I have spent the last couple of hours trying to get TLS working, sadly
no luck.
When I telnet and and do STARTTLS I get the error no server certs
available TLS won't be enabled.
I followed the instructions on the how to forge (the link I was given
before was a tad over my head)
The certs are all made and in the /etc/postfix/ssl/mailserver directory
as an aside - does this require a purchased security certificate to work?
Also to check I understand does the client (i.e. thunderbird) send a
request to send to the server which sends them back a key that gets
'attached' to the email that is sent which then authenticates when it
reaches the server and is allowed to be sent? Or have I got it all wrong.
Thanks
Kate
Noel Jones wrote:
Lists wrote:
Hi,
I have got dovecot setup as the postfix smtp authentication now YAY -
man its cool!
Just wanted to check if my setup was good practice.
I have it authenticating against a mysql database(MailEnable mysql
db) with passwords stored as plain text.
Is this ok?
the passwd-file is to allow for backward compatibility with single
username and password that some of our clients will still be using.
in my dovecot.conf i have
auth default {
mechanisms = plain login
passdb sql {
args = /etc/dovecot-sql.conf
}
userdb passwd {
}
passdb passwd-file {
args = /etc/passwd.dovecot
}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
cheers
Kate
The above are reasonable settings for dovecot.
The PLAIN and LOGIN protocols are plain-text equivilant, so postfix
should be configured to use TLS if you haven't done this already.
http://www.postfix.org/TLS_README.html
To force the client to protect the password with TLS, set in postfix
main.cf:
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
You should enable the postfix "submission" service on port 587 (and
maybe also the deprecated "smtps" service on 465, still used by some
Microsoft products) so your users can submit mail if their ISP blocks
port 25. See the commented entries in master.cf.
