DevHeads.net

Postings by mj

sasl auth LOGIN / PLAIN

Hi,

Just a small question: we currently use posfix with sasl authentication,
and folowing many docs, we have enabled PLAIN and LOGIN authentication.

However, googling leads me to believe that LOGIN is mostly used by
Outlook Express, and that most (or all?) modern clients support the
PLAIN mechanism.

I also noticed that most failed authentication attempts are done using
LOGIN.

Now, assuming that most of these failed authentications are simply
username/password guessing...

check_sasl_access question

Hi,

I would like to only allow sasl authenticated relay for specific users,
so I have in main.cf:

smtpd_relay_restrictions = permit_mynetworks, check_sasl_access
hash:/etc/postfix/sasl_list,....

and in /etc/postfix/sasl_list:
username1 OK
username2 REJECT
username3 OK
* REJECT

The config works.

limit sasl usernames

Hi all,

Is there a way to limit/restrict the usernames that are allowed to use
our postfix dovecot-sasl authenticated smtp relay?

We would like only *specific* usernames to be able to use the
authenticated relay. And currently everybody with dovecot imap access
can also use the relay. Is there a way to restrict that?

A simple list of usernames would work, or more advanced: dynamically
using an ldap lookup to check group membership.

Thanks in advance for pointers/tips,

MJ