Adam and I (mostly Adam) are working to get postfix configured to run virtual domains in a secure configuration. Along the way, we have come across two challenges and would appreciate some ideas, feedback or insights (links, experience, whatever):

1. Is there any way to setup postfix + sasl to use both CRAM-MD5 and mysql encrypted passwords for secure smtp authentication over TLS? Or is this type of security redundant and unnecessary?

2. Is there a way to set postfix + mysql running virtual mail domains and users so that the users may change their own passwords?

Ideas? Suggestions? Leave a comment or send a note to

mi*************@se**************.com











About the Author Michael Santarcangelo

The founder of Security Catalyst, Michael develops exceptional leaders and powerful communicators with the security mindset for success.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.