Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
You have compile postfix (or get a package) to have SASL support. Simple Authentication and Security Layer provides postfix with support for SMTP AUTH. It would be the one that would talk to PAM. You may consider using the TLS patch as well. This provides encryption for the SMTP connection. This maybe important if you use PLAIN method (gives the password clear text).
I don't run Redhat, but maybe they provide the packages. (Debian seems to.)
Debian does not only seem to provide packages for it it does provide packages for it which work flawlessly :-)
I would not recommend using PAM for SMTP AUTH though, I'd recommend you use the 'normal' SASL way (/etc/sasldb) and create a script that renews your sasldb in the required timerange...
For instance all the SMTP AUTH users are in a MySQL database in my case and a script renews the /etc/sasldb on the master and backup server every 8 hours ... works flawlessly with ~ 1000 users in my case ...
Last edited by markus1982; 08-24-2003 at 06:03 AM.
Yep, I always feel like I'm cheating when I use/recommend the debian packages. They are very well maintained and usually work together very well. I need to start giving back to Debian :)
I wouldn't recommend PAM as well. PAM (or the std. UNIX formats) for SMTP AUTH will have limits. AFAIK, the more secure password exchange methods (DIGEST-MD5) can't be used with PAM, as they require the cleartext password to be stored somewhere. But... combining SMTP AUTH (PLAIN) and TLS can work and be "secure". It also works for local users and tools out of the box. YMMV.
I'm converting over my little (read 4 users) DSL server over to a mix of Solaris/postifx and Debian/everything else. (Diversity is good and painful, who knew?). I'm just now getting over my (complex) database fears for passwords. (Trying to use LDAP via NSS, PAM to provide user info to all the machines). Just wish I could secure NFS.
Have fun,
chris
PS Are you using saslauthd?
PPS tarballed,
You probably will have to do some reading on this, as it isn't quite the normal setup yet. Please feel free to post any questions or start a new thread.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
