> On 5/13/2010 12:57 PM, Victor Duchovni wrote: > > On Thu, May 13, 2010 at 12:19:04PM -0400, Kaleb Hosie wrote: > > > >> Hello, > >> In our environment, we have a postfix server that receives > mail and > >> forwards only the HAM onto Exchange. > >> > >> I have several users that are using notebooks and looking > to send and > >> receive mail remotely. I have Exchange setup to allow IMAP > >> connections and forwarded the port on the firewall. > >> > >> As you can imagine, the problem is with SMTP > authentication. When a > >> user sends an email from a remote location, I would like for it to > >> require authentication. What's the best way to do that in > an Exchange environment? > > > > I would use a PAM Kerberos module, that uses the provided > password to > > obtain (and verify against the server's keytab) a Kerberos ticket > > issued by Microsoft's Active Directory. > > > > To avoid having to populate AD accounts into /etc/passwd on the > > server, you can use a custom passwd file for the SMTP SASL module > > > > smtpd.conf: > > pwcheck_method: saslauthd > > mech_list: PLAIN > > > > $ ps -e -o args | grep sasl > > saslauthd -m /var/run/saslauthd -a pam > > > > /etc/pam.d/smtp: > > auth requisite pam_krb5.so auth_only > > account required pam_localuser.so > file=/etc/postfix/saslusers > > password required pam_deny.so > > session required pam_deny.so > > > > /etc/postfix/saslusers: > > joeuser:x:99:99:SASL user:/: > > freduser:x:99:99:SASL user:/: > > ... > > > > You'll also need keys for "host/<servername>@EXAMPLE.COM" where > > "EXAMPLE.COM" is your AD Kerberos realm and "servername" is the > > hostname of your Postfix SMTP server. These should be in > /etc/krb5.keytab. > > > > *bows before the master* > Seconded.
Thanks for your help Victor! This was the first time doing this task on Postfix so I wasn't confident in what I was doing. I also found this site that helped me out with some of the configuration questions I had: http://www.facebook.com/topic.php?uid=5364518177&topic=6425 The example was performed on Centos which was a great help to me.
smime.p7s
Description: S/MIME cryptographic signature
