Dear Patrick,
Many many Thanks Patrick, yes I have backend servers of CommuniGate Pro where all the mailboxes exists, but I don't know how to tell postfix to use these server, is there any built-in configuration files for such scenario. Ejaz -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Patrick Ben Koetter Sent: Saturday, January 22, 2011 11:16 AM To: postfix-users@postfix.org Subject: Re: authentication * Ejaz <me...@cyberia.net.sa>: > Thanks a lot for your help, would you please tell me in order to achieve as > I said below, does it requires to maintain the local database (username > and password of email accounts) in sql database or in a flat file, First: Cyrus SASL does not necessarily require you to maintain a local authentication database. If you already have a database that keeps usernames and passwords, I recommend you find a way to reuse that database because it simplifies maintaince. Cyrus SASL gives you some connectors to access SQL servers, LDAP servers and other backends. If you want to use a local database, choose the type of database suites your needs the best. sasldb sasldb is the easiest to use. Use the saslpasswd2 utility to create and maintain the database. sql You can use a MySQL, sqlite3 or PostgreSQL server. Setup the database, create a database schema and configure the SELECT statement in Cyrus SASLs smtpd.conf configuration file. p@rick > -----Original Message----- > From: owner-postfix-us...@postfix.org > [mailto:owner-postfix-us...@postfix.org] On Behalf Of Patrick Ben Koetter > Sent: Wednesday, January 19, 2011 9:44 AM > To: postfix-users@postfix.org > Subject: Re: authentication > > > > * Ejaz <me...@cyberia.net.sa>: > > > We are and ISP our mail environment is follows > > > > > > Front End Mail server =: (postfix/mailscanner/clamav/spamasssin) where > there > > > are no actual mailboxes, just role of this server is to filter the > incoming > > > and outgoing email. After that all the incoming emails will sent to the > its > > > actual server based on mail routing configuration which is transport file, > > > and for outgoing there is restriction, > > > > > > Back End Mail server =: (CommuniGate Pro) where all the mailboxes > exists, > > > but there is no powerful filters in it to control the spam and virus > emails > > > > > > Therefore we are trying to setup postfix to authenticate and relay message > > > from traveling users (the users who connecting to postfix from outside our > > > network and IP range). Who should be able to relay their emails through > > > front end server only once they check mark the option called "my serves > > > required an authentication" in their outlook? > > > > > > Is there any way to do that in postfix, please help and suggestion will be > > > highly appreciated > > > > You want to read <http://www.postfix.org/SASL_README.html#server_sasl>. The > > document describes how to setup SMTP AUTHentication in the Postfix smtpd > > server. > > > > I take it your systems user identities (username, password) are not stored > on > > the gateway, but somewhere else. Use the table in > > <http://www.postfix.org/SASL_README.html#server_cyrus_comm> to find the best > > way how Cyrus SASL can access these data. > > > > If you have passwords stored in plaintext (not encrypted) you may offer the > > SASL mechanisms NTLM and DIGEST-MD5 to Outlook users. If you store passwords > > encrypted only offer PLAIN and LOGIN. LOGIN will work well for Outlook > > clients, but PLAIN and LOGIN should be shielded with a TLS encrypted SMTP > > session. > > > > Read <http://www.postfix.org/TLS_README.html#server_tls> in case you are > also > > going to provide TLS. > > > > p@rick > > > > > > -- > > All technical questions asked privately will be automatically answered on > the > > list and archived for public access unless privacy is explicitely required > and > > justified. > > > > saslfinger (debugging SMTP AUTH): > > <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> > > > > > -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
