A while ago I wrote about how I built out a LAMPS box. One of the things I had not figured out how to do was enable secure mail transactions via IMAP and SMTP. Well, that has changed, and now I’ve got that turned on too.
Wasn’t too hard to do either… I self-signed my certs, reconfigured postfix and cyrus, opened the right ports, and it was active. I just finished doing an Ethereal capture and it all looks good, meaning that I can’t see a thing other than it’s TLS data during the transactions.
One of the gotchas was that because I have SASL authenticating through PAM, and PAM hooks to LDAP, there is no way to do encrypted passwords for SMTP auth. I don’t view this as a big problem though since, according to the Ethereal capture I took, the password is transmitted after I establish the tunnel.
Same goes for IMAP. Apparently Secure Password Authentication (SPA) isn’t going to work, however, since the password is transmitted within the TLS tunnel, it’s secure. Apparently the reason for this incompatibility with LDAP has to do with the way the passwords are stored.
Here’s a pretty good URL for instructions on how to configure Postfix for TLS support:
http://www.projektfarm.com/en/support/howto/postfix_smtp_auth_tls.html
More later…
–Scott Keoseyan – 03 MAY 05
