SMTP Auth via POP or IMAP Server

[MvincM]

Hello,

Rather complicated question but I belive that ispconfig forum could help.

I must change my ISP configuration (Postfix) to do some tricky authorization.

Users must send e-mail through ISPConfig Postfix SMTP but Postfix must authorized them via third part POP3 or IMAP server.

Do you have any idea how to do this...

Best regards,
MvincM

[till]

Andy why dont you use the normal smtp-auth which is configured by default? All normal mail clients support it. The setup you want to do is named pop befire smtp and is not in use anymore for years since all mail clients support smtp-auth.

[MvincM]

Yes it is clear for me and I looks for P-B-S but it is different case...

I just explain...

We use ISPConfig for many years (great tools - Thanks a lot) but now one of our domains must be hosted on google apps (our company split to sub-company and they want to use google apps as a mail services). And now story starts. As you may know Google put Sender SMTP header filed to any mail and it looks terrible in outlook e.g. "sales on behalf of j.test@domain.com". Google confirm that is not a "business" behaviour and allow to use own SMTP (simple option in menu) to put any Sender filed. You just put SMTP address and login and password for user (to authenticate) and you could send mails via your SMTP. And this solution is good but... not to the end.

In my case I must take care of two user database - one of google apps and second on ISPConfig (to use it as SMTP server). I must also remember to synchronized them... so I wonder how to use and configure "SMTP authentication via Google IMAP server".

In this case I could have a lot of domains on ISPConfig and one small on Google Apps but without duplicated user database.

and this is a problem

Any ideas?

Best regards,
MvincM

[till]

You can try to do it with pam_imap

http://pam-imap.sourceforge.net/

[autogun]

Quote:

Originally Posted by till

Andy why dont you use the normal smtp-auth which is configured by default? All normal mail clients support it. The setup you want to do is named pop befire smtp and is not in use anymore for years since all mail clients support smtp-auth.

Hey till,

This is basically means that running an ISPConfig3 setup with Postfix as my MTA - Nobody will be able to relay on my box and send spam through it without auth first?

[till]

Yes, smtp-auth is configuread by default.

[autogun]

This is wierd,

Part of my /etc/postfix/main.cf

Code:

mynetworks = 127.0.0.0/8 [::1]/128
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
smtpd_tls_security_level = may

and still, Im being able to access my mail server and send mails outside my network -

Code:

telnet ispconfig.MYDOMAIN 25
Trying XXX.XX.XX.XXX...
Connected to ispconfig.MYDOMAIN.
Escape character is '^]'.
220 ispconfig.MYDOMAIN ESMTP Postfix (Debian/GNU)
helo a
250 ispconfig.MYDOMAIN
mail from:ask@me.com
250 2.1.0 Ok
rcpt to:admin@MYADMIN
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
hello.
.
250 2.0.0 Ok: queued as C40F3182CA

Am I doing something wrong? :E

[till]

You have to access your server from outside to test this. You can not run this test on the local server as localhost is always configured to be able to relay. This does not mean that someone else can misuse your server to send spam, localhost must be allowed to send spam as many damons send status messages by email and also things like the php mail() function wont work without that.

If you want to test your server if it is an open relay, use this:

http://www.abuse.net/relay.html

[autogun]

Thanks till,

Thanks a bunch!

[MvincM]

Thanks for your idea !!!

Now I use "rimap" and it works but your idea is better. When I will use pam_imap I can auth with local DB and google IMAP server.

Once again thanks !

Best regards,
MvincM