
>
> Currenty, I am stuck on the AUTH with LDAP over TLS part.
>
> Anybody have any exmamples, or know of any howto's ?
>
> --
> ------------------------------------------
> Ted Knab
> Chester, Maryland 21619 USA
> ------------------------------------------
>
I have exactly this setup. I have posted the relevant parts of my
main.cf below. There are also links to some howtos on the postfix
homepage.
Hope that helps.
Burkhard
--
###############################################################################
# LDAP config
# #
###############################################################################
ldapvirtual_server_host = localhost
ldapvirtual_server_port = 389
ldapvirtual_bind = yes
ldapvirtual_timeout = 5
ldapvirtual_search_base = o=ispman
ldapvirtual_query_filter =
(|(&(objectClass=ispmanDomainUser)(|(mailLocalAddress=%s)(mailAlias=%s)))(&(objectClass=ispmanDomain
)(ispmanDomain=%s)(ispmanDomainService=mail)))
ldapvirtual_result_attribute =
mailRoutingAddress,mailForwardingAddress,ispmanDomainService
ldapvirtual_lookup_wildcards = no
###############################################################################
# SASL support for clients
# #
###############################################################################
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = no
###############################################################################
# TLS
# #
###############################################################################
smtpd_tls_cert_file = /etc/ssl/certs/smtpcert.pem
smtpd_tls_key_file = /etc/ssl/private/smtpkey.pem
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom
tls_daemon_random_source = dev:/dev/urandom
Reply to: