Loading ...
Sorry, an error occurred while loading the content.
 

authentication

Expand Messages
  • Ejaz
    Hello, We are and ISP our mail environment is follows Front End Mail server =: (postfix/mailscanner/clamav/spamasssin) where there are no actual mailboxes,
    Message 1 of 6 , Jan 18, 2011

      Hello,

       

       

      We are and ISP our mail environment is follows

       

      Front End Mail server =: (postfix/mailscanner/clamav/spamasssin) where there are no actual mailboxes, just role of this server is to filter the incoming and outgoing email. After that all the incoming emails will sent to the its actual server based on mail routing configuration which is transport file, and for  outgoing there is restriction,

       

      Back End Mail server =:    (CommuniGate Pro) where all the mailboxes exists, but there is no powerful filters in it to control the spam and virus emails

       

      Therefore we are trying to setup postfix to authenticate and relay message from traveling users (the users who connecting to postfix from outside our network and IP range). Who should be able to relay their emails through front end server only once they check mark the option called “my serves required an authentication” in their outlook?

       

      Is there any way to do that in postfix, please help and suggestion will be highly appreciated

       

      Thanks a lot in advance,

       

       

      Regards,
      __________________
      Mohammed Ejaz
      Sr,Systems Administrator
      Middle East Internet Company (CYBERIA)
      Riyadh , Saudi Arabia
      Phone: +966-1-4647114  Ext: 140
      Mobile +966-562311787
      Fax: +966-1-4654735
      E-mail: mejaz@...

       

    • Patrick Ben Koetter
      ... You want to read . The document describes how to setup SMTP AUTHentication in the Postfix smtpd
      Message 2 of 6 , Jan 18, 2011
        * Ejaz <mejaz@...>:
        > We are and ISP our mail environment is follows
        >
        > Front End Mail server =: (postfix/mailscanner/clamav/spamasssin) where there
        > are no actual mailboxes, just role of this server is to filter the incoming
        > and outgoing email. After that all the incoming emails will sent to the its
        > actual server based on mail routing configuration which is transport file,
        > and for outgoing there is restriction,
        >
        > Back End Mail server =: (CommuniGate Pro) where all the mailboxes exists,
        > but there is no powerful filters in it to control the spam and virus emails
        >
        > Therefore we are trying to setup postfix to authenticate and relay message
        > from traveling users (the users who connecting to postfix from outside our
        > network and IP range). Who should be able to relay their emails through
        > front end server only once they check mark the option called "my serves
        > required an authentication" in their outlook?
        >
        > Is there any way to do that in postfix, please help and suggestion will be
        > highly appreciated

        You want to read <http://www.postfix.org/SASL_README.html#server_sasl>. The
        document describes how to setup SMTP AUTHentication in the Postfix smtpd
        server.

        I take it your systems user identities (username, password) are not stored on
        the gateway, but somewhere else. Use the table in
        <http://www.postfix.org/SASL_README.html#server_cyrus_comm> to find the best
        way how Cyrus SASL can access these data.

        If you have passwords stored in plaintext (not encrypted) you may offer the
        SASL mechanisms NTLM and DIGEST-MD5 to Outlook users. If you store passwords
        encrypted only offer PLAIN and LOGIN. LOGIN will work well for Outlook
        clients, but PLAIN and LOGIN should be shielded with a TLS encrypted SMTP
        session.

        Read <http://www.postfix.org/TLS_README.html#server_tls> in case you are also
        going to provide TLS.

        p@rick


        --
        All technical questions asked privately will be automatically answered on the
        list and archived for public access unless privacy is explicitely required and
        justified.

        saslfinger (debugging SMTP AUTH):
        <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
      • Ejaz
        Hello, Thanks a lot for your help, would you please tell me in order to achieve as I said below, does it requires to maintain the local database (username
        Message 3 of 6 , Jan 21, 2011

          Hello,

           

          Thanks a lot for your help, would you please tell me in order to achieve  as I said below,  does  it requires to maintain the local database (username and password of email accounts)  in sql database or in a flat file,

           

           

          Regards

          Ejaz

          -----Original Message-----
          From: owner-postfix-users@... [mailto:owner-postfix-users@...] On Behalf Of Patrick Ben Koetter
          Sent: Wednesday, January 19, 2011 9:44 AM
          To: postfix-users@...
          Subject: Re: authentication

           

          * Ejaz <mejaz@...>:

          > We are and ISP our mail environment is follows

          >

          > Front End Mail server =: (postfix/mailscanner/clamav/spamasssin) where there

          > are no actual mailboxes, just role of this server is to filter the incoming

          > and outgoing email. After that all the incoming emails will sent to the its

          > actual server based on mail routing configuration which is transport file,

          > and for  outgoing there is restriction,

          >

          > Back End Mail server =:    (CommuniGate Pro) where all the mailboxes exists,

          > but there is no powerful filters in it to control the spam and virus emails

          >

          > Therefore we are trying to setup postfix to authenticate and relay message

          > from traveling users (the users who connecting to postfix from outside our

          > network and IP range). Who should be able to relay their emails through

          > front end server only once they check mark the option called "my serves

          > required an authentication" in their outlook?

          >

          > Is there any way to do that in postfix, please help and suggestion will be

          > highly appreciated

           

          You want to read <http://www.postfix.org/SASL_README.html#server_sasl>. The

          document describes how to setup SMTP AUTHentication in the Postfix smtpd

          server.

           

          I take it your systems user identities (username, password) are not stored on

          the gateway, but somewhere else. Use the table in

          <http://www.postfix.org/SASL_README.html#server_cyrus_comm> to find the best

          way how Cyrus SASL can access these data.

           

          If you have passwords stored in plaintext (not encrypted) you may offer the

          SASL mechanisms NTLM and DIGEST-MD5 to Outlook users. If you store passwords

          encrypted only offer PLAIN and LOGIN. LOGIN will work well for Outlook

          clients, but PLAIN and LOGIN should be shielded with a TLS encrypted SMTP

          session.

           

          Read <http://www.postfix.org/TLS_README.html#server_tls> in case you are also

          going to provide TLS.

           

          p@rick

           

           

          --

          All technical questions asked privately will be automatically answered on the

          list and archived for public access unless privacy is explicitely required and

          justified.

           

          saslfinger (debugging SMTP AUTH):

          <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

           

           

        • Patrick Ben Koetter
          ... First: Cyrus SASL does not necessarily require you to maintain a local authentication database. If you already have a database that keeps usernames and
          Message 4 of 6 , Jan 22, 2011
            * Ejaz <mejaz@...>:
            > Thanks a lot for your help, would you please tell me in order to achieve as
            > I said below, does it requires to maintain the local database (username
            > and password of email accounts) in sql database or in a flat file,

            First: Cyrus SASL does not necessarily require you to maintain a local
            authentication database. If you already have a database that keeps usernames
            and passwords, I recommend you find a way to reuse that database because it
            simplifies maintaince. Cyrus SASL gives you some connectors to access SQL
            servers, LDAP servers and other backends.

            If you want to use a local database, choose the type of database suites your
            needs the best.

            sasldb
            sasldb is the easiest to use. Use the saslpasswd2 utility to create and
            maintain the database.
            sql
            You can use a MySQL, sqlite3 or PostgreSQL server. Setup the database,
            create a database schema and configure the SELECT statement in Cyrus SASLs
            smtpd.conf configuration file.

