David Ballano wrote:
2008/9/12 Brian Evans - Postfix List <[EMAIL PROTECTED]>:
[snip]
Do *not* list a domain in virtual_(mailbox|alias)_domains AND mydestination.
Doing so will cause issues and postfix will complain and possibly hand
off to the wrong delivery agent.
I put mydomain variable instead, I think that is ok, isn't it?
no, it's not. do you think you'll confuse postfix because you use a
variable instead of a value?
Do not put a domain in both mydestination and virtual_mailbox_domains. a
domain must belong to a single class. if it's for delivery to a unix
account, put the domain in mydestination. if it's to be delivered to
virtual mailboxes, put it in virtual_mailbox_domains.
My questions are, how can I secure the access to the smtp? I've been
reading abous sasl2 so I Installed sasl2 and saslauth demon, (is in
the same packet I think ??)
to do that, you need to tell postfix to only propose AUTH after STARTLS.
http://www.postfix.org/TLS_README.html#server_tls_auth
you can allow "strong" mechanisms without TLS. The problem is what is
"strong" enough? In particular, CRAM-MD5 is no more considered secure.
also, given that mail is often used to communicate passwords and other
sensitive information, TLS is recommended. I'd say it is required if the
server is hosted in a data center.
