* Ejaz <me...@cyberia.net.sa>: > We are and ISP our mail environment is follows > > Front End Mail server =: (postfix/mailscanner/clamav/spamasssin) where there > are no actual mailboxes, just role of this server is to filter the incoming > and outgoing email. After that all the incoming emails will sent to the its > actual server based on mail routing configuration which is transport file, > and for outgoing there is restriction, > > Back End Mail server =: (CommuniGate Pro) where all the mailboxes exists, > but there is no powerful filters in it to control the spam and virus emails > > Therefore we are trying to setup postfix to authenticate and relay message > from traveling users (the users who connecting to postfix from outside our > network and IP range). Who should be able to relay their emails through > front end server only once they check mark the option called "my serves > required an authentication" in their outlook? > > Is there any way to do that in postfix, please help and suggestion will be > highly appreciated
You want to read <http://www.postfix.org/SASL_README.html#server_sasl>. The document describes how to setup SMTP AUTHentication in the Postfix smtpd server. I take it your systems user identities (username, password) are not stored on the gateway, but somewhere else. Use the table in <http://www.postfix.org/SASL_README.html#server_cyrus_comm> to find the best way how Cyrus SASL can access these data. If you have passwords stored in plaintext (not encrypted) you may offer the SASL mechanisms NTLM and DIGEST-MD5 to Outlook users. If you store passwords encrypted only offer PLAIN and LOGIN. LOGIN will work well for Outlook clients, but PLAIN and LOGIN should be shielded with a TLS encrypted SMTP session. Read <http://www.postfix.org/TLS_README.html#server_tls> in case you are also going to provide TLS. p@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
