3 messages in net.sourceforge.lists.courier-usersRe: [courier-users] ESMTP-SSL: Securi...
FromSent OnAttachments
Belmin FernandezJun 25, 2005 8:22 pm 
Sam VarshavchikJun 25, 2005 8:45 pm 
Gordon MessmerJun 25, 2005 9:00 pm 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:Re: [courier-users] ESMTP-SSL: Security related questions..Actions...
From:Gordon Messmer (yiny@eburg.com)
Date:Jun 25, 2005 9:00:43 pm
List:net.sourceforge.lists.courier-users

Belmin Fernandez wrote:

1) I'm running ESMTPD-SSL and I want to know do I have to run ESMTPD also for other servers to drop local mail?

Yes.

And if I do, how do I disable relay completely on that server? I don't want users to use it but to only be able to use ESMTPD-SSL. I thought using smtpaccess for this might work but from what I understand, that also effects ESMTPD-SSL(?).

The default settings will be mostly suitable. smtpaccess will only grant relaying to some of the RFC reserved networks, which you're probably not using, and AUTH is disabled for esmtpd. What you'll need to do is add LOGIN and PLAIN to the ESMTPAUTH_TLS setting in the esmtpd file. This will allow users to use AUTH only on secured connections.

2) How do I make ESMTPD-SSL to force AUTH login (using password)

If you don't set RELAYCLIENT in smtpaccess, then AUTH is the only way users will be able to relay messages.

from what I read in the FAQ, by default it seems it uses the From address and just makes sure that the user exists?

I'm not sure what gave you that impression, but it's not correct.

I want it to make the user AUTH login and check PAM for the password (like it does for IMAP and POP). If I set AUTH_REQUIRED=1 in ESMTPD-SSL it just gives me an error saying:

You don't really need to set that.

but yet it didn't ask me to login (using Thunderbird to test it out). Is this a client malfunction or a setting I'm missing.

It's a setting you missed.

Edit -> Account settings -> Outgoing Server -> Check "Use name and password" and set "Use secure connection" to either TLS or SSL.

I tried to play with the smtpaccess file also and it still doesn't seem to get it working how I'd like it to.

You don't need to do that either.

Thanks in advance for any help offered!! :-) This is a test server so no urgency.

Once you get things set up the way you want them, I'd start over from scratch and make the smallest number of changes from the default configuration that you can, and still achieve what you want. Setting options while experimenting can lead to odd behavior later.