Server Team 2007-11-20 meeting minutes

Scott Kitterman ubuntu at kitterman.com
Sat Nov 24 18:52:11 UTC 2007


On Saturday 24 November 2007 09:13, Ante Karamatić wrote:
> On Tue, 20 Nov 2007 16:43:08 -0500
>
> Mathias Gug <mathiaz at ubuntu.com> wrote:
> > ivoks gave an update about integrating postfix and dovecot: to goal is
> > to replace saslauthd with dovecot. This means adding 1 or 2 lines to
> > postfix configuration when dovecot is installed. There was some
> > discussion about how this should be done. mathiaz suggested to file a
> > bug against dovecot to track work being done on this.
> >
> > sommer mentioned that the documentation has been updated to use
> > Dovecot SASL.
> >
> > ACTION: ivoks will file a bug about this and will start working on the
> > packaging bits.
>
> https://bugs.edge.launchpad.net/ubuntu/+source/dovecot/+bug/164837
>
> I created debdiff for tasksel. It's more like proof of concept and not
> intended as a real patch for tasksel.
>
> I would like to hear suggestions/comments about the approach we took for
> adding this feature.

It looks like a good start to me.  

I think we need to either provide no plain text mechanisms or provide TLS.  
Since the default setting for smtp_sasl_security_options (noplaintext, 
noanonymous) will not allow plain text mechanisms without TLS, then this is 
safe.

It would be better, if it's achievable, to set up TLS and allow plain text 
(LOGIN and PLAIN) since between those two virtually all mail clients are 
supported.  Perhaps, at a minimum, check for TLS and if it's enabled, add:

postconf -e "smtp_sasl_security_options = noanonymous"
postconf -e "broken_sasl_auth_clients = yes"

The second is needed for supporting some widely deployed mail clients from a 
large proprietary software vendor in Redmond, WA, USA.

I'm not sure if we can get TLS enabled just through tasksel or not.

Scott K




More information about the ubuntu-server mailing list