postfix + sasl

Hello:

I´m beginer, and i tray to install postfix2 and sasl2, do you now any guide
"easy" step by step please, for install and configure this with Suse 9.0.

Thans you

Antonio

María Bermejo García wrote:
> I´m beginer, and i tray to install postfix2 and sasl2, do you now any guide
> "easy" step by step please, for install and configure this with Suse 9.0.

Hey.

There a lots a Postfix+SASL Howto's here:
http://www.postfix.org/docs.html

Regards
Pete

On Fri, 02 Jul 2004 09:06:45 +0200, Peter Richter wrote:

> María Bermejo García wrote:
>> I´m beginer, and i tray to install postfix2 and sasl2, do you now any guide
>> "easy" step by step please, for install and configure this with Suse 9.0.
>
> Hey.
>
> There a lots a Postfix+SASL Howto's here:
> http://www.postfix.org/docs.html

I didn't find the Docs on postfix.org to be ANY help whatsoever.
Parts were out of date, last time I checked, and contained
contradictory info. In fact, every Postfix/SASL "how-to" site
on the web seems to have contradictory info, if you want a SIMPLE
system that just WORKS. If you want a big, over-blown system
with SQL databases, LDAP, and every possible bell & whistle,
there are several good tutorials. But if that's the kind of
system you want, you should be running Windows. ;-)

All I want is for some of our *12* users to be able to log in &
send SMTP mail from a remote computer while traveling. I won't
install encrypted LDAP/SQL/whatever just for that!

IMO- Eventually, adding un-necessary applications & complications
to a Linux/Unix system will turn it into some form of Windows!

Julia Thorne <rimbaldi@nospam.tld> wrote:
> I didn't find the Docs on postfix.org to be ANY help whatsoever.
> Parts were out of date, last time I checked, and contained
> contradictory info.

There were quite a few changes from Postfix 1.x to Postfix 2.x.
I found that most documentation that seemed contradictory was
for different versions, so look for that information if possible.

Furthermore, Postfix supports quite a few options that are more
or less exclusive (E.g. mbox vs. Maildir/, Virtual users vs.
non-virtual users, ...).

> All I want is for some of our *12* users to be able to log in &
> send SMTP mail from a remote computer while traveling. I won't
> install encrypted LDAP/SQL/whatever just for that!

OK, no LDAP/SQL means you configure Postfix to use the users from
the system. (local_recipient_maps = unix:passwd.byname $alias_maps)

If you are using cyrus sasl2 on linux you should configure saslauthd
to use either the 'getpwent' or the 'pam' authentication module.
Configure means that you should simply start saslauthd with the
appropriate parameters (saslauthd -a getpwent). I don't know if Suse
provides some default startup script. If they do you might find some
configuration file in /etc/sysconfig/.

You want at least the following two entries in main.cf so that postfix
actually uses sasl:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous

and you should permit authenticated users to send something early on:
smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
....

> IMO- Eventually, adding un-necessary applications & complications
> to a Linux/Unix system will turn it into some form of Windows!

Then why do you use Suse? ;-)

Hope this helps,
Marc

On Sat, 3 Jul 2004 08:54:27 +0200, Marc Wirth wrote:

> Julia Thorne <rimbaldi@nospam.tld> wrote:
>> I didn't find the Docs on postfix.org to be ANY help whatsoever.
>> Parts were out of date, last time I checked, and contained
>> contradictory info.
>
> There were quite a few changes from Postfix 1.x to Postfix 2.x.
> I found that most documentation that seemed contradictory was
> for different versions, so look for that information if possible.

Sorry (I was being too brief), I didn't mean the docs for postfix
itself, I just meant the docs regarding SASL. SASL doesn't install
itself into the folders that the docs claim. And that's only the
*first* problem.

