[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: IMAP and SMTP AUTH using sendmail?



Am Sa, den 18.06.2005 schrieb Belmin um 22:36:

> I was thinking of installation IMAP and SMTP on my FC4 box. I haven't 
> used sendmail for anything more than PHP's mail() function but it seems 
> to be the software of choice?

Well, I guess you don't want to start a religious war about MTAs :)
If you ask me I then would choose Sendmail. Others prefer Postfix (they
claim it to be easier to administer) or Exim - those named 3 MTAs are
coming with Fedora Core / Extras - and a different group claim Qmail
their choice (but I don't recommend it because it is a) not shipped with
Fedora and thus not "supported" regarding security and it requires to be
a bunch of a patchset to be discussable at all as an MTA for today's
situation). Regarding PHP's mail() function I vote to have a close look
at either the Pear class Mail or http://phpmailer.sourceforge.net.

> 1) I wanted a rundown of what would I need or maybe a HOWTO? Using 
> google, I found some HOWTO documentation but they are vague as far as 
> AUTH and I'm not sure of the terminology used. Maybe someone knows of a 
> more apropos ( ;-) ) HOWTO?

To configure SMTP AUTH with Sendmail shipped by Fedora is pretty easy as
all is already well prepared. A good howto is

http://www.joreybump.com/code/howto/smtpauth.html

Another one - by a list member -

http://www.simpaticus.com/linux/sendmail-smtp-auth-howto.php

> 2) Should I stick with sendmail? Any alternatives? What benefits would 
> do they offer? How would that change my PHP setup?

At least Postfix's send binary is called "sendmail" for compatibility
reasons. So there would be no problem.

> 3) As far as SMTP and IMAP, I wanted to use username/password AUTH with 
> some type of encryption (don't want login information to be sent 
> cleartext) since I will be accessing the servers remotely. Assuming I 
> stick with (if I could) sendmail, how would I accomplish this?

Sure, this is nowadays nothing exotic but should go without saying.
Basically you can encrypt the whole mail client to MTA connection by a
STARTTLS session. All current mail clients can do so (like SMTP AUTH is
a common feature). This way you can protect LOGIN and PLAIN mechanisms.
If you offer CRAM-MD5 or DIGEST-MD5 AUTH such a TLS layer isn't
necessary as these mechanisms already use secure techniques. But keep in
mind that the Windows® world mail clients Outlook/OE do only PLAIN
(Outlook) or LOGIN (OE). So a third Sendmail SMTP AUTH howto

http://www.whoopis.com/howtos/sendmail-auth-howto.html

What you need for STARTTLS is a set of certificates. It is sufficient if
you create yourself a CA (Certificate Authority) using the OpenSSH tool.
You don't need to buy services by an official authority.

http://www.falkotimme.com/howtos/sendmail_smtp_auth_tls/index.php

covers this part. Keep in mind that you do not need anything from
sources for all the setup steps. All things needed (MTA, SASL, OpenSSH)
are shipped with Fedora as RPMs.

> 4) Adding accounts/mailboxes w/o adding users to my linux box. Again, 
> assuming I stick to sendmail.

This isn't that much a task of the MTA itself, but modern MTAs use SASL
for this. There are different possibilities, one is to use a sasldb2,
another one to use LDAP or even an SQL database.

Don't forget that if you want to receive mail too, just have to run a
mail access server (POP3/IMAP). Fedora ships dovecot and Cyrus-IMAPd.
Both work together with the named MTAs Fedora offers.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.27_FC2smp 
Serendipity 22:58:35 up 25 days, 21:36, load average: 0.01, 0.09, 0.10 

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]