postfix sasl auth using another smtp server sasl auth

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

postfix sasl auth using another smtp server sasl auth

Özkan KIRIK
Hello,

I'm trying to auth sasl using another smtp server's sasl auth.

scenario is as shown below:

[client] -> [postfix_as_email_gateway with auth plain] -> [another smtp server sasl auth plain enabled]

postfix has no userdb & passdb. Is it possible that postfix connect to another smtp server and validate auth plain user credentials? Basically i want that postfix make auth against another server's smtp auth.

What is the right way to do this configuration?

Regards
Reply | Threaded
Open this post in threaded view
|

Re: postfix sasl auth using another smtp server sasl auth

Wietse Venema
?zkan KIRIK:

> Hello,
>
> I'm trying to auth sasl using another smtp server's sasl auth.
>
> scenario is as shown below:
>
> [client] -> [postfix_as_email_gateway with auth plain] -> [another smtp
> server sasl auth plain enabled]
>
> postfix has no userdb & passdb. Is it possible that postfix connect to
> another smtp server and validate auth plain user credentials? Basically i
> want that postfix make auth against another server's smtp auth.
>
> What is the right way to do this configuration?

If it is not documented then it is not supported.

This requires new code, in the form of a Postfix XSASL_SERVER module
that 1) makes a TLS-encrypted SMTP connection to a remote SMTP
server, and 2) proxies the SASL protocol requests and responses
between the SMTP client and the remote SMTP server.

Problems: 1) the Postfix SMTP server must find out the remote SMTP
server's SASL authentication mechanisms before it can respond to
the SMTP client's EHLO command. 2) This is a very expensive
feature that cannot be exposed to the Internet.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: postfix sasl auth using another smtp server sasl auth

Jaroslaw Rafa
In reply to this post by Özkan KIRIK
Dnia  2.08.2020 o godz. 23:07:08 Özkan KIRIK pisze:
> I'm trying to auth sasl using another smtp server's sasl auth.
>
> scenario is as shown below:
>
> [client] -> [postfix_as_email_gateway with auth plain] -> [another smtp
> server sasl auth plain enabled]

I would rather try postfix on machine A authenticate directly to SASL
authenticator on machine B by configuring SASL to use TCP socket and setting
smtpd_sasl_path to "inet:ip_address:port". Of course the port needs to be
firewalled appropriately on machine B to ensure that only machine A can
access it.
--
Regards,
   Jaroslaw Rafa
   [hidden email]
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
Reply | Threaded
Open this post in threaded view
|

Re: postfix sasl auth using another smtp server sasl auth

Peter Ajamian
In reply to this post by Özkan KIRIK
On 3/08/20 8:07 am, Özkan KIRIK wrote:
> Hello,
>
> I'm trying to auth sasl using another smtp server's sasl auth.
>
> scenario is as shown below:
>
> [client] -> [postfix_as_email_gateway with auth plain] -> [another smtp
> server sasl auth plain enabled]

The closest you can likely come to this is to use Cyrus SASL with rimap
authentication which will allow you to auth against an *IMAP* server
(which can be remote).

> postfix has no userdb & passdb. Is it possible that postfix connect to
> another smtp server and validate auth plain user credentials?
> Basically i want that postfix make auth against another server's smtp auth.
>
> What is the right way to do this configuration?

Rethink your strategy.  Perhaps connect Dovecot SASL directly to the
remote database for auth?


Peter