|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: SASL user restriction
From: Andreas Winkelmann (ml
awinkelmann.de)
Date: Sun Jun 04 2006 - 11:52:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am Sunday 04 June 2006 17:50 schrieb Gaby vanhegan:
> >> I have SASL working and authenticating in postfix, and over SSL and
> >> TLS quite happily. I have had to go down the getpwent() route for
> >> user authentication, which effectively means that every account with
> >> a password in /etc/passwd can authenticate and send mail. I don't
> >> really want to use sasldb or an SQL backend, if avoidable.
> >>
> >> How can I limit this in postfix to a subset of these users?
> >
> > http://www.postfix.org/RESTRICTION_CLASS_README.html#external
>
> This is indeed one way round it. I was thinking of something that
> was more tied in with with the SASL layer. One idea was to put all
> the users with SMTP-AUTH access into one group, and have SASL only
> permit those accounts. This restriction class still means that
> somebody could spoof the FROM address in the SMTP conversation. I
> really need something with a password, so something in SASL or the
> auth layer would be better.
http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
http://www.postfix.org/postconf.5.html#reject_unauthenticated_sender_login_mismatch
> Is using auxprop in some way going to help at all, in cyrus-sasl?
--
Andreas
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]