Understudy said:
However I believe there is a certificate in place. When I did the setup I followed through the process and made some adjustments as I needed to with the more current versions. However saying I was in a bit over my head would be correct.
So what adjustments would I need to make to be able to do the SMTP and SSL authentication?
Not to worry, this stuff has been rough for most of us at the beginning. And even if you already do have some experience in this field it can still end up rough when you're going to use something else (I still remember the pain when I started using Exim (a mailserver such as Postfix or Sendmail)).
Anyway, I think I may have been a little unclear up there; SSL isn't so much an authentication mechanism on its own. It's merely used to secure the communication between your mailprogram (the client) and Postfix (the server).
So basically you'd first setup SMTP authentication; this allows SMTP clients to authenticate themselves after which the server will accept e-mails from them which aren't destined for the local server itself. In a normal situation an SMTP server only accepts e-mails which are addressed to recipients which it knows about.
Then you can set up your SMTP server to use SSL. This will provide clients another way to communicate with the server, instead of using plain text the connection will get encrypted so that anything sitting between the client (your mailprogram) and the server cannot listen in on the conversation.
I hope an example might make things easier to understand for you.. Let's say I want to sent an e-mail on the commandline. I could use a program like
mutt or
mail. I can also talk to my mailserver directly:
Code:
smtp2:/home/peter $ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
[I]220 smtp2.xxx.com ESMTP Postfix[/I]
helo localhost
[I]250 smtp2.xxx.com[/I]
mail from: root@localhost
[I]250 2.1.0 Ok[/I]
rcpt to: peter@localhost
[I]250 2.1.5 Ok[/I]
data
[I]354 End data with <CR><LF>.<CR><LF>[/I]
Subject: This is a locally generated / made email
Hello World, errr, Peter! :-)
.
[I]250 2.0.0 Ok: queued as D11BD1084C[/I]
quit
[I]221 2.0.0 Bye[/I]
Connection closed by foreign host.
smtp2:/home/peter $
And that's what I meant with plain text up there. The whole conversation between client and server is nothing more but a stream of ASCII text.
Now; if you have authentication set up you'd also see commands like AUTH and such passing through:
Code:
smtp2:/home/peter $ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 smtp2.xxx.com ESMTP Postfix
helo localhost
250 smtp2.xxxx.com
auth login
334 VXNlcm5hbWU6
cgV5aDqMp3=
334 UGFzc3dvcmQ6
MMOkcaDmbA==
235 2.7.0 Authentication successful
quit
221 2.0.0 Bye
And although everything after
auth login may look like encrypted mumbo-jumbo, it's actually merely a so called "base64 encoding" (see
MIME::Base64(3) if you want to know more). Worse yet: it's also easily decoded. Let's see what the server was asking when it replied with
334 UGFzc3dvcmQ6:
Code:
smtp2:/home/peter $ perl -MMIME::Base64 -e 'print decode_base64("UGFzc3dvcmQ6");'
[B]Password:[/B]smtp2:/home/peter $
(and before anyone asks: I know better than to share a valid username / password, even though I removed the actual domain
).
So as you can see; that's why its better to use SSL to provide encryption whenever you're going to use authentication on your SMTP server. Not so much to provide another way to authenticate, but to provide a
safer way to authenticate.
Hope this can help to clear things up for you.
