SMTP Authentication and TLS

8 posts / 0 new
Last post
#1 Sat, 10/01/2005 - 14:02
ADobkin

SMTP Authentication and TLS

SMTP authentication is a requirement in many virtual hosting environments these days, since most ISPs and other internet access points (hotels, wireless "hot spots", etc.) now block normal SMTP port 25. Further, TLS is highly recommended to prevent authentication data from being sent unencrypted on the Internet.

Setting these up manually can be difficult and prone to error, and they are very specific to the selected mail server (MTA) and operating system, due to different implementations of PAM, SASL libraries, etc. This would be a welcome feature to have automatically configured in Virtualmin Professional.

Here are a few important links for reference:

<UL> <LI><A HRef="http://www.FAQs.org/rfcs/rfc2554.html">RFC 2554 - SMTP Service Extension for Authentication</A></LI> <LI><A HRef="http://www.postfix.org/SASL_README.html">Postfix SASL Howto</A></LI> <LI><A HRef="http://www.postfix.org/TLS_README.html"></A>Postfix TLS Support</LI> <LI><A HRef="http://postfix.state-of-mind.de/patrick.koetter/smtpauth/"></A>Postfix SMTP AUTH (and TLS) HOWTO</LI> <LI><A HRef="http://www.sendmail.org/~ca/email/auth.html">SMTP AUTH in sendmail 8.10-8.13</A> (for future reference, given that postfix is currently the supported MTA)</LI> </UL>

Sat, 10/01/2005 - 14:08
ADobkin

It looks like a couple of the links I posted didn't make it through. Here they are again:

&lt;UL&gt;
&lt;LI&gt;&lt;A HRef=&quot;http://www.postfix.org/TLS_README.html&quot;&gt;Postfix TLS Support&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A HRef=&quot;http://postfix.state-of-mind.de/patrick.koetter/smtpauth/&quot;&gt;Postfix SMTP AUTH (and TLS) HOWTO&lt;/A&gt;&lt;/LI&gt;
&lt;/UL&gt;

Mon, 10/03/2005 - 15:20
Joe
Joe's picture

Hey Alan,

Thanks for the feedback. I agree with you. TLS and SASL are definite must-haves. I am working to add their configuration to the installer, using a self-signed cert to start with, and we'll add a form to Webmin drop in a server-wide cert that will apply to Webmin https connections to the system hostname, SMTP connections, and pop3s/imaps connections.

In the short term, I expect SASL (no TLS) to appear in the EA3 installer release (EA2 is already overdue, so it's in feature freeze and I'm just busy making it work on the extra platforms). TLS will appear in EA4, along with the cert installation form.

--

Check out the forum guidelines!

Tue, 10/04/2005 - 05:11 (Reply to #3)
ADobkin

Joe,

Thanks for the confirmation and other info. Your certificate plans and EA release roadmap sound very reasonable. I certainly didn't expect these features in EA2, and I am looking forward to all of the upcoming EA releases.

Thanks,
Alan

Wed, 11/16/2005 - 09:51
ChrisBlackwell

Is SASL still on for EA3, and if so when is that likely to arrive? Also will we be able to upgrade existing installations, or will they break ?

Wed, 11/16/2005 - 15:03
Joe
Joe's picture

Yep. These changes are still on schedule (but nothing else is!) for EA3/EA4.

EA2 is so close to release it's not worth talking about, but I've been thinking that for three weeks. SUSE is my nemesis, of late, but I've finally gotten the SSL issues worked out with Jamie's help (and new code in Webmin to detect things correctly from SUSEs oddball /etc/sysconfig/apache2 configuration file), so I think we're really gonna get there this time. If I can just figure out how yast makes system upgrade decisions...I'll run it once and it will pick up everything but have a few dependency problems (my fault, due to some of our custom packages), and then I'll fix the dep problems in the packages, re-run the update and it will show only one package to be updated (despite there being a dozen on the previous run, none of which got updated and most of which were from the official SUSE sources, so I know they aren't or shouldn't be broken), and folks on the SUSE support lists have no clue how any of it works. I hate mysterious software. It's a hard life. But don't mine me, I'm just pining for yum. ;-)

So anyway, TLS and SASL are coming soon to a Virtualmin near you. It will probably even make it into a post-EA2-but-pre-EA3 release. I've been sneaking point releases out every couple of weeks, just to get user feedback on various changes to the installer. A new one with x86_64 support for the current RH based platforms will go out today, I think, unless I expect to finish EA2 within a few hours of completing that.

--

Check out the forum guidelines!

Thu, 11/17/2005 - 08:43 (Reply to #6)
MikeBratton

Joe,

I'm kind of off subject here but is Debian support in EA2? I have a server I'd like to run it on.

Tue, 11/29/2005 - 04:57
ChrisBlackwell

Hi Joe,

I just saw your entry in the bug tracker for[a href=&quot;http://www.virtualmin.com/bug-tracker/bug?bug%5fnumber=147&quot;&gt;SASL Setup&lt;/a&gt; Is it safe to manually setup SASL using those instructions, or will it cause problems when its added to virtualmin ?

Topic locked