Christian Benke
2013-Mar-18 12:08 UTC
[Dovecot] SMTP Client authentication to remote Postfix/Dovecot
Hello! This is probably another basic question and i'm not even sure if it's something where Dovecot is involved, but i'll give it a shot. So i've setup Postfix with Dovecot and system-auth on my remote server. So far it looks like everything is working fine and dandy via SASL(PLAIN) and TLS. I'm just not happy about my local SMTP client settings. I'm going to try to work with mutt in the future, so i need a local MTA - i've decided to try it with Postfix. This works so far and i can send mails with mutt. However - my setup relies on smtp_sasl_password_maps for authentication. I'm not too happy to have plaintext-passwords of remote systems lying around on my local filesystem. It doesn't really ease my mind that the file is readable by root only, this doesn't help if my laptop's harddisk gets mounted elsewhere. Are there alternatives or better ways to do SMTP authentication? http://www.postfix.org/SASL_README.html#server_cyrus_comm says:> saslauthd can verify the SMTP client credentials by using them to log into an IMAP serverSo i have my mutt-client which is logged in to the remote Dovecot IMAP. Mutt uses the local MTA to send the mail. Is there some way to tell the local postfix or a local dovecot to authenticate the SMTP-Session via the existing IMAP-login? Or some other way where i at least don't rely on plaintext passwords but secure, encrypted hashes? Sorry if this is a redundant thread, "smtp client" authentication site:dovecot.org/list' and the likes are not exactly the most rewarding or unique search terms unfortunately. Thanks, Christian -- Central Asia by bike, starting May 2013 - http://poab.org
Christian Benke
2013-Mar-19 09:47 UTC
[Dovecot] SMTP Client authentication to remote Postfix/Dovecot
Follow up - Looks like a private VPN is the best solution to tackle this: http://article.gmane.org/gmane.mail.postfix.user/235903 On 18 March 2013 13:08, Christian Benke <benkokakao at gmail.com> wrote:> Hello! > > This is probably another basic question and i'm not even sure if it's > something where Dovecot is involved, but i'll give it a shot. > > So i've setup Postfix with Dovecot and system-auth on my remote > server. So far it looks like everything is working fine and dandy via > SASL(PLAIN) and TLS. > > I'm just not happy about my local SMTP client settings. I'm going to > try to work with mutt in the future, so i need a local MTA - i've > decided to try it with Postfix. > This works so far and i can send mails with mutt. However - my setup > relies on smtp_sasl_password_maps for authentication. > > I'm not too happy to have plaintext-passwords of remote systems lying > around on my local filesystem. It doesn't really ease my mind that the > file is readable by root only, this doesn't help if my laptop's > harddisk gets mounted elsewhere. > > Are there alternatives or better ways to do SMTP authentication? > > http://www.postfix.org/SASL_README.html#server_cyrus_comm says: >> saslauthd can verify the SMTP client credentials by using them to log into an IMAP server > > So i have my mutt-client which is logged in to the remote Dovecot > IMAP. Mutt uses the local MTA to send the mail. Is there some way to > tell the local postfix or a local dovecot to authenticate the > SMTP-Session via the existing IMAP-login? Or some other way where i at > least don't rely on plaintext passwords but secure, encrypted hashes? > > Sorry if this is a redundant thread, "smtp client" authentication > site:dovecot.org/list' and the likes are not exactly the most > rewarding or unique search terms unfortunately. > > Thanks, > Christian > > > -- > Central Asia by bike, starting May 2013 - http://poab.org