Loading ...
Sorry, an error occurred while loading the content.

Client SMTP Auth

Expand Messages
  • Osmany Goderich
    Hello, I ve just configured my postfix to request smtp authentication but now I find that one of my clients has a mail server(postfix with fetchmail) that is
    Message 1 of 4 , Nov 1, 2007
    • 0 Attachment

      Hello,

       

      I’ve just configured my postfix to request smtp authentication but now I find that one of my clients has a mail server(postfix  with fetchmail) that is in charge of downloading all their mail to their server so that they can use mail clients(Outlook) in their small LAN. Of course this server relays all the outgoing mail to my server and here comes the problem. What does he need to do to meet my smtp authentication request? What does he has to add in his postfix configuration in order to do an authenticated smtp relay?

       

      Thanks

       

      Direccion Provincial Joven Club C.Habana

      Administrador del Nodo Provincial

      telefono: 863-1648

      website: www.ciudad.jovenclub.cu

      correo: administrador@...

       

    • Victor Duchovni
      ... How? Show all related settings. ... If this server has a static IP, you could add it to mynetworks, or use TLS with client certs (issued by your
      Message 2 of 4 , Nov 1, 2007
      • 0 Attachment
        On Thu, Nov 01, 2007 at 11:06:04AM -0500, Osmany Goderich wrote:

        > I've just configured my postfix to request smtp authentication

        How? Show all related settings.

        > but now I
        > find that one of my clients has a mail server(postfix with fetchmail) that
        > is in charge of downloading all their mail to their server so that they can
        > use mail clients(Outlook) in their small LAN. Of course this server relays
        > all the outgoing mail to my server and here comes the problem. What does he
        > need to do to meet my smtp authentication request? What does he has to add
        > in his postfix configuration in order to do an authenticated smtp relay?

        If this server has a static IP, you could add it to mynetworks, or use TLS
        with client certs (issued by your private-label CA, or via fingerprints). Or

        http://www.postfix.org/SASL_README.html#client_sasl


        --
        Viktor.

        Disclaimer: off-list followups get on-list replies or get ignored.
        Please do not ignore the "Reply-To" header.

        To unsubscribe from the postfix-users list, visit
        http://www.postfix.org/lists.html or click the link below:
        <mailto:majordomo@...?body=unsubscribe%20postfix-users>

        If my response solves your problem, the best way to thank me is to not
        send an "it worked, thanks" follow-up. If you must respond, please put
        "It worked, thanks" in the "Subject" so I can delete these quickly.
      • Osmany Goderich
        ... How? Show all related settings. ... that ... can ... he ... If this server has a static IP, you could add it to mynetworks, or use TLS with client certs
        Message 3 of 4 , Nov 1, 2007
        • 0 Attachment
          > I've just configured my postfix to request smtp authentication

          How? Show all related settings.

          > but now I
          > find that one of my clients has a mail server(postfix with fetchmail)
          that
          > is in charge of downloading all their mail to their server so that they
          can
          > use mail clients(Outlook) in their small LAN. Of course this server relays
          > all the outgoing mail to my server and here comes the problem. What does
          he
          > need to do to meet my smtp authentication request? What does he has to add
          > in his postfix configuration in order to do an authenticated smtp relay?

          If this server has a static IP, you could add it to mynetworks, or use TLS
          with client certs (issued by your private-label CA, or via fingerprints). Or

          http://www.postfix.org/SASL_README.html#client_sasl


          --
          Viktor.

          I've already sent the configurations in a message before with the subject
          'Postfix restrictions'. I thought about what you said and yes, this serve
          has static IP, but I really wouldn't like to compromise my security just for
          this client to get his messages relayed. Can't he do anything in his server
          so that it authenticates when it relays to me? I really think there should
          be another way to solve this.
        • mouss
          ... even if he authenticates, what would that solve for you? the password will be on _his_ server. so now, if the password is stolen, people will be able to
          Message 4 of 4 , Nov 1, 2007
          • 0 Attachment
            Osmany Goderich wrote:
            >
            > I've already sent the configurations in a message before with the
            > subject 'Postfix restrictions'. I thought about what you said and
            > yes, this serve has static IP, but I really wouldn't like to
            > compromise my security just for this client to get his messages
            > relayed. Can't he do anything in his server so that it authenticates
            > when it relays to me? I really think there should
            > be another way to solve this.

            even if he authenticates, what would that solve for you? the password
            will be on _his_ server. so now, if the password is stolen, people will
            be able to relay from anywhere. contrast this with a single IP.

            anyway, Viktor directed you to
            http://www.postfix.org/SASL_README.html#client_sasl

            This shows how to configure postfix to authenticate to a remote server,
            which is what you want.
          Your message has been successfully submitted and would be delivered to recipients shortly.