Re: lmtp over SSL - lmtps ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Olaf Fraczyk schrieb: > Encrypting only the autenthication is the best (CPU utilization) and is > enough for me. > Do you know any Howto or FAQ where I can find something how to configure > postfix and cyrus with non-plaintext authentication (the delivery > between postfix and cyrus only of course). I found this yesterday when I tried to configure my postfix to use lmtp authentication: http://www.irbs.net/internet/info-cyrus/0110/0258.html Maybe this helps. PS: You can override your global sasl options in cyrus with lmtp specific options, like lmtp_sasl_pwcheck_method and lmtp_sasl_mech_list. Regards, Peter -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFCKJVecKsx5K5ighwRAhvlAKCh19LdJDfSQz/WTOkfYaWFBNJ7+gCeL3S4 zsJ2EAO8Y6t2Y5nfbLL2mYQ= =FArh -END PGP SIGNATURE- --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: lmtp over SSL - lmtps ?
Olaf Fraczyk wrote: On Wed, 2005-03-02 at 13:23 -0500, Ken Murchison wrote: Olaf Fraczyk wrote: Hi, Is there any way to make communication in a secure way using lmtp? I would like to have postfix and cyrus on separate machines. Do you really want to encrypt *all* of the traffic or just the authentication information? Your email is most likely getting to Postfix in plaintext anyways. lmtpd will support non-plaintext authentication methods (and should support TLS+PLAIN) Encrypting only the autenthication is the best (CPU utilization) and is enough for me. Do you know any Howto or FAQ where I can find something how to configure postfix and cyrus with non-plaintext authentication (the delivery between postfix and cyrus only of course). Cyrus does it out of the box, provided SASL is configured correctly. As far as Postfix, that is a question which I don't have an answer to. You should take that to the Postfix forum(s). -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: lmtp over SSL - lmtps ?
On Wed, 2005-03-02 at 13:23 -0500, Ken Murchison wrote: > Olaf Fraczyk wrote: > > Hi, > > > > Is there any way to make communication in a secure way using lmtp? > > I would like to have postfix and cyrus on separate machines. > > Do you really want to encrypt *all* of the traffic or just the > authentication information? Your email is most likely getting to > Postfix in plaintext anyways. > > lmtpd will support non-plaintext authentication methods (and should > support TLS+PLAIN) > Encrypting only the autenthication is the best (CPU utilization) and is enough for me. Do you know any Howto or FAQ where I can find something how to configure postfix and cyrus with non-plaintext authentication (the delivery between postfix and cyrus only of course). Regards, Olaf -- Olaf Fraczyk <[EMAIL PROTECTED]> NAVI --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: lmtp over SSL - lmtps ?
Putting private LAN (VLAN) between these two servers seems to be simplest alternative (ie. granting physical security). Using VPN or IPsec seems more complicated, but also usable. And in both cases you will gain more then just LMTP security. Ondrej. > > Is there any way to make communication in a secure way using lmtp? > > I would like to have postfix and cyrus on separate machines. > > Do you really want to encrypt *all* of the traffic or just the > authentication information? Your email is most likely getting to > Postfix in plaintext anyways. > > lmtpd will support non-plaintext authentication methods (and should > support TLS+PLAIN) > -- Ondrej Sury <[EMAIL PROTECTED]> --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: lmtp over SSL - lmtps ?
On Wed, Mar 02, 2005 at 10:03:04AM -0800, Andrew Morgan wrote: > > On Wed, 2 Mar 2005, Olaf Fraczyk wrote: > > >Hi, > > > >Is there any way to make communication in a secure way using lmtp? > >I would like to have postfix and cyrus on separate machines. > > We run postfix and cyrus on separate machines. On the cyrus machine, we > use tcp-wrappers to permit lmtp connections from only our postfix machines > (so malicious users cannot inject messages directly). > > I don't see a reason to encrypt the lmtp connection, but maybe that's a > requirement in your case. The DIGEST-MD5 SASL mechanism has support for data encryption if requested by the client, perhaps lmtp could use it. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: lmtp over SSL - lmtps ?
Olaf Fraczyk wrote: Hi, Is there any way to make communication in a secure way using lmtp? I would like to have postfix and cyrus on separate machines. Do you really want to encrypt *all* of the traffic or just the authentication information? Your email is most likely getting to Postfix in plaintext anyways. lmtpd will support non-plaintext authentication methods (and should support TLS+PLAIN) -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: lmtp over SSL - lmtps ?
On Wed, 2 Mar 2005, Olaf Fraczyk wrote: Hi, Is there any way to make communication in a secure way using lmtp? I would like to have postfix and cyrus on separate machines. We run postfix and cyrus on separate machines. On the cyrus machine, we use tcp-wrappers to permit lmtp connections from only our postfix machines (so malicious users cannot inject messages directly). I don't see a reason to encrypt the lmtp connection, but maybe that's a requirement in your case. Andy --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: lmtp over SSL - lmtps ?
On Wed, 02 Mar 2005 10:15:16 +0100 Olaf Fraczyk <[EMAIL PROTECTED]> wrote: > Hi, > > Is there any way to make communication in a secure way using lmtp? > I would like to have postfix and cyrus on separate machines. > I would suggest you take a look at stunnel ( www.stunnel.org ) - which is a general purpose SSL "wrapper". It will allow you to forward a local port over SSL to another computer, which in turn wraps it back to the LMTP port. Best regards, Jesper K. Pedersen SolNet Data Service Tel: +45 98933167 Fax: +45 98933161 WEB: http://www.solnet-data.dk -- Carpe Aptenodytes! --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
