On Tue, Feb 24, 2009 at 09:28:09PM -0600, Justin Pasher wrote:
> I have a client that wants us to setup the Postfix SMTP server on their web
> server to use authentication when relaying through their Exchange server
> (even though both are on the same local network). I'm working on just
> getting them to allow relay from the web server IP address, but in the
> meantime...
The Postfix SMTP client uses Cyrus SASL to authenticate to remote SMTP
servers.
> The exchange server only offers "AUTH NTLM" in the EHLO greeting. I did a
> little searching and I'm having trouble finding out whether Postfix (well, I
> guess Cyrus) supports NTLM authentication.
There is NTLM an plugin for Cyrus SASL. Never used it myself...
> cyrus), but I guess I'm trying to find out a way to test it manually outside
> of Postfix before I make the change in the Postfix config.
Good idea, the cyrus SASL sources come with a sample server and a sample
client, but it may be tricky to get the sample server configured to
verify NTLM creds. You should probably test with "ldapsearch" against
AD with NTLM authenticaion in LDAP. Once you get the LDAP client working
with NTLM, it should be possible to do the same with SMTP.
> I see in the
> SASL_README how you can test AUTH PLAIN authentication, but I don't see
> anything about NTLM (not fully understanding NTLM myself, it seems to be
> challenge-response protocol, so the same testing method wouldn't work).
>
> Remember that I only need outgoing NTLM authentication for the SMTP client
> (not incoming NTLM), as this server is simply relaying all emails to the
> Exchange server. Is this something that would be more appropriate on the
> Cyrus list?
Yes. The Client is really making life difficult for you, if they supported
AUTH PLAIN or even GSSAPI, it would be a lot easier than NTLM.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
