Darren Pilgrim a écrit : > mouss wrote: >> Charles Marcus a écrit : >>> On 12/25/2008, Darren Pilgrim (post...@bitfreak.org) wrote: >>>> Cyrus-SASL 2.1.22 (on B and C for SMTP client SASL) >>> You might try just using dovecot-sasl - one less package to >>> install/maintain, and it works as well or better than cyrus-sasl, and is >>> much easier to configure... >>> >>> http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL >>> >> >> he uses cyrus-sasl for client-sasl (smtp_*, not smtpD_*). dovecot only >> support server-sasl. >> >> >> but I don't see why he uses client-sasl between his internal and >> external servers. > > The internet is between the servers. I use SASL rather than > address-based access lists since only the prior is reliable.
why not use TLS instead? With TLS, you can use certificate fingerprints for access control, or you can use PLAIN SASL (since the communication is protected by TLS). if the server is in an untrusted data center, this has the benefit of preventing other (owned) servers from sniffing data.