            p@rick

            > -----Original Message-----
            > From: owner-postfix-users@...
            > [mailto:owner-postfix-users@...] On Behalf Of Patrick Ben Koetter
            > Sent: Wednesday, January 19, 2011 9:44 AM
            > To: postfix-users@...
            > Subject: Re: authentication
            >
            >
            >
            > * Ejaz <mejaz@...>:
            >
            > > We are and ISP our mail environment is follows
            >
            > >
            >
            > > Front End Mail server =: (postfix/mailscanner/clamav/spamasssin) where
            > there
            >
            > > are no actual mailboxes, just role of this server is to filter the
            > incoming
            >
            > > and outgoing email. After that all the incoming emails will sent to the
            > its
            >
            > > actual server based on mail routing configuration which is transport file,
            >
            > > and for outgoing there is restriction,
            >
            > >
            >
            > > Back End Mail server =: (CommuniGate Pro) where all the mailboxes
            > exists,
            >
            > > but there is no powerful filters in it to control the spam and virus
            > emails
            >
            > >
            >
            > > Therefore we are trying to setup postfix to authenticate and relay message
            >
            > > from traveling users (the users who connecting to postfix from outside our
            >
            > > network and IP range). Who should be able to relay their emails through
            >
            > > front end server only once they check mark the option called "my serves
            >
            > > required an authentication" in their outlook?
            >
            > >
            >
            > > Is there any way to do that in postfix, please help and suggestion will be
            >
            > > highly appreciated
            >
            >
            >
            > You want to read <http://www.postfix.org/SASL_README.html#server_sasl>. The
            >
            > document describes how to setup SMTP AUTHentication in the Postfix smtpd
            >
            > server.
            >
            >
            >
            > I take it your systems user identities (username, password) are not stored
            > on
            >
            > the gateway, but somewhere else. Use the table in
            >
            > <http://www.postfix.org/SASL_README.html#server_cyrus_comm> to find the best
            >
            > way how Cyrus SASL can access these data.
            >
            >
            >
            > If you have passwords stored in plaintext (not encrypted) you may offer the
            >
            > SASL mechanisms NTLM and DIGEST-MD5 to Outlook users. If you store passwords
            >
            > encrypted only offer PLAIN and LOGIN. LOGIN will work well for Outlook
            >
            > clients, but PLAIN and LOGIN should be shielded with a TLS encrypted SMTP
            >
            > session.
            >
            >
            >
            > Read <http://www.postfix.org/TLS_README.html#server_tls> in case you are
            > also
            >
            > going to provide TLS.
            >
            >
            >
            > p@rick
            >
            >
            >
            >
            >
            > --
            >
            > All technical questions asked privately will be automatically answered on
            > the
            >
            > list and archived for public access unless privacy is explicitely required
            > and
            >
            > justified.
            >
            >
            >
            > saslfinger (debugging SMTP AUTH):
            >
            > <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
            >
            >
            >
            >
            >

            --
            All technical questions asked privately will be automatically answered on the
            list and archived for public access unless privacy is explicitely required and
            justified.

            saslfinger (debugging SMTP AUTH):
            <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
          • Ejaz
            Dear Patrick, Many many Thanks Patrick, yes I have backend servers of CommuniGate Pro where all the mailboxes exists, but I don t know how to tell postfix to
            Message 5 of 6 , Jan 22, 2011

              Dear Patrick,

               

              Many many Thanks Patrick, yes I have backend servers of CommuniGate Pro where all the mailboxes exists, but I don’t know  how to tell postfix  to use these server, is there any built-in configuration files for such scenario.

               

              Ejaz

               

              -----Original Message-----
              From: owner-postfix-users@... [mailto:owner-postfix-users@...] On Behalf Of Patrick Ben Koetter
              Sent: Saturday, January 22, 2011 11:16 AM
              To: postfix-users@...
              Subject: Re: authentication

               

              * Ejaz <mejaz@...>:

              > Thanks a lot for your help, would you please tell me in order to achieve  as

              > I said below,  does  it requires to maintain the local database (username

              > and password of email accounts)  in sql database or in a flat file,

               

              First: Cyrus SASL does not necessarily require you to maintain a local

              authentication database. If you already have a database that keeps usernames

              and passwords, I recommend you find a way to reuse that database because it

              simplifies maintaince. Cyrus SASL gives you some connectors to access SQL

              servers, LDAP servers and other backends.

               

              If you want to use a local database, choose the type of database suites your

              needs the best.

