[afnog] Secured SMTP server
Stephane Bortzmeyer
bortzmeyer at nic.fr
Mon Jul 24 18:26:00 EAT 2006
On Fri, Jul 21, 2006 at 04:11:32PM +0200,
Marouen MRAIHI <mr.marouen at gmail.com> wrote
a message of 12 lines which said:
> I have postfix installed on en HP-UX server and I want to give a
> secured SMTP for remote users (to allow them to send emails through
> that server).
You can authenticate remote users with:
1) TLS. This requires a certificate for each client.
2) SASL. This works with a password, which is transmitted in clear
(which, IMHO, requires an encrypted link, for instance with TLS, this
time for confidentiality) or used for a challenge/response.
The choice depends on:
* your PKI for the choice 1)
* your clients (remember that security is an HUMAN process: "securing"
means spending a lot of time on the phone, talking with people who
are unable to type a password properly)
* your client's software
* your existing databases (if you want to reuse them for SASL)
You can also configure both methods which will allow your clients to
choose but this complicates your setup.
I suggest to test both, and with typical MUA software, before
choosing.
More information about the afnog
mailing list