Lists wrote:
Hi,
I have got dovecot setup as the postfix smtp authentication now YAY -
man its cool!
Just wanted to check if my setup was good practice.
I have it authenticating against a mysql database(MailEnable mysql db)
with passwords stored as plain text.
Is this ok?
the passwd-file is to allow for backward compatibility with single
username and password that some of our clients will still be using.
in my dovecot.conf i have
auth default {
mechanisms = plain login
passdb sql {
args = /etc/dovecot-sql.conf
}
userdb passwd {
}
passdb passwd-file {
args = /etc/passwd.dovecot
}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
cheers
Kate
The above are reasonable settings for dovecot.
The PLAIN and LOGIN protocols are plain-text equivilant, so
postfix should be configured to use TLS if you haven't done
this already. http://www.postfix.org/TLS_README.html
To force the client to protect the password with TLS, set in
postfix main.cf:
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
You should enable the postfix "submission" service on port 587
(and maybe also the deprecated "smtps" service on 465, still
used by some Microsoft products) so your users can submit mail
if their ISP blocks port 25. See the commented entries in
master.cf.
--
Noel Jones
