On Aug 23, 2013, at 21:38, David Hulsebus <dhulse...@portative.net> wrote:
> I apologize in advance for the long post. I started working for a small ISP > with around 3000 mailboxes and inherited a Postfix server that I've been > auditing. It's based on Ubuntu 8.04 LTS, Postfix 2.51, and runs Courier for > pop and imap authentication. It has encrypted passwords in a MySQL database. > I believe I need to setup SSL connections for securely passing > authentication information to authorize the smtp connection for local or > remote clients with virtual accounts wanting to send e-mail. > > So I'm a bit stumped and confused. The TLS_README indicates I can use > STARTTLS for all clients. Those clients will be everything from Outlook > Express to Windows Live Mail, Thunderbird, Incredimail, etc... But without > the ability to use CRAM-MD5, DIGEST-MD5, NTLM, how can I use TLS to make the > connection and authorize the clients? STARTTLS happens before AUTH, and it can be made a requirement to continue. No TLS set up, no AUTH available. So basically, you cannot send the plaintext password unless it's over an encrypted link. To make PLAIN authentication work, I reckon you need to remove 'noplaintext' from 'smtpd_sasl_security_options'. Note that Postfix 2.5.1 is rather old, and that Ubuntu 8.04.4 LTS was EOL'd in May of this year. This means that it is no longer being maintained, no security updates. Upgrading to a newer, supported release is recommended. Mvg, Joni
