On Thu, Sep 26, 2013 at 02:52:51PM +0100, Steve Blinkhorn wrote:
> I have the need to configure my mail servers to accept remote mail
> from company smartphones, which will have unpredictable IP addresses
> at any given time.
>
> As I understand it, this is best done using port 587 and a suitably
> configured imapd, but it is not clear to me whether stock imapd can do
> the job. I get the impression that I need to build something like
> dovecot - but what is the difference between dovecot and dovecot2?
>
> I guess this is all obvious once you know it, but if there's a "how to
> get started with port 587" guide, that would be really helpful.
No, that's not imap job's, that's the job of the MTA, sendmail or postfix.
It needs to have SASL auth enabled. In this case it's better to use TLS too.
With sendmail this is done with:
PKG_OPTIONS.sendmail+=sasl tls
and rebuild sendmail. This should pull in cyrus-sasl.
Then you'll also need to install
cy2-login
cy2-plain
cyrus-saslauthd
In /usr/pkg/lib/sasl2, create a Sendmail.conf file with:
pwcheck_method: saslauthd
mech_list: LOGIN PLAIN
Then configure saslauthd in /usr/pkg/etc/saslauthd.conf
for the auth method you want to use (for ldap, you'll need:
PKG_OPTIONS.cyrus-saslauthd+=ldap
)
In your sendmail's .mc file:
define(`confAUTH_OPTIONS', `A,p,y')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confCACERT_PATH',`/etc/openssl/certs')dnl
define(`confCACERT',`/etc/openssl/certs/CNRS-Standard.crt')dnl
define(`confSERVER_CERT',`/etc/openssl/certs/srv.pem')dnl
define(`confSERVER_KEY',`/etc/openssl/private/srv.pem')dnl
DAEMON_OPTIONS(`Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=as')dnl
(adjust the paths to match your SSL setup of course).
The last line (TLSMTA) is optionnal, this cause sendmail to listen to port
443. You may not need it.
--
Manuel Bouyer <bou...@antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la difference
--
