SMTP Auth via POP or IMAP Server

Discussion in 'General' started by MvincM, Sep 2, 2009.

  1. MvincM

    MvincM New Member


    Rather complicated question ;) but I belive that ispconfig forum could help.

    I must change my ISP configuration (Postfix) to do some tricky authorization.

    Users must send e-mail through ISPConfig Postfix SMTP but Postfix must authorized them via third part POP3 or IMAP server.

    Do you have any idea how to do this...

    Best regards,
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Andy why dont you use the normal smtp-auth which is configured by default? All normal mail clients support it. The setup you want to do is named pop befire smtp and is not in use anymore for years since all mail clients support smtp-auth.
  3. MvincM

    MvincM New Member

    Yes it is clear for me and I looks for P-B-S but it is different case...

    I just explain...

    We use ISPConfig for many years (great tools - Thanks a lot) but now one of our domains must be hosted on google apps (our company split to sub-company and they want to use google apps as a mail services). And now story starts. As you may know Google put Sender SMTP header filed to any mail and it looks terrible in outlook e.g. "sales on behalf of [email protected]". Google confirm that is not a "business" behaviour and allow to use own SMTP (simple option in menu) to put any Sender filed. You just put SMTP address and login and password for user (to authenticate) and you could send mails via your SMTP. And this solution is good but... not to the end.

    In my case I must take care of two user database - one of google apps and second on ISPConfig (to use it as SMTP server). I must also remember to synchronized them... so I wonder how to use and configure "SMTP authentication via Google IMAP server".

    In this case I could have a lot of domains on ISPConfig and one small on Google Apps but without duplicated user database.

    and this is a problem ;)

    Any ideas?

    Best regards,
  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. autogun

    autogun New Member

    Hey till,

    This is basically means that running an ISPConfig3 setup with Postfix as my MTA - Nobody will be able to relay on my box and send spam through it without auth first?
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, smtp-auth is configuread by default.
  7. autogun

    autogun New Member

    This is wierd,

    Part of my /etc/postfix/
    mynetworks = [::1]/128
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/, reject_unauth_destination
    smtpd_tls_security_level = may
    and still, Im being able to access my mail server and send mails outside my network -
    telnet ispconfig.MYDOMAIN 25
    Trying XXX.XX.XX.XXX...
    Connected to ispconfig.MYDOMAIN.
    Escape character is '^]'.
    220 ispconfig.MYDOMAIN ESMTP Postfix (Debian/GNU)
    helo a
    250 ispconfig.MYDOMAIN
    mail from:[email protected]
    250 2.1.0 Ok
    rcpt to:[email protected]
    250 2.1.5 Ok
    354 End data with <CR><LF>.<CR><LF>
    250 2.0.0 Ok: queued as C40F3182CA
    Am I doing something wrong? :E
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    You have to access your server from outside to test this. You can not run this test on the local server as localhost is always configured to be able to relay. This does not mean that someone else can misuse your server to send spam, localhost must be allowed to send spam as many damons send status messages by email and also things like the php mail() function wont work without that.

    If you want to test your server if it is an open relay, use this:
  9. autogun

    autogun New Member

    Thanks till,

    Thanks a bunch! :cool:
  10. MvincM

    MvincM New Member

    Thanks for your idea !!!

    Now I use "rimap" and it works but your idea is better. When I will use pam_imap I can auth with local DB and google IMAP server.

    Once again thanks !

    Best regards,

Share This Page