Postfix authentication default configuration
Ben Bucksch
linux.news at bucksch.org
Fri Dec 18 16:06:44 UTC 2009
I'm trying to set up a mail server with Ubuntu, Cyrus and Postix, and
need authentication (via sasldb2)
Cyrus works fine, and postfix works and delivers, but I find it
extremely hard to configure SMTP AUTH, due to the Postfix-SASL
connection, incl. chroot.
It's normal for a mail server to not only offer IMAP, but also SMTP to
clients. The new specs [1] say we should use port 587 (not 25) for that,
and *require* authentication on port 587. This allows mail sending to
work even when I'm not connected to the office / my ISP. Therefore, I
(and the specs) consider SMTP AUTH to be basic feature of a mail server.
Unfortunately, it's incredibly hard to configure in Ubuntu. I can't even
find tutorials that get me there, but I don't think I should have to
follow tutorials, it should be configured properly out of the box.
So, I suggest as default config for a mail server:
* sasldb2
(Unix accounts are a bad idea for mail users. More complex setups
like mysql can be easily swapped for sasldb2, once that is working)
* dovecot or cyrus with auth via SASL
* postfix with SMTP auth via SASL
* postfix on port 25 (only for incoming/MX) and port 587 (for
clients, and mandating auth per spec)
* working CRAM-MD5, plaintext login disabled.
This is more or less what the specs require from mail servers these
days. I think that should work out of the box.
And a tutorial which tells how to add users (cyradm, saslpasswd2).
[1] RFC 4409, RFC 5068
More information about the Ubuntu-devel-discuss
mailing list