There is no native TLS/athentication support within DBMail although it is a simple enough procedure to create a SSL wrapper to all daemons as well as your SMTPD. SASL2 can do authentication for SMTPD and a stunnel SSL wrapper for everything DBMAIL secures the username/pwd login.
I don't have time right now to write a 'howto' but I leave you with some notes I hope will give you some steering. 1) Use stunnel ( http://www.stunnel.org/) and (Cyrus) SASL2 (Carnegie Mellon University) and the slauthd daemon. This way your authentication across the wild is encrypted and handled at the server side by the same DBMail database table. The wiki at http://www.dbmail.org/dokuwiki/doku.php?id=stunnel looks for the most part close to how I achieved this. It is a snap. Read the stunnel.org stuff and you will have all you need. 2) An example of how to do the SASL2 thing in postfix follows. This might be the roadmap you need for smtp smtp_sasl_auth_enable = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = broken_sasl_auth_clients = yes smtp_sasl_password_maps = mysql:/etc/postfix/pwd.cf smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /usr/etc/postfix/ssl/CA/your-key-cert.pem smtpd_tls_cert_file = /usr/etc/postfix/ssl/CA/your-key-cert.pem smtpd_tls_CAfile = /usr/etc/postfix/ssl/CA/your-cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom 3) You must use *non-encrypted* passwords in your dbmail database to make it all work. best... Mike ----- Original Message ----- From: "gopalakrishnan kamalanathan" <[EMAIL PROTECTED]> To: <dbmail-dev@dbmail.org> Sent: Wednesday, May 04, 2005 1:35 PM Subject: [Dbmail-dev] authentication Do DBMail support any kind of secured user authentication like MD5 or does it support STARTTLS? DBMail document says that it supports MD5, but looking at the code it does not seem to be supporting any kind of secured user authentication. It supports only plain login. Can anyone confirm this? Thanks. Krishna _______________________________________________ Dbmail-dev mailing list Dbmail-dev@dbmail.org http://twister.fastxs.net/mailman/listinfo/dbmail-dev
