On Wed, Aug 21, 2013 at 01:08:15PM +0200, Lang Alex wrote:
> -debian 7, postfix 2.9.6
> -no local domain, no mailboxes (root also aliased out of machine)
> -only open relay with authorized people, mysql db backend
"Open" and "authorized" (which really should be "authenticated" in
this context are contradictions in terms. "Open" means "anyone can
relay without authentication."
> -no long way: postfix -dovecot sasl - pam - mysql conect
> -only direct: postfix - local mysql ( - view to remote dbs,thats
> another story)
>
> is it possible?
No. SASL AUTH requires SASL. Why is that a problem?
> or any auth login/passwd means sasl thus dovecot is a must?
Dovecot SASL (which I would recommend even if you disable Dovecot
IMAP/POP3) or Cyrus SASL is required. I think the SASL_README is
clear on this point.
> I googled for some time, have not found simple yes/no, nor some
> no-sasl-howto
Google not, look directly in the Postfix documentation:
http://www.postfix.org/SASL_README.html
There are other means to authenticate SMTP clients, both inband and
out-of-band. From home, I relay through my remote server by means of
OpenVPN tunnel; the VPN endpoint is listed in mynetworks. Note that
this approach loses the benefits of AUTH, such as knowing exactly
which user was responsible for which message.
TLS certificate authentication can be done:
http://www.postfix.org/TLS_README.html#server_access
You'll also need to read most of the "SMTP Server specific settings"
section above this. In fact you might need a specific smtpd instance
(submission port, for example) to do the client certificate checking
and verification.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
