Re: admin GUI for Postfix (was: Re: Setup SMTP authentication ...)
Well, I'm making a kind of GUI because it must be implemented in another product. Anyway, coming back to my old question, I think I'm ok with SMTP authentication. Now I've just to setup how to change the encryption (SSL or TLS) and then I'm happy :p
Re: admin GUI for Postfix (was: Re: Setup SMTP authentication ...)
On Mon, Feb 08, 2010 at 04:49:44PM +, Michele Carandente wrote: Well, I'm making a kind of GUI because it must be implemented in another product. Anyway, coming back to my old question, I think I'm ok with SMTP authentication. Now I've just to setup how to change the encryption (SSL or TLS) and then I'm happy :p It is not SSL *or* TLS, it is SSL/TLS, the two are the same, just different revision levels of a single protocol: SSL 2 - Obsolete Netscape SSL protocol SSL 3 - Version 3.0 of the SSL protocol TLS 1.0 - Version 3.1 of the SSL protocol an IETF standard TLS 1.1 - Version 3.2 of the SSL protocol an IETF standard TLS 1.2 - Version 3.3 of the SSL protocol an IETF standard You can safely disable SSLv2. Now there is also a separate question of how SSL/TLS is used, STARTTLS versus wrapper-mode. See a recent post by Noel Jones in the list archive. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: admin GUI for Postfix (was: Re: Setup SMTP authentication ...)
On Mon, Feb 08, 2010 at 05:22:41PM +, Michele Carandente wrote: smtp_tls_cert_file = /etc/postfix/smtpd.cert smtp_tls_key_file = /etc/postfix/smtpd.key Set these empty, you don't need them. smtp_use_tls = yes Obsolete, set: smtp_tls_security_level = may smtp_tls_scert_verifydepth = 9 Don't set this to the default, just leave it out, unless you want a smaller value for some reason. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: admin GUI for Postfix (was: Re: Setup SMTP authentication ...)
Thanks Victor for your answer.
Well in this case with my configuration I don't need to specify in the
GUI which kind of encryption...
I've tried with this configuration with gmail, hotmail, yahoo and
another private server that doesn't need the encryption and it's
always working with the same configuration:
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_security_level = may
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_cert_file = /etc/postfix/smtpd.cert
smtp_tls_key_file = /etc/postfix/smtpd.key
smtp_use_tls = yes
smtp_tls_scert_verifydepth = 9
smtp_tls_loglevel = 1
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_security_options
smtp_sasl_auth_enable = yes
smtp_sender_dependent_authentication = yes
If somebody can see some errors in this configuration, please let me know...
Thanks
Michele
