Securing Postfix - two questions lead the way to Trusted Catalysts
Adam and I (mostly Adam) are working to get postfix configured to run virtual domains in a secure configuration. Along the way, we have come across two challenges and would appreciate some ideas, feedback or insights (links, experience, whatever):
1. Is there any way to setup postfix + sasl to use both CRAM-MD5 and mysql encrypted passwords for secure smtp authentication over TLS? Or is this type of security redundant and unnecessary?
2. Is there a way to set postfix + mysql running virtual mail domains and users so that the users may change their own passwords?
Ideas? Suggestions? Leave a comment or send a note to michael.postfix@securitycatalyst.com
If you enjoyed this post, make sure you subscribe to my RSS feed!
Posted in Information Protection |
Print this post
|
Permalink
KrisQuinby said,
August 27, 2006 @ 3:08 pm
Michael, I sit the fence on whether or not to store email in mysql. I think you lose a lot of flexability. It becomes harder to move between different email servers and such. You can have true virtual users without using a database backend. I do also see the benefits so please no flame about how much better it is at other things. Secondly, there is at least one program that lets users change their own passwords. Have you seen postfixadmin? It is a web based tool. It can also be used to delegate some administration of the virtual domains to “domain admins”. Hope that helps.
Santa said,
August 27, 2006 @ 5:28 pm
Kris,
No flame wars here (at least not from me) - we’re all about being positive. Adam and I are actually taking pretty detailed notes as we work through this process, with the aim of eventually creating a podcast to explain the decisions we made, and why. We are always open to constructive criticism and looking for insghts! We can explain the desire for mysql integration in the future. And we’ll be checking out postfixadmin in the coming days.
Thanks for taking the time to share.
Santa (aka Catalyst)