[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ZMailer SMTP-AUTH

To: darek <darek@cekon.pl>
Subject: Re: ZMailer SMTP-AUTH
From: Matti Aarnio <mea@nic.funet.fi>
Date: Sun, 2 May 2004 14:50:00 +0300
Cc: zmailer@nic.funet.fi
In-Reply-To: <00c701c4302f$1be75c80$0101a8c0@DAREK>; from darek@cekon.pl on Sun, May 02, 2004 at 12:20:35PM +0200
Original-Recipient: rfc822;zmailer-log@nic.funet.fi
References: <00c701c4302f$1be75c80$0101a8c0@DAREK>
Sender: zmailer-owner@nic.funet.fi

On Sun, May 02, 2004 at 12:20:35PM +0200, darek wrote:
> I need SMTP-AUTH for all of my users, do i have to enable "PARAM  MSA-mode"
> i smtpserver???

No.

What you do need is:

PARAM   smtp-auth       # enable if you want to allow SMTP to autenticate
#                       # with the default code against system  /etc/passwd
#                       # (or whatever source  getpwnam() uses for it..)
#

Possibly also this, if you don't want to enforce authentication
under TLS encryption...

PARAM  AUTH-LOGIN-also-without-TLS
#                       # Enable, if the "AUTH LOGIN" is to be allowed to
#                       # be used without running under SSL/TLS security
#                       # envelope.

Possibly:

PARAM  smtp-auth-sasl   # Authentication with SASL[2] mechanisms
PARAM  sasl-mechanisms  LOGIN PLAIN

Read the   http://zmailer.org/man/smtpserver.8zm.html   to see 
some caveats with the SASL codes.    I don't have a setup where
I could test e.g. CRAM-MD authentication.  All my passwords are
md5crypt() hashes...   Reports are welcome.

Oh yes, and you DO NOT list any address spaces in
  smtp-policy.relay*
files.  (Except those that you absolutely want to pass
thru without authentication...)

The MSA-mode (as implemented in ZMailer) isn't quite as complete
implementation of RFC 2476 as I would like to have it.  It doesn't
do quite all things that are specified in this operational mode,
but with recent CVS code, you can have it operational in parallel
with normal SMTP server by means of these two lines:

  PARAM  BindSmtp    any  25
  PARAM  BindSubmit  any  587

(Use "any6" keyword, if you want it to listen on IPv6 port..
 Those port numbers are actually default, so they are not
 necessary to specify..)

> Thanks. darek

-- 
/Matti Aarnio	<mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi

References:
- ZMailer SMTP-AUTH
  - From: "darek" <darek@cekon.pl>

Prev by Date: ZMailer SMTP-AUTH
Next by Date: zmscanner
Prev by thread: ZMailer SMTP-AUTH
Next by thread: zmscanner
Index(es):
- Date
- Thread