In all my years, I have never gotten saslauthd to authenticate properly
against an sql database. Is there another way than interfacing it
through pam-mysql?
pop/imap-before-smtp is a hack, but it's a simple hack that works fairly
robustly.
So is there no plan to implement starttls? Isn't that the new way of
doing secure sockets these days? stunnel is nice and all, but by its
nature it can't cover starttls..
-Sri
Paul J Stevens wrote:
Simon Gray wrote:
Running stunnel is fairly straight forward the only real downside to
using stunnel over a native imap_ssl is if you're using pop-before-smtp.
Since remote connections come through the stunnel daemon and then go out
via localhost to imap, any remote ip information is lost.
SMTP/AUTH is quite simple. And no I don't like sasl2-sql at all. Use
saslauthd and the imap authenticator:
on debian with postfix that would be:
#> apt-get install sasl2-bin libsasl2-modules postfix-tls
#> cat > /etc/default/saslauthd << EOF
START=yes
MECHANISMS="rimap -O localhost"
EOF
#> cat > /etc/postfix/sasl/smtpd.conf << EOF
mech_list: PLAIN LOGIN ANONYMOUS
pwcheck_method: saslauthd
EOF
#> postconf -e smtpd_sasl_auth_enable=yes
#> /etc/init.d/saslauthd restart
#> /etc/init.d/postfix restart
assuming there's a dbmail-imapd running on localhost.
This method is arguably simpler than the sasl-sql method described in
the wiki, and also more portable: it works for both authsql and authldap
