<quote who="Mary Gardiner"> > Anyone got a short client-Postfix to server-Postfix TLS guide to setting > up keys and configuring the NECESSARY variables?
Not a guide, but a snippet, because I do exactly what you want to - it's great! You need sasl to do tls. On the client side (I'm running Ubuntu, which is about as new as sid) you need postfix-tls installed (Debian). /etc/postfix/main.cf: relayhost = server:587 # often gets around port 25 blocking on both ends disable_dns_lookups = yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_use_tls = yes smtp_tls_loglevel = 0 /etc/postfix/sasl_passwd: (which you need to postmap) server password On the server side (I'm running sarge), you need postfix-tls, sasl2-bin, libsasl2-modules. /etc/postfix/main.cf: broken_sasl_auth_clients = yes smtpd_use_tls = yes smtpd_tls_auth_only = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = noanonymous smtpd_sasl_local_domain = smtpd_tls_loglevel = 0 smtpd_tls_received_header = no smtpd_tls_key_file = /etc/postfix/smtpd.pem smtpd_tls_cert_file = /etc/postfix/smtpd.pem smtpd_tls_CAfile = /etc/postfix/smtpd.pem /etc/postfix/sasl/smtpd.conf: pwcheck_method: saslauthd mech_list: login plain You need to be running saslauthd (/etc/default/saslauthd). There are a number of backends for it - I just use UNIX logins via pam or shadow. - Jeff -- linux.conf.au 2005: Canberra, Australia http://linux.conf.au/ "Well, you know us usability folks... We like to believe that the two aren't mutually exclusive." - Calum Benson on power and cleanliness -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
