[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Sun, May 02, 2004 at 12:20:35PM +0200, darek wrote:
> I need SMTP-AUTH for all of my users, do i have to enable "PARAM  MSA-mode"
> i smtpserver???


What you do need is:

PARAM   smtp-auth       # enable if you want to allow SMTP to autenticate
#                       # with the default code against system  /etc/passwd
#                       # (or whatever source  getpwnam() uses for it..)

Possibly also this, if you don't want to enforce authentication
under TLS encryption...

PARAM  AUTH-LOGIN-also-without-TLS
#                       # Enable, if the "AUTH LOGIN" is to be allowed to
#                       # be used without running under SSL/TLS security
#                       # envelope.


PARAM  smtp-auth-sasl   # Authentication with SASL[2] mechanisms
PARAM  sasl-mechanisms  LOGIN PLAIN

Read the   http://zmailer.org/man/smtpserver.8zm.html   to see 
some caveats with the SASL codes.    I don't have a setup where
I could test e.g. CRAM-MD authentication.  All my passwords are
md5crypt() hashes...   Reports are welcome.

Oh yes, and you DO NOT list any address spaces in
files.  (Except those that you absolutely want to pass
thru without authentication...)

The MSA-mode (as implemented in ZMailer) isn't quite as complete
implementation of RFC 2476 as I would like to have it.  It doesn't
do quite all things that are specified in this operational mode,
but with recent CVS code, you can have it operational in parallel
with normal SMTP server by means of these two lines:

  PARAM  BindSmtp    any  25
  PARAM  BindSubmit  any  587

(Use "any6" keyword, if you want it to listen on IPv6 port..
 Those port numbers are actually default, so they are not
 necessary to specify..)

> Thanks. darek

/Matti Aarnio	<mea@nic.funet.fi>
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi