Re: admin GUI for Postfix (was: Re: Setup SMTP authentication ...)
Well, I'm making a kind of GUI because it must be implemented in another product. Anyway, coming back to my old question, I think I'm ok with SMTP authentication. Now I've just to setup how to change the encryption (SSL or TLS) and then I'm happy :p
Re: admin GUI for Postfix (was: Re: Setup SMTP authentication ...)
On Mon, Feb 08, 2010 at 04:49:44PM +, Michele Carandente wrote: Well, I'm making a kind of GUI because it must be implemented in another product. Anyway, coming back to my old question, I think I'm ok with SMTP authentication. Now I've just to setup how to change the encryption (SSL or TLS) and then I'm happy :p It is not SSL *or* TLS, it is SSL/TLS, the two are the same, just different revision levels of a single protocol: SSL 2 - Obsolete Netscape SSL protocol SSL 3 - Version 3.0 of the SSL protocol TLS 1.0 - Version 3.1 of the SSL protocol an IETF standard TLS 1.1 - Version 3.2 of the SSL protocol an IETF standard TLS 1.2 - Version 3.3 of the SSL protocol an IETF standard You can safely disable SSLv2. Now there is also a separate question of how SSL/TLS is used, STARTTLS versus wrapper-mode. See a recent post by Noel Jones in the list archive. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: admin GUI for Postfix (was: Re: Setup SMTP authentication ...)
On Mon, Feb 08, 2010 at 05:22:41PM +, Michele Carandente wrote: smtp_tls_cert_file = /etc/postfix/smtpd.cert smtp_tls_key_file = /etc/postfix/smtpd.key Set these empty, you don't need them. smtp_use_tls = yes Obsolete, set: smtp_tls_security_level = may smtp_tls_scert_verifydepth = 9 Don't set this to the default, just leave it out, unless you want a smaller value for some reason. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: admin GUI for Postfix (was: Re: Setup SMTP authentication ...)
Thanks Victor for your answer. Well in this case with my configuration I don't need to specify in the GUI which kind of encryption... I've tried with this configuration with gmail, hotmail, yahoo and another private server that doesn't need the encryption and it's always working with the same configuration: smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_CAfile = /etc/postfix/cacert.pem smtpd_tls_auth_only = no smtpd_tls_security_level = may smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = noanonymous smtpd_tls_received_header = yes smtpd_tls_loglevel = 1 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_CAfile = /etc/postfix/cacert.pem smtp_tls_cert_file = /etc/postfix/smtpd.cert smtp_tls_key_file = /etc/postfix/smtpd.key smtp_use_tls = yes smtp_tls_scert_verifydepth = 9 smtp_tls_loglevel = 1 smtp_sasl_tls_security_options = $smtp_sasl_security_options smtp_sasl_tls_verified_security_options = $smtp_sasl_security_options smtp_sasl_auth_enable = yes smtp_sender_dependent_authentication = yes If somebody can see some errors in this configuration, please let me know... Thanks Michele