Re: need how to for debian 6 with postfix

To: Muhammad Yousuf Khan <sirtcp@gmail.com>
Cc: debian-user@lists.debian.org
Subject: Re: need how to for debian 6 with postfix
From: mouss <mouss@ml.netoyen.net>
Date: Sun, 18 Nov 2012 19:33:46 +0100
Message-id: <[🔎] 50A92A0A.9050101@ml.netoyen.net>
Reply-to: mouss+nobulk@netoyen.net
In-reply-to: <[🔎] CAGWVfMnvY_DCi9fMDeTbuv1s2Z4NBUGnzGDJi_ddD4+HHnnAGg@mail.gmail.com>
References: <[🔎] CAGWVfMmdQdfR6vEtqxzkAxmTMwqeoX3CmRbS5oot272VYjG++w@mail.gmail.com> <[🔎] 50A84EEC.8020200@ml.netoyen.net> <[🔎] CAGWVfMnvY_DCi9fMDeTbuv1s2Z4NBUGnzGDJi_ddD4+HHnnAGg@mail.gmail.com>

Le 18/11/2012 08:51, Muhammad Yousuf Khan a écrit :
> sorry, i mistakenly send the last message to your personal account. so
> i am sending it again to this list
> 
> [snip]
> 
> what type of packages do i want.
> 
> i could not find package postfix-tls
> 
> so what i installed is posfix and dovecot-imap
> since i am using dovecot SASL i didnt install other packages except
> the 2 above and postfix-tls did not found.
> 

you already have SASL and TLS support in your postfix. see below.

>>
>> then reload postfix and try
>>
>> telnet localhost 25
>> EHLO testme
>> QUIT
>>
>> after the EHLO command, you should see two lines tarting with 220-AUTH
>>
> 
> yes i did that and my ehlo shows this
> 
> 250-mailsrv.mydomain.com
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-STARTTLS

so you have TLS.

> 250-AUTH PLAIN LOGIN

so you have SASL AUTH
> 250-AUTH=PLAIN LOGIN

and the "broken" sasl auth (support old ms outofluck and possibly other
borkware out there ;-p)


> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> 
>>
>> note 1: comment out the submission service in master.cf and configure
>> your mail clients to use port 587 (the standard submission port). this
>> way you separate "submitted" mail traffic from the rest.
>>
> 
> what do you mean by submission would you please explain a bit. so help
> me understand this.
> 

submission is the same as smtp (the protocol to transfer mail), but is
designated for "outgoing" mail. when having both inbound and outbound
mail, it is nice to separate inblund mail (port 25) and outbound (port
587), but this is not necessary. you can use port 25 for both  (but if a
single postfix handles both, then separatin these allows you to havae
specific config for the submission service .. ). now, keep this for a
next step!

> 
> 
>>
>> note 2: the next step for configure TLS and only allow authentication
>> for TLS protected sessions:
>> smtpd_tls_auth_only = yes
> 
> does it requires postfix-tls package as i saw in old howtos. i can not
> find this package in debian 6. even i try to find debian repo. maybe i
> am doing some mistake. would you guide me on this please.
> 

you already have TLS support. if you add the line above, then your EHLO
won't show the AUTH anymore: they will only appear once a TLS session
has ben established. this prevents clients from sending passwords in the
clear. again, keep this for a next step...

> 
> 
>>
>> see
>> http://www.postfix.org/TLS_README.html
>>
>>
>>
>>
>> you can paste the output of
>> postconf -n
>> one pastebin or the like and send the URL. (note the '-n' in the
>> command: this will show locally modified parameters only).
> 
> ok ill do that as soon as i get to office and configure this.
> 
> Thanks
> 
>>
>>
>>
>>
> 
>

Reply to:

References:
- need how to for debian 6 with postfix
  - From: Muhammad Yousuf Khan <sirtcp@gmail.com>
- Re: need how to for debian 6 with postfix
  - From: mouss <mouss@ml.netoyen.net>
- Re: need how to for debian 6 with postfix
  - From: Muhammad Yousuf Khan <sirtcp@gmail.com>

Prev by Date: Re: OpenVPN setup woes
Next by Date: Re: need how to for debian 6 with postfix
Previous by thread: Re: need how to for debian 6 with postfix
Next by thread: Re: need how to for debian 6 with postfix
Index(es):
- Date
- Thread