Adam and I (mostly Adam) are working to get postfix configured to run virtual domains in a secure configuration. Along the way, we have come across two challenges and would appreciate some ideas, feedback or insights (links, experience, whatever):

1. Is there any way to setup postfix + sasl to use both CRAM-MD5 and mysql encrypted passwords for secure smtp authentication over TLS? Or is this type of security redundant and unnecessary?

2. Is there a way to set postfix + mysql running virtual mail domains and users so that the users may change their own passwords?

Ideas? Suggestions? Leave a comment or send a note to mi*************@se**************.com

About the Author Michael Santarcangelo

The founder of Security Catalyst, Michael develops exceptional leaders and powerful communicators with the security mindset for success.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours - the best way for Security Leaders to connect with a group of peers each week for a needed shot of energy and actionable insights.