We had to rebuild postfix to use SASL then from main.cf:
...
# SMTP SERVER CONTROLS
# The smtpd_sasl_auth_enable parameter controls whether SMTP client
# authentication is enabled in the Postfix SMTP server. By default,
# the Postfix SMTP server does not use authentication.
#
# If an SMTP client is authenticated, then the permit_sasl_authenticated
# access restriction can be used to permit relay access, like this:
#
# smtpd_recipient_restrictions = permit_sasl_authenticated, ...
#
# To reject all SMTP connections from unauthenticated clients,
# specify smtpd_delay_reject=yes (which is the default) and use:
#
# smtpd_client_restrictions = permit_sasl_authenticated
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
#
# In order to enable server-side authentication, build Postfix with
# SASL support, and install a configuration file /usr/lib/sasl/smtpd.conf
# (SASL version 1) or /usr/lib/sasl2/smtpd.conf (SASL version 2) with
# as contents, for example,
#
# pwcheck_method: sasldb
#
# or whatever method is suitable for your environment: PAM, shadow,
# etc. If you use sasldb, you can add users with the "saslpasswd"
# command that comes with the SASL library. If you configure Postfix
# to use PAM, the PAM service name for SASL authentication is "smtp",
# and adding users depends entirely on how PAM is set up.
#
# If you run your SMTP server chrooted, then you need to copy PAM
# and/or SASL support libraries and data files into the chroot jail.
# That's a lot of files, and it seems not very practical to do so.
#
smtpd_sasl_auth_enable = yes
#smtpd_sasl_auth_enable = no
# The smtpd_sasl_security_options parameter controls what authentication
# mechanisms the Postfix SMTP server will offer to the client. The
# list of available authentication mechanisms is system dependent.
#
# Specify zero or more of the following:
#
# noplaintext: disallow methods that use plaintext passwords
# noactive: disallow methods subject to active (non-dictionary) attack
# nodictionary: disallow methods subject to passive (dictionary) attack
# noanonymous: disallow methods that allow anonymous authentication
#
# An additional option is available in SASL version 2:
#
# mutual_auth: only allow methods that provide mutual authentication
#
# By default, the Postfix SMTP server accepts plaintext passwords but
# not anonymous logins.
#
# HORROR! It appears that clients try authentication methods in the
# order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5)
# which means that if you disable plaintext passwords, clients will
# log in anonymously, even when they should be able to use CRAM-MD5.
# So, if you disable plaintext logins, disable anonymous logins too.
# Postfix treats anonymous login as no authentication.
#
#smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_security_options = noanonymous
# The smtpd_sasl_local_domain parameter specifies the name of the
# local authentication realm.
#
# By default, the local authentication realm name is the name of the
# machine.
#
#smtpd_sasl_local_domain = $mydomain
smtpd_sasl_local_domain = $myhostname
...
[EMAIL PROTECTED]:~$ cat /usr/lib/sasl/smtpd.conf
pwcheck_method:PAM
[EMAIL PROTECTED]:~$ cat /etc/pam.d/smtp
#%PAM-1.0
auth required /lib/security/pam_mysql.so user=root db=dbmail
table=dbmail_users usercolumn=userid passwdcolumn=passwd
account required /lib/security/pam_mysql.so user=root db=dbmail
table=dbmail_users usercolumn=userid passwdcolumn=passwd
This is on RedHat 7.3.
Cheers,
Blake
Aaron Stone wrote:
Drew Morris <[EMAIL PROTECTED]> said:
Are their any plans to add support for SMTP-AUTH to dbmail instead of
just POP before SMTP and IMAP before SMTP. SMTP-AUTH would seem like a
very logical thing to have on a system like this.
You can't have SMTP AUTH without an SMTP server ;-) DBMail is only an
MDA, Mail Delivery Agent, which receives mail from the MTA, such as
Postfix or Sendmail, Exim, and others. Those are the SMTP servers which
you would want to configure for SMTP AUTH.
In order to share a user base with DBMail, you would need to configure
your SMTP AUTH to use DBMail's database. While that information is beyond
the scope of DBMail, if you do create a working config, please post it
back to the mailing list so that we can include some helpful hints in the
DBMail documentation.
Aaron
_______________________________________________
Dbmail-dev mailing list
Dbmail-dev@dbmail.org
http://twister.fastxs.net/mailman/listinfo/dbmail-dev
