Mailing List Archive: Qmail: users

Qmail authenticating to Qmail

Index | Next | Previous | View Threaded

lists at penpal4u

Sep 2, 2009, 6:15 PM

Post #1 of 5 (1508 views)
Permalink

Qmail authenticating to Qmail

Hi,
is it possible to have a Qmail server authenticate to another Qmail
server via certificate? I understand that I can configure Qmail (patched
with Bill Shupp's combined SMTP AUTH/TLS patch) to allow clients to
authenticate via certificate. I also understand that I can get
qmail-remote to verify a remote relay's certificate against certain
certificates locally.
However, is it also possible for a Qmail server to authenticate to
another Qmail server as if it was a a MUA? Or do I have to use
something like the qmail-remote-auth patch
(http://tomclegg.net/qmail/qmail-remote-auth.patch ) if I don't want to
just allow relaying for a certain IP address?

Cheers,
Christian

kyle-qmail at memoryhole

Sep 2, 2009, 10:52 PM

Post #2 of 5 (1380 views)
Permalink

Re: Qmail authenticating to Qmail [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Thursday, September 3 at 11:15 AM, quoth Christian Lerrahn:
>However, is it also possible for a Qmail server to authenticate to
>another Qmail server as if it was a a MUA?

Yes, it's possible.

>Or do I have to use something like the qmail-remote-auth patch
>(http://tomclegg.net/qmail/qmail-remote-auth.patch ) if I don't want to
>just allow relaying for a certain IP address?

And that is the way in which it's possible.

No offense, but "is it possible" questions almost always have "yes,
it's possible" as the answer. This question, in particular, seems much
like "is it possible to get from New York to London, or do I have to
ride on an airplane?" You've provided your own answer within the
question.

~Kyle
- --
Education is the ability to listen to almost anything without losing
your temper.
-- Robert Frost
-----BEGIN PGP SIGNATURE-----
Comment: Thank you for using encryption!

iQIcBAEBCAAGBQJKn1mZAAoJECuveozR/AWeSp0P/3mB5CbnFgcrKJ0lU+NeXnSO
rRDhpSUOJx+BvWujieni9RTPujVXEs54ygV9nB6nhw9odPW/INJn7P0eYwoSPWdt
UzPC5f89ZuTEwpGPjmpe2/K7LN2q181o29U79K76BwUWrrAiPgpo+IBAqWHQRN7J
RiNbHZAIk2S5QdR4EZOzTnzBWgXOd0u9C05mNrWKChVJfCxC6fIlcw1ClFYQwSbX
fQMMliTZcgrFCUE+LkpTEZx/DKZoRXQstUlEO+Cy5fSPeFzRq1V+M/57NZmbzc22
+MlQsCyaFYo8FFrC/R6QkJpUfHq5olt9Io3uCnjWPJTRWgoEj2Vtg7C1WJpWz4DN
6t9OCiFMgO/YlKaCPYKvo8pGVQ7eL4SoB5BXxTuL9Zm34VWpLkSdsEkz1Nv7blvR
D44ZvTTZQabKFPejLJtra+JcKNntQz8j/8/jOO43KUIUSBG6lO5y4lfYbLcudy9n
R949Ymjfqzq7KoYomFJ9Mav/MTDCUDWrtFRo27Fra6T53YOrWgY9UdbKlGKOW03N
wwyKNmcwlGeuYVA8NH8LELzbol8BeCS+8FP5nTnTJAUBUz9cQbo9vjCnpkEmrm6s
eF4IbMUXUirQSn9u1EF33xr2H1LI/yX8dGQaSqPk+OSQ3sDwyrZDAmxvkSZ7VBS1
woXuogUkJITyiPFTcOpI
=Zgwr
-----END PGP SIGNATURE-----

lists at penpal4u

Sep 5, 2009, 9:07 AM

Post #3 of 5 (1355 views)
Permalink

Re: Qmail authenticating to Qmail [In reply to]

Hi Kyle,
> On Thursday, September 3 at 11:15 AM, quoth Christian Lerrahn:
> >However, is it also possible for a Qmail server to authenticate to
> >another Qmail server as if it was a a MUA?
>
> Yes, it's possible.
>
> >Or do I have to use something like the qmail-remote-auth patch
> >(http://tomclegg.net/qmail/qmail-remote-auth.patch ) if I don't want
> >to just allow relaying for a certain IP address?
>
> And that is the way in which it's possible.
>
> No offense, but "is it possible" questions almost always have "yes,
> it's possible" as the answer. This question, in particular, seems
> much like "is it possible to get from New York to London, or do I
> have to ride on an airplane?" You've provided your own answer within
> the question.

If I provided the answer myself, I probably did not word the question
well. ;) I wanted to ask "is it possible to get from New York to
London by boat or do I have to ride on an airplane". Or, to say what I
really meant "do I have to use the qmail-remote-auth patch and use a
username and password to authenticate or can I also authenticate via
certificate like an MUA could?

Cheers,
Christian

lists-qmail at maexotic

Sep 5, 2009, 9:31 AM

Post #4 of 5 (1348 views)
Permalink

Re: Qmail authenticating to Qmail [In reply to]

On Sun, Sep 06, 2009 at 02:07:37AM +1000, Christian Lerrahn wrote:
> really meant "do I have to use the qmail-remote-auth patch and use a
> username and password to authenticate or can I also authenticate via
> certificate like an MUA could?

Yes :-)
With the mentioned patch you have to use username and password.
However at least the STARTTLS patch (from qmail.org):
Frederik Vermeulen has written a patch implementing RFC2487
(starttls) in qmail (qmail-smtpd as server, qmail-remote as client).
http://inoa.net/qmail-tls/
should allow authentication via a certificate.

\Maex

Jason.Haar at trimble

Sep 5, 2009, 2:42 PM

Post #5 of 5 (1349 views)
Permalink

Re: Qmail authenticating to Qmail [In reply to]

On 09/06/2009 04:07 AM, Christian Lerrahn wrote:
>
> If I provided the answer myself, I probably did not word the question
> well. ;) I wanted to ask "is it possible to get from New York to
> London by boat or do I have to ride on an airplane". Or, to say what I
> really meant "do I have to use the qmail-remote-auth patch and use a
> username and password to authenticate or can I also authenticate via
> certificate like an MUA could?
>
>

I'd propose you use Bill Shupp's combination of TLS and auth patch instead

http://www.shupp.org/smtp-auth-tls/

That way you get both worlds: cert authentication (when you have a
client cert) and username/password authentication when you don't

This message was brought to you thanks to that patch :-)

--
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads