[Dovecot] Postfix-TLS/SASL-rimap

Benjamin J. Weiss benjamin at Weiss.name
Wed Sep 22 05:03:46 EEST 2004 

On Tue, 21 Sep 2004, Daniel L. Miller wrote:

> Timo Sirainen wrote:
> 
> > On 19.9.2004, at 04:41, Daniel L. Miller wrote:
> >
> >> Will Dovecot support the Cyrus SASL library rimap mechanism?  If so, 
> >> is there anything I need to enable/verify for it to work?
> >
> >
> > No. 
> 
> Waaah.
> 
> > Is it useful feature? 
> 
> Maybe - I haven't used it yet!
> 
> > Why not just use sql/ldap/whatever?
> 
> I may do so.  I'm trying to setup our mail environment with as little 
> overhead as possible.  At the moment, Postfix and Dovecot are retrieving 
> user information from the passwd file.  I wanted to add TLS/SASL access 
> for remote clients to send via our Postfix server - and I didn't want to 
> have to maintain a parallel user database just for that.  But I may look 
> at setting up an SQL/LDAP backend for these services - I didn't see the 
> need with our small user pool.
> 

You can set up postfix so that it's SMTP-AUTH mechanism checks against the 
passwd/shadow files over TLS.  I just did it, in fact.  

You can see my rough, unfinished notes (I don't even have the server fully 
in production yet.  It's intended to replace the one I'm now using, but so 
far testing with Thunderbird seems to work) here:

http://www.benjamin.weiss.name/www-birdvet-org.html

I give no explanations, as this was mainly a way for me to keep notes as I 
set up the box, and I was *very* tired near the end and may have missed 
some steps that I took.  Use at your own risk.

Basically, I'm setting up a mail server that uses TLS for both the 
SMTP-AUTH (which allows me to send email from anywhere in the world and 
not have to worry about being an open relay) and imap (so I can get and 
read my email similarly).  I'm not worried about the CRAM-MD5 or anything 
and use plain authentication for two reasons:

1) Since the communication is encrypted in TLS, nobody can read my 
password anyways, and

2) plain authentication allows both postfix and dovecot to authenticate 
against my passwd/shadow files, so I don't have to maintain a separate 
SASL database.  Since I only have 6 users, this is the way I prefer to do 
it. :)

Good luck!

Ben

More information about the dovecot mailing list