[wplug] IMAP revisited... to send mail?

Brandon Kuczenski brandon at 301south.net
Sat Nov 20 18:36:50 EST 2004 

On Sat, 20 Nov 2004, Bill Moran wrote:

> On Sat, 20 Nov 2004 08:47:36 -0500
> "Jonathan S. Billings" <billings at negate.org> wrote:
> >
> > On Nov 20, 2004, at 8:34 AM, Bill Moran wrote:
> >
> > > So stuff had to be added to SMTP to secure it.  SASL is a component of
> > > SMTP AUTH.  SMTP AUTH allows a user to authenticate to the SMTP server
> > > before using it, SASL is how the SMTP server determines whether or not
> > > that authentication succeeds or not.
> >
> > I should note that SASL is also used by imap and other services to
> > negotiate authentication, as well negotiating the security layer for
> > the protocol.  So you might see it in your IMAP configuration as well
> > as MTA.
>
> Good point.
>
> SASL is the underlying method of authentication.  SMTP AUTH is the way
> that SMTP uses SASL to do its job.  IMAP and POP could use SASL as well.
> In fact, I think you could (potentially) use SASL for all authentication
> (even login) although I don't know of anyone ever doing so.
>

Okay, so this is helping, somewhat... Again, tell me if I have it right.

OpenSSL is a package that implements the Secure Sockets Layer, which is a
way of encrypting communications between two hosts.  TLS, or "Transport
Layer Security", is another component of OpenSSL, which seems to be some
way of managing SSL connections.

And SASL is a Cyrus package which serves the same purpose, but which I
will not use because I already have OpenSSL installed and working.

So far I have installed and configured Dovecot, an IMAP server, to use my
certificate that I created just for IMAP and allow clients to
authenticate.  It was a simple matter of pointing Dovecot at the
certificates.  So, presumably, all I need to do is point Postfix at the
same certificate (necessitating a recompile, because Postfix does not
support TLS -- is that different from supporting SSL? -- by default), and
an unknowable number of configuration changes, and then postfix will allow
people who have authenticated over IMAP to send mail (securely?) over
SMTP.

Right so far?

It can't be, because I still have no understanding of what exactly TLS is.
And why would I bother with SSL for mail that my users are sending
remotely, when the mail gets sent out in plaintext an instant later as
it's forwarded to the recipient?

No, I don't understand anything.  I don't even know what question to ask.
I have 50 different howtos open here, the postfix documentaiton is
hopelessly technical and terse, and I am rapidly getting frustrated.

Maybe beating myself over the head with this for 18 hours straight is not
a good idea....

-Brandon

More information about the wplug mailing list