Re: auth service over tls
I was testing a bit this setup of putting them in different servers, since these options are implemented. What I was not sure was if they support TLS as well. So Postfix-Dovecot SASL AUTH is not supported. Is TLS LMTP supported between Postfix and Dovecot? I see that Dovecot LMTP supports a TLS connection, but not sure if Postfix can make the TLS initial request. I just could exchange data over LMTP in plain (no TLS) between Postfix and Dovecot.
Regards, Ibra
On Thu, 16 Nov 2023 at 12:28, Nick Lockheart forum@ageofdream.com wrote:
Are Postfix and Dovecot running on the same server? If so, you might be better served by connecting with a UNIX socket rather than TCP.
I'm not sure there is much security benefit to using TLS on the loopback interface which is what was in your example from the previous email.
And to clarify, Postfix supports TLS for authentication between an email program like Thunderbird and the Postfix server, but does not support TLS for the SASL AUTH *service* connection from Postfix to the AUTH provider (Dovecot or Cyrus-SASL).
Also, please use the group reply function so your email goes to the list, this email only went to me.
On Thu, 2023-11-16 at 09:38 +0000, ibra wrote:
Good Morning, thank you for your fast response, and sorry to not answer before, I forgot to check spam folder. Good to know that postfix does not support SASL AUTH over TLS, because actually I was planning to use it. I started with Dovecot to check if auth port support tls. For that I launched tls handshake using openssl, like this command: $ openssl s_client -servername mail.sample.com -connect localhost:12345
But I got an error. (In summary Dovecot ends the connection). Anyway, it would be awesome that in the future both Postfix and Dovecot could support it.
On LMTP port, tls handshake worked in Dovecot side, now I have to configure Postfix to make the request to dovecot LMTP over tls.
With Postfix I was able to send data to Dovecot LMTP port, but was not over TLS. Do you know what settings should I enable in Postfix side?
Regards Ibra.
On Wed, 15 Nov 2023 at 11:08, Nick Lockheart nlockheart@ageofdream.com wrote:
On Wed, 2023-11-15 at 10:00 +0000, ibra wrote:
Hi, I'm trying running tls connections for both auth and lmtp services. For lmtp it is ok, for auth service I couldnt make it. I configure dovecot with the next configuration in file "conf.d/10-myconfig.conf":
Which MTA are you trying to connect from? Postfix does not support SASL AUTH over TLS, for example.
I was testing a bit this setup of putting them in different servers, since these options are implemented. What I was not sure was if they support TLS as well. So Postfix-Dovecot SASL AUTH is not supported. Is TLS LMTP supported between Postfix and Dovecot? I see that Dovecot LMTP supports a TLS connection, but not sure if Postfix can make the TLS initial request. I just could exchange data over LMTP in plain (no TLS) between Postfix and Dovecot.
Regards, Ibra
On Thu, 16 Nov 2023 at 12:28, Nick Lockheart forum@ageofdream.com wrote:
Are Postfix and Dovecot running on the same server? If so, you might
be better served by connecting with a UNIX socket rather than TCP.
I'm not sure there is much security benefit to using TLS on the
loopback interface which is what was in your example from the
previous email.
And to clarify, Postfix supports TLS for authentication between an
email program like Thunderbird and the Postfix server, but does not
support TLS for the SASL AUTH *service* connection from Postfix to
the AUTH provider (Dovecot or Cyrus-SASL).
Also, please use the group reply function so your email goes to the
list, this email only went to me.
On Thu, 2023-11-16 at 09:38 +0000, ibra wrote:
Good Morning,
thank you for your fast response, and sorry to not answer
before, I forgot to check spam folder. Good to know that
postfix does not support SASL AUTH over TLS, because
actually I was planning to use it.
I started with Dovecot to check if auth port support tls.
For that I launched tls handshake using openssl, like this
command:
$ openssl s_client -servername mail.sample.com -connect
localhost:12345
But I got an error. (In summary Dovecot ends the
connection).
Anyway, it would be awesome that in the future both Postfix
and Dovecot could support it.
On LMTP port, tls handshake worked in Dovecot side, now I
have to configure Postfix to make the request to dovecot
LMTP over tls.
With Postfix I was able to send data to Dovecot LMTP port,
but was not over TLS. Do you know what settings should I
enable in Postfix side?
Regards
Ibra.
On Wed, 15 Nov 2023 at 11:08, Nick Lockheart
<nlockheart@ageofdream.com> wrote:
On Wed, 2023-11-15 at 10:00 +0000, ibra wrote:
Hi,
I'm trying running tls connections for
both auth and lmtp services. For
lmtp it is ok, for auth service I
couldnt make it. I configure dovecot
with
the next configuration in file "conf.d/
10-myconfig.conf":
Which MTA are you trying to connect from? Postfix
does not support SASL AUTH over TLS, for example.
participants (1)
-
ibra