               

              sasldb

                sasldb is the easiest to use. Use the saslpasswd2 utility to create and

                maintain the database.

              sql

                You can use a MySQL, sqlite3 or PostgreSQL server. Setup the database,

                create a database schema and configure the SELECT statement in Cyrus SASLs

                smtpd.conf configuration file.

               

              p@rick

               

              > -----Original Message-----

              > From: owner-postfix-users@...

              > [mailto:owner-postfix-users@...] On Behalf Of Patrick Ben Koetter

              > Sent: Wednesday, January 19, 2011 9:44 AM

              > To: postfix-users@...

              > Subject: Re: authentication

              >

              >

              > * Ejaz <mejaz@...>:

              >

              > > We are and ISP our mail environment is follows

              >

              > >

              >

              > > Front End Mail server =: (postfix/mailscanner/clamav/spamasssin) where

              > there

              >

              > > are no actual mailboxes, just role of this server is to filter the

              > incoming

              >

              > > and outgoing email. After that all the incoming emails will sent to the

              > its

              >

              > > actual server based on mail routing configuration which is transport file,

              >

              > > and for  outgoing there is restriction,

              >

              > >

              >

              > > Back End Mail server =:    (CommuniGate Pro) where all the mailboxes

              > exists,

              >

              > > but there is no powerful filters in it to control the spam and virus

              > emails

              >

              > >

              >

              > > Therefore we are trying to setup postfix to authenticate and relay message

              >

              > > from traveling users (the users who connecting to postfix from outside our

              >

              > > network and IP range). Who should be able to relay their emails through

              >

              > > front end server only once they check mark the option called "my serves

              >

              > > required an authentication" in their outlook?

              >

              > >

              >

              > > Is there any way to do that in postfix, please help and suggestion will be

              >

              > > highly appreciated

              >

              >

              > You want to read <http://www.postfix.org/SASL_README.html#server_sasl>. The

              >

              > document describes how to setup SMTP AUTHentication in the Postfix smtpd

              >

              > server.

              >

              >

              > I take it your systems user identities (username, password) are not stored

              > on

              >

              > the gateway, but somewhere else. Use the table in

              >

              > <http://www.postfix.org/SASL_README.html#server_cyrus_comm> to find the best

              >

              > way how Cyrus SASL can access these data.

              >

              >

              > If you have passwords stored in plaintext (not encrypted) you may offer the

              >

              > SASL mechanisms NTLM and DIGEST-MD5 to Outlook users. If you store passwords

              >

              > encrypted only offer PLAIN and LOGIN. LOGIN will work well for Outlook

              >

              > clients, but PLAIN and LOGIN should be shielded with a TLS encrypted SMTP

              >

              > session.

              >

              >

              > Read <http://www.postfix.org/TLS_README.html#server_tls> in case you are

              > also

              >

              > going to provide TLS.

              >

              >

              > p@rick

              >

              >

              >

              > --

              >

              > All technical questions asked privately will be automatically answered on

              > the

              >

              > list and archived for public access unless privacy is explicitely required

              > and

              >

              > justified.

              >

              >

              > saslfinger (debugging SMTP AUTH):

              >

              > <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

              >

              >

              >

               

              --

              All technical questions asked privately will be automatically answered on the

              list and archived for public access unless privacy is explicitely required and

              justified.

               

              saslfinger (debugging SMTP AUTH):

              <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

               

               

            • Benny Pedersen
              ... google on saslauthd rimap
              Message 6 of 6 , Jan 31, 2011
                On Sat, 22 Jan 2011 12:43:14 +0300, "Ejaz" <mejaz@...> wrote:
                > Dear Patrick,
                >
                > Many many Thanks Patrick, yes I have backend servers of CommuniGate Pro
                > where all the mailboxes exists, but I don't know how to tell postfix to
                > use these server, is there any built-in configuration files for such
                > scenario.

                google on saslauthd rimap
              Your message has been successfully submitted and would be delivered to recipients shortly.