From owner-freebsd-questions@FreeBSD.ORG Mon Feb 14 08:56:45 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 287E316A4CE for ; Mon, 14 Feb 2005 08:56:45 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id B220943D58 for ; Mon, 14 Feb 2005 08:56:44 +0000 (GMT) (envelope-from bsdmail@gmail.com) Received: by wproxy.gmail.com with SMTP id 58so1777108wri for ; Mon, 14 Feb 2005 00:56:41 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=PCUmeSXpecgoR0tlAssvQyc0Guz8bY09IR03/LEZBZiryNK6XlUgzPB5kpKAemslJoGZmz1nrotu4MhtTIDEO744CDs9KQBpeu9gfHYsYc7/APX4zPARjdTkTK+GzDIKYMYPMwmi1BZpW36YsVA7HA82PtwT5yjXnSE/wajE6a4= Received: by 10.54.4.79 with SMTP id 79mr10312wrd; Mon, 14 Feb 2005 00:56:41 -0800 (PST) Received: by 10.54.3.62 with HTTP; Mon, 14 Feb 2005 00:56:41 -0800 (PST) Message-ID: <8be663db0502140056105c9196@mail.gmail.com> Date: Mon, 14 Feb 2005 00:56:41 -0800 From: BSD Mail To: FreeBSD-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Postfix + Auth + SSL + pop3s/imaps X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: BSD Mail List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Feb 2005 08:56:45 -0000 Greetings, I have a 5.3 Server. I'm planning to install Postfix. I'm planning to use the Maildir format. I'm going to generate my own SSL certificates for mail and use it for smpts/imaps/pop3s. But I'm not sure what to use for authentication. I need to have the mail users/password seperated from the system user/password. Because some users will only have mail accounts and they won't have any shell access. I read about different auth mechanism and I know for sure that Plain Login is not what I want. I need DIGEST-MD5. I'm looking for something easier than SASL to configure. On my test server I tried to configure SASL and couldn't get DIGEST-MD5 to work. Any suggestion ? Someone mentioned that I shouldn't worry about the authentication if it's Plain or Login because I'm going to use SSL and that would encrypt both Login and the data channel. I'm not sure if this is 100% true. Any idea ? Last but not least, I'm going to add on top of all that a webmail. probably Openwebmail or squirrelmail. Which one of them would work better with all what I mentioned earlier: - Auth DIGEST-MD5 - Maildir - SSL - dovecot I was checking one of squirrelmail password plugins and I read this sentence: "Cyrus SASL includes a shell utility called "saslpasswd" for manipulating user passwords in the "sasldb" database. This patch attempts to use this utility to perform password manipulations required by your squirrelmail users without any administrative interaction. Unfortunately, this scheme requires that the "saslpasswd" utility be run as the "cyrus" user - a horrible security problem since we have chosen to SUID a small script which will allow this to happen." I'm pretty confused about the authentication method to use. I'm trying to run everything as secure as possible. I configured Postfix to run chrooted. and I'm going to use SSL for sure. What auth should I choose for smtp ? -- Regards,