August 26

Securing Postfix – two questions lead the way to Trusted Catalysts

Adam and I (mostly Adam) are working to get postfix configured to run virtual domains in a secure configuration. Along the way, we have come across two challenges and would appreciate some ideas, feedback or insights (links, experience, whatever):

1. Is there any way to setup postfix + sasl to use both CRAM-MD5 and mysql encrypted passwords for secure smtp authentication over TLS? Or is this type of security redundant and unnecessary?

2. Is there a way to set postfix + mysql running virtual mail domains and users so that the users may change their own passwords?

Ideas? Suggestions? Leave a comment or send a note to michael.postfix@securitycatalyst.com


Tags


You may also like

Are you using frameworks properly?

Leadership and communication are actually layers, not levels

  1. Michael, I sit the fence on whether or not to store email in mysql. I think you lose a lot of flexability. It becomes harder to move between different email servers and such. You can have true virtual users without using a database backend. I do also see the benefits so please no flame about how much better it is at other things. Secondly, there is at least one program that lets users change their own passwords. Have you seen postfixadmin? It is a web based tool. It can also be used to delegate some administration of the virtual domains to “domain admins”. Hope that helps.

  2. Michael, I sit the fence on whether or not to store email in mysql. I think you lose a lot of flexability. It becomes harder to move between different email servers and such. You can have true virtual users without using a database backend. I do also see the benefits so please no flame about how much better it is at other things. Secondly, there is at least one program that lets users change their own passwords. Have you seen postfixadmin? It is a web based tool. It can also be used to delegate some administration of the virtual domains to “domain admins”. Hope that helps.

  3. Kris,

    No flame wars here (at least not from me) – we’re all about being positive. Adam and I are actually taking pretty detailed notes as we work through this process, with the aim of eventually creating a podcast to explain the decisions we made, and why. We are always open to constructive criticism and looking for insghts! We can explain the desire for mysql integration in the future. And we’ll be checking out postfixadmin in the coming days.

    Thanks for taking the time to share.

    Santa (aka Catalyst)

  4. Kris,

    No flame wars here (at least not from me) – we’re all about being positive. Adam and I are actually taking pretty detailed notes as we work through this process, with the aim of eventually creating a podcast to explain the decisions we made, and why. We are always open to constructive criticism and looking for insghts! We can explain the desire for mysql integration in the future. And we’ll be checking out postfixadmin in the coming days.

    Thanks for taking the time to share.

    Santa (aka Catalyst)

Comments are closed.
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe to our newsletter now!