[Dovecot] FIXED Re: Trouble adding sasl support via dovecot

Charles Marcus CMarcus at Media-Brokers.com
Mon Mar 12 21:02:55 EET 2012


Since you got it working, I'll just comment on a couple of things...

On Mon, 12 Mar 2012, Richard Troy wrote:

> When I do "postconf-a" it indicates cyrus and dovecot, so I take it that
> means Postfix has been built with sasl support. (I presume this means I
> don't have to compile it from source.)

Correct...

> From the working environ, only listening on port 25, I simply added the
> following (as per directions already cited above):

You really should separate AUTH to the port that is designed for it: 
port 587 (aka the 'submission' port/service)... just uncomment it (and 
its attendant lines) in master.cf

> The documentation found here:
>
> http://www.postfix.org/TLS_README.html
>
> claims (intimates) that it's not possible to run a site on a self-signed
> certificate,

Where does it state any such thing? I've been using self-signed certs 
for 8+years with postfix...

You do have to 'accept' the certs in the clients though, and that cn 
scare some users. I've had zero problems with this in Android, and none 
in recent versions of iOS, although earlier versions required you to 
install the cert manually (could be done using Safari on the iPhone)...

Also, Outlook provides no simple way to Accept a Cert and store it 
permanently (Thunderbird does), so unless/until Outlook users import the 
Cert, they'll have to accept it each time they fire up Outlook and check 
mail.

> And, by the way, what's port 465 all about? Some clients propose that's
> what should be used to send...

It is the *deprecated* SMTPS (smtp over SSL). All modern clients can use 
the submission service, but some older versions of Outlook/Outlook 
Express can only use 465. It doesn't hurt anything to have it enabled, 
but you shoiuld absolutely tell all other clients to use the normal 
submissions service (STARTTLS on port 587).

-- 

Best regards,

Charles


More information about the dovecot mailing list