> OK, no LDAP/SQL means you configure Postfix to use the users from
> the system. (local_recipient_maps = unix:passwd.byname $alias_maps)

No, Postfix doesn't have any way to do that for SENDING email. If
it did, nobody would need SASL in the first place. It's one of
the biggest holes in Postfix. The POP3 daemon has no trouble at
all understanding a login by a system user, and allowing that
user to access his mailbox. But Postfix has absolutely no way
to do that without an add-on like SASL or some awkward Kluge like
POP-before-SMTP.

> If you are using cyrus sasl2 on linux you should configure saslauthd
> to use either the 'getpwent' or the 'pam' authentication module.
> Configure means that you should simply start saslauthd with the
> appropriate parameters (saslauthd -a getpwent).

Yup, that's in the docs. Didn't work. Postfix died. But although
I appreciate your reply and your helpful attitude, I'm not looking
for more advice on how to configure SASL, I read everything on the
Net about it, even step-by-step instructions for my specific
distro. I've found another method, for now, w/out SASL. :-)
But I genuinely DO appreciate your reply & the helpful info.

I just meant to make a comment on how BAD the available docs are.
It's not a criticism of Postfix or any one person... It was just
a little rant on how much I HATE the slapdash way that most *nix
documentation is written. The Tower of Babel had the same shit,
and where is it now?

</rant> Sorry. :-)

>> IMO- Eventually, adding un-necessary applications & complications
>> to a Linux/Unix system will turn it into some form of Windows!

> Then why do you use Suse? ;-)

I don't. I use Trustix. I think the O.P. of this thread mentioned
using Suse. But I still think that the *nix world can fall prey to
the same habit that plagues Windows Apps: Start with something
good and useful, then keep adding un-necessary features until it's
totally unuseable. Then sell the company to Microsoft, for burial.

Oops, sorry... </rant>

Julia Thorne <rimbaldi@nospam.tld> wrote:
> Sorry (I was being too brief), I didn't mean the docs for postfix
> itself, I just meant the docs regarding SASL. SASL doesn't install
> itself into the folders that the docs claim. And that's only the
> *first* problem.

I suspect you used precompiled packages? In my experience it's much
better to compile/package stuff on your own. Many package tools simply
ignore some of the useful documentation included in the original
sources... (latest example: networkupstools.com includes a UPGRADE text.
Guess how many packages contain that file.).

My main problem with sasl2 was that I wanted to use the rimap
authentication since I already had IMAP set up and running but sasl2 had
a bug so that you had to specify the -O option BEFORE the -a option.
That was fixed a few versions later.

Ah well, experience is what you get when you don't get what you want.

> No, Postfix doesn't have any way to do that for SENDING email.

That's not limited to Postfix, is it? SMTP simply never got a decent
authentication mechanism.

> I've found another method, for now, w/out SASL. :-)

Interesting, could you elaborate a bit on what you use?

> I don't. I use Trustix. I think the O.P. of this thread mentioned
> using Suse.

Sorry, got that mixed up.

> But I still think that the *nix world can fall prey to
> the same habit that plagues Windows Apps: Start with something
> good and useful, then keep adding un-necessary features until it's
> totally unuseable. Then sell the company to Microsoft, for burial.

I'm not familiar with Trustix, but I've given up on Fedora, Suse and
some other Linux distros. I'm mainly using OpenBSD and NetBSD for that
very reason. I pray that they won't fall for featuritis anytime soon...

Oops, following a rant with one of my own ... :-)

Marc

>
> I´m beginer, and i tray to install postfix2 and sasl2, do you now any
guide
> "easy" step by step please, for install and configure this with Suse 9.0.
>

"easy" is probably not the best thing to have in mind when you start that
kind setup but anyways i use an awesome tutorial for postfix2 / virutal
mailbox / sasl2 / smtp auth / tls / spamfilter / virus, and it always worked
great

it's for debian but most of the config files should be quite the same on
suse, on different locations that is..

http://workaround.org/articles/ispmail-sarge/


SMTP Auth detail :
this version of the tutorial now uses auxprop for smtp authentication, so
you can use the current sasl2 packages, no need to go back to sasl2 v2.1.15
because of username broken login strings..