Re: postfix, dovecot, sasl & tls

To: NetBSD Users Mailing List <netbsd-users%netbsd.org@localhost>
Subject: Re: postfix, dovecot, sasl & tls
From: Matthias Scheler <tron%zhadum.org.uk@localhost>
Date: Sun, 13 Mar 2011 11:09:43 +0000

On 11 Mar 2011, at 21:50, Jan Danielsson wrote:
>   First, am I correct in assuming that SASL is something which can be
> used to pass authentication information coming from the mail client,
> "through" postfix, into dovecot (in my case) which will then be able to
> validate the supplied authentication information, and if it checks out,
> then that "seal of approval" is sent back to postfix, so that it can
> treat the user as someone being "on the same network" (i.e. being
> allowed to relay mail bound for an external server)?

Yes, it is documented here:

http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL

I'm using such a setup with Postfix from NetBSD's base system and the 
"dovecot2" package from "pkgsrc".

>   Next, assuming I got the first part correct, is it possible to
> configure <subj> to only allow users who have presented a proper (read:
> fully verified) client certificate to be allowed to relay mails through
> the server?

I've never tried that. Requesting client certificates causes problem with 
STARTTLS in general. So I stick to username and password authentication.

        Kind regards

-- 
Matthias Scheler                           http://zhadum.org.uk/

References:
- postfix, dovecot, sasl & tls
  - From: Jan Danielsson

Prev by Date: Re: rpc.lockd
Next by Date: Re: Error trying to build NetBSD 5.1
Previous by Thread: Re: postfix, dovecot, sasl & tls
Next by Thread: dhcpcd-gtk doesn't show up
Indexes:

Home | Main Index | Thread Index | Old Index