On Tue, 24 Jun 2003, Mike Burger wrote:
> On Tue, 24 Jun 2003, Satish Balay wrote:
>
> > > # TLS
> > > smtpd_tls_cert_file = /etc/postfix/burgers.pem
> > > smtpd_tls_key_file = /etc/postfix/privkey.pem
> > > smtpd_tls_loglevel = 1
> > > smtpd_use_tls = yes
> > > smtp_use_tls = yes
> > > smtpd_tls_cipherlist = DEFAULT
> > > smtp_tls_note_starttls_offer = yes
> > > smtp_starttls_timeout = 300s
> > > tls_random_source = dev:/dev/urandom
> > > tls_random_exchange_name = /etc/postfix/prng_exch
> > >
> > > Note that "burgers.pem" and "privkey.pem" are the SSL key and certificate
> > > files. In my case, they're self-signed, but if you really want to be able
> > > to make full use of TLS/SSL, you'll probably want to buy an actual secure
> > > certificate from an actual secure cert authority...or, if you already have
> > > the same files for use with your web server, those same key and cert files
> > > should work just fine.
> >
> > Not sure I follow this one. I'm thinkig of:
> >
> > when postfix uses a SMTP realy - it should contact the relay with
> > ssl-smtp,username,passwd. for the specific e-mail destinations.
>
> My point is that SSL and authenticated SMTP are unrelated, insofar as
> making one or the other work. You can make SMTP-AUTH work over SSL, or
> in clear-text, but neither is required for the other to work...they're
> mutually exclusive to each other.
Agreed
>
> SMTP servers do not authenticate on a user level...and even when SMTP is
> on an authenticated basis, it does not require SSL/TLS.
I guess I need to understand the difference between the following:
Source --(SMTP)--> destination
Source --(SMTP?)--> relay -(SMTP)--> destination
^^^^^^
and what the above mentioned options actuall do. Do they affect both
'Source -> Destination', 'source -> relay' (if relay is somehow
specified? )
>
> > in pine lingo (modifying the sugested configuration could be)
> >
> > aol.com my.isps.mail.server/ssl/novalidate-cert/user=username/passwd=foobar
> > roadrunner.com my.isps.mail.server/ssl/novalidate-cert/user=username/passwd=foobar
> >
> > > Currently, authenticated SMTP is limited to connections between
> > > client and server.
> >
> > Looks like - it is not possible to set up what I want in
> > postfix/sendmail. Here postfix would be the client - and the external
> > smtp-relay is the server.
>
> Does the external smtp relay server require user level authentication?
The one I'm thinking of does require authentication. I need to explain
a bit here. I use my laptop on varing networks (primarily 2 - home,
work). So, I can do either of the following:
1. use /usr/sbin/sendmail (postfix) for all outgoing mail (might get
rejected by AOL and others)
2. Modify 1. - and additionally specify 2 open SMTP relays - for 'AOL'
and the like. Based on the network I'm in - one will work - and the
other won't. (so hopefully this should work at both home and at
work networks)
3. Modify 1. - and specify a 3rd party external SMTP-relay for AOL and
the like that can be accessed using user-auth & SSL (this third
party SMTP-relay - as it is authenticated - can be accessed from
any network my laptop is connected to)
I currently use 1. Wold like to do 2 or 3. I currently can manage this
with pine (rules) I can specify the following rule in pine:
**********
if (participant-pattern 'matches' @aol.com, @someotherhost.com) {
use smtp=my.isps.mail.server/ssl/novalidate-cert/user=username
}
default smpt=/usr/sbin/sendmail
**********
I was hoping there is a simple way to push this into postfix config
(and get the spooling benefit for all my mails) - but it looks too
difficult to achieve this configuration.
>
> > I'm not running a mail server. I'm just using a local sendmail (aka
> > postfix) for all my outgoing mail from pine. I decided to do this - as
> > I can't specify multiple smtp servers to 'pine'. (home/ work /
> > somewere in a hotel with network access etc..)
>
> Whether your running it as an actual mail server or not, Postfix is a mail
> server daemon. While your postfix would be acting as a client to the
> remote recipient server, it's still a server...after all, it is accepting
> mail from your program (PINE, mutt, ELM, etc).
No contest here. I just wanted to clarify that the 'postfix mail
server' I'm running services my 'pine' and nothing else.
>
> If you just want Pine to send through your ISP's mail server, you'll need
> to configure PINE's smtp server settings. To tell the truth, I'm not
> aware that any SMTP daemon has a setting to act as an SMTP-AUTH
> client...just as an SMTP-AUTH server.
If thats the case there is a protocol failure somewhere in the stack.
end-to-end SMTP doesn't work (aka aol)
end->relay->end doesn't work (postfix can't talk to the relay via authentication)
>
> If someone else has knowledge to the contrary, please fill us in.
>
> > I wonder how mutt users would do this (on their laptops) - as for mutt
> > - the correct tool to handle outgoing mail is a local sendmail (not
> > the ISP's smtp relay)
>
> Why? If, like PINE, mutt allows the setting of an outbound SMTP server,
> why would using that outbound SMTP server not be the correct tool for the
> purpose? Especially if PINE or mutt can be configured to pass a username
> and password for authentication purposes?
No, mutt cannot use an external SMTP server setting. It depends on the
/usr/sbin/sendmail to the correct job of delevering mail.
>From Mutt faq at http://www.fefe.de/muttfaq/faq.html
************************************************************
How can I make Mutt use a SMTP server to send email, like Pine or
[insert favourite Windows-based email client here]?
answer from Mikko Hnninen
You can't. Mutt is a MUA (Mail User Agent), not a MTA (Mail Transport
Agent). Other email programs include MTA functionality but the Mutt
way is to use the proper tool for each task, instead of making a giant
program that does everything. In short, it's not Mutt's job to get the
mail to a remote SMTP server.
If your system does not have a properly configured MTA such as
sendmail for Mutt to use, and you only need one to send all emails to
a remote SMTP server for further delivery, then you can get sSMTP from
ftp://metalab.unc.edu/pub/Linux/system/mail/mta/ and install
that. sSMTP is easy to set up but very minimalistic, so you might want
to check out nullmailer at http://www.em.ca/~bruceg/nullmailer/
instead. nullmailer can queue mails when the smarthost is down and
then send them when it's up again.
Other MTAs and alternatives to sendmail are also listed in the Other
Programs section on the Mutt Links page at
http://www.mutt.org/links.html.
************************************************************
> if user level authentication is not actually required by the remote
> SMTP server, then PINE or mutt's remote SMTP options should work just
> fine.
Agreed. PINE works EVEN with user authentication of the external
smtp-relay. But thats not how this thread started.
Satish
