[Dovecot] FIXED Re: Trouble adding sasl support via dovecot
Charles Marcus
CMarcus at Media-Brokers.com
Mon Mar 12 21:02:55 EET 2012
Since you got it working, I'll just comment on a couple of things...
On Mon, 12 Mar 2012, Richard Troy wrote:
> When I do "postconf-a" it indicates cyrus and dovecot, so I take it that
> means Postfix has been built with sasl support. (I presume this means I
> don't have to compile it from source.)
Correct...
> From the working environ, only listening on port 25, I simply added the
> following (as per directions already cited above):
You really should separate AUTH to the port that is designed for it:
port 587 (aka the 'submission' port/service)... just uncomment it (and
its attendant lines) in master.cf
> The documentation found here:
>
> http://www.postfix.org/TLS_README.html
>
> claims (intimates) that it's not possible to run a site on a self-signed
> certificate,
Where does it state any such thing? I've been using self-signed certs
for 8+years with postfix...
You do have to 'accept' the certs in the clients though, and that cn
scare some users. I've had zero problems with this in Android, and none
in recent versions of iOS, although earlier versions required you to
install the cert manually (could be done using Safari on the iPhone)...
Also, Outlook provides no simple way to Accept a Cert and store it
permanently (Thunderbird does), so unless/until Outlook users import the
Cert, they'll have to accept it each time they fire up Outlook and check
mail.
> And, by the way, what's port 465 all about? Some clients propose that's
> what should be used to send...
It is the *deprecated* SMTPS (smtp over SSL). All modern clients can use
the submission service, but some older versions of Outlook/Outlook
Express can only use 465. It doesn't hurt anything to have it enabled,
but you shoiuld absolutely tell all other clients to use the normal
submissions service (STARTTLS on port 587).
--
Best regards,
Charles
More information about the dovecot
mailing list