On 2/12/19 11:37 AM, Patrick Ben Koetter wrote:
* Robert Moskowitz <r...@htt-consult.com>:
For my new server, I plan on using either SHA256 or 512 and trying to see
what impact NOT using MD5 has on the postfix configuration. I am assuming
that this only impacts the sasl authentication and I am seeing:
# postconf -n|grep sasl
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
rej
ect_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient,
rejec
t_unknown_recipient_domain
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
That postfix let's dovecot do the authentication lifting and so only dovecot
needs to know the password format and that is in dovecot-sql.conf,
Is that the extent of it, or is there somewhere else I need to specify the
password format.
It's all left to dovecot. From Postfix' point of view dovecot acts as password
verification service. Postfix hands over the indentity data, dovecot
authenticates the identity and returns the result and Postfix authorizes the
identity to e.g. relay mails.
Thanks. That is at least one place not needing changes.
Just postfixadmin, dovecot, and roundcubemail. Manageable.
