Relay smtp a besoin d'une authnetification (non TLS ou SSL)

Bjr,

Devant les centaines de post traitant de pb d'Authentification, et face
à mon immense méconnaissance de la chose..HELP


pb:

srv local sur lan privé sert serveur de mail (POSTFIX
+DOVECOT+Fetchmail) -pas visible sur le net-reste en privé.
Fetchmail collecte de comptes pop chez oleane.fr.com.

les clients auront leurs paramètres changés (arret du pop direct
depuis Outlook par ex.) et passage en imap sur le srv local.

Postfix a : relay_smtp = smtp.oleane....


MAIS ce relay exige une authentification (idem pop). Ce n'est ni TLS ,
ni SSL.

Les docs trouvées un peu partout parle de SASL ...c'est SSL ou pas ??
Et si pas c'est ce dont j'aurais besoin ?

(Aujourd'hui un Outlook qui pop dessus à sa case "ce serveur sortant
requiert une authnetification" cochée avec idem compte entrant)

une courte synthèse de comment faire avec POSTFIX (sur un FEDORA 4)
ne serait pas du luxe .

Merci

oops in English:

I desperatlly seek a good view of dealing with an external relay smtp
on the Isp side requiering simple authentification.

Postfix is running on a local server (FEDORA 4) -Not visible on the
web, strictly local
purpose is :
to collect real mail box at xx@oleane.fr.com with fetchmail.
dealing localy in imap with Dovecot

BUT I do not understand how to make the Postfix make **simple**
authentification (no TLS , NO SSL - same id /pw as POP ).

Thanks a lot

Bonjour,

> I desperatlly seek a good view of dealing with an external relay smtp
> on the Isp side requiering simple authentification.
>
>
> BUT I do not understand how to make the Postfix make **simple**
> authentification (no TLS , NO SSL - same id /pw as POP ).

I went through that recently. There is an excellent article which describes
the steps here:

http://postfix.state-of-mind.de/patr...ilclients.html

Make sure that postfix has been compiled with TLS support as described
in the article above.

Basically, I added the following lines in main.cf:

###############################################
# This is to allow authentication when #
# Postfix acts as a mail client to other mail #
# server for relay. #
###############################################
#
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd

The file sasl_passwd contains the following:

pop3.mail.server your_email@mail.server:your_password

J'espere que cela vous aidera
Bonne chance
Jeff

> I went through that recently. There is an excellent article which describes
> the steps here:
>
> http://postfix.state-of-mind.de/patr...ilclients.html

That documents a single login/passwd scenario.

But how do you do client-side SMTP AUTH when you have multiple senders,
each one with their own login/password combo on the remote ISP's SMTP relay site ?

thank I'll see this.

but..>Make sure that postfix has been compiled with TLS support as
described
in the article above.

looks like chineese for me.

probably the worst part of job, cause (sorry) I've not experience with
such a things.
...NO RPM ??

May be there'is a way to check if my own installation has it ?


For the rest, as a lot of people willbe using the relay.. is this
unique login could be ok ?

Thank you

> For the rest, as a lot of people willbe using the relay.. is this
> unique login could be ok ?

Probably not. For one thing, that account would be held responsible
for everyone else's email indescretions. Another thing is that some
ISP's will automatically change the FROM address to that of the account holder.

> looks like chineese for me.
> I've not experience with such a things.

To be honest, in order to explain everything that's needed here to fully understand
this complex setup, would require typing 2 or 3 chapters of a book.

There are a couple of Postfix books out there that might be of help:

"The Book of Postfix", ISBN 1-59327-001-1
`
"Postfix The Definitive Guide" ISBN 0-596-00212-2


--
Greg

thanks 4 ur help.

It appears, happily, the relay could be pudy cool and lets pass
traffic without auth from within the fai's network.

I just discovered a new feature that's available in the Postfix
2.3 experimental release at ftp://ftp.porcupine.org/mirrors/post...ase/index.html
which I think might be what you are looking for.

It provides for sender-based relay transports maps, and individual sender-based SASL
logins and passwords into multiple ISP mail relays that support SMTP AUTH.

An example configuration:

--< main.cf >--
sender_dependent_relayhost_maps = hash:/etc/postfix/sasl_relay_maps
smtp_sasl_auth_enable = yes
smtp_sender_dependent_authentication = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

--< /etc/postfix/sasl_relay_maps >--
#Sender #ISP Relay hostname
user1@mydomain.com smtp.isp1.net
user2@mydomain.com smtp.isp1.net
user3@mydomain.com mail.isp2.net
# Optional default generic ISP relay
mydomain.com myisp.net

--< /etc/postfix/sasl_passwd >--
# Sender #senders login and password
user1@mydomain.com user1@isp1.net:password
user2@mydomain.com user2@isp1.net:password
user3@mydomain.com user3@isp2.net:password
# Optional default generic ISP relay
mydomain.com logname@myisp.net:password

--
Greg