0

I need to setup TLS/SSL for postfix, so I can send mail from my iphone via my smtp mailserver (or else i will get relay access denied messages).

From what I understand this is one way:

https://www.rosehosting.com/blog/set-up-ssl-encrypted-connection-in-postfix-dovecot-and-apache/

But I can also do it with the SASL framework and use dovecot: https://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL

Which is better/more appropriate?

peterh
  • 4,953
  • 13
  • 30
  • 44
ATv
  • 129
  • 1
  • 2
  • 15

1 Answers1

2

Both? Dovecot and Postfix are different things, you can encrypt your MTA traffic with TLS, and have your dovecot connections handled and authenticated using SASL. It's not a case of one or the other, you should implement both.

Joe Brailsford
  • 1,181
  • 8
  • 10
  • I realise that i should implement both, but the second link clearly states: "Postfix supports SMTP AUTH through Dovecot SASL " – ATv Jun 21 '17 at 10:08
  • Yes, it does. So set your Postfix config to handle traffic over TLS, and specify that it should auth against Dovecot with sasl, as per `smtpd_sasl_type = dovecot` etc. Then configure your Dovecot to support those incoming auth requests (I don't think this will take much, if any, work). – Joe Brailsford Jun 21 '17 at 10:12
  • Essentially, set your auth up as per your second link, but configure your postfix TLS params as per the first link. Do both. As an advisory: TLS configuration for postfix goes a lot further than is detailed in link 1. – Joe Brailsford Jun 21 '17 at 10:16
  • Are you saying there is more to configure after doing both links? Is there any complete guide you know off that covers the whole spectrum? I'm new to all this. All i want is to send email from my iphone via my newly setup postfix server :-) – ATv Jun 21 '17 at 10:58
  • Doing the stuff in the two links provided will get you that far. The point I was making is that there's a lot more around securing a server/MTA. I'd suggest googling: securing postfix, securing Dovecot, securing a Debian/Ubuntu/your os server. – Joe Brailsford Jun 21 '17 at 11:19
  • @ATv no worries, if you're happy with the answer give a tick. – Joe Brailsford Jun 21 '17 at 11:34