Adding authentication

[krkr]

Hello,


I got a couple of nodes that I added EFA infront of them as an outbound mail scanner , I need to have authentication enabled for each server .

so server A has one login (serverwide) to access EFA and not one login per mail address.

preferably this to be done on MySQL side

any idea ?

[shawniverson]

Do you have an LDAP service? If so, check out some how to's in the forums

[krkr]

thx shawn but I need this on MySQL if possible

[shawniverson]

So, do you just need to import users into mysql for EFA in bulk?

[krkr]

Mainly the part where this 2 servers have to AUTH through MySQL first before relaying email to EFA

[shawniverson]

So you not only need logins but also a recipient list for postfix generated and synced from the logins?

[shawniverson]

Similar to this?

https://kitt.hodsden.org/blog/2014/06/p ... cess_mysql

I could probably do this and sync from mailwatch users table...

[shawniverson]

Oh, you said AUTH....that would use sasl....need to do more research....

[krkr]

No, need just need EFA to reject message if login is incorrect , I understand in normal setup I have to modify
/etc/pam.d/smtp and add the next lines:

Code: Select all

auth    required   pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users_table usercolumn=email passwdcolumn=password crypt=1

but need to know the "exact" and correct way to do it for EFA,
As for the recipients in the email itself its not important to check, the email will be treated in the normal manner by EFA as an outbound filter .

[krkr]

Thanks for looking this up , I'm not sure what's the proper way of doing so considering EFA internals but yes it will be SASL AFAIK