122 lines
4.7 KiB
CFEngine3
122 lines
4.7 KiB
CFEngine3
# $NetBSD: sample-auth.cf,v 1.2 2002/12/24 21:37:43 perry Exp $
|
|
#
|
|
# DO NOT EDIT THIS FILE. EDIT THE MAIN.CF FILE INSTEAD. THE STUFF
|
|
# HERE JUST SERVES AS AN EXAMPLE.
|
|
#
|
|
# This file contains example settings of Postfix configuration
|
|
# parameters that control SASL authentication for the Postfix
|
|
# SMTP server and client programs.
|
|
|
|
# SMTP SERVER CONTROLS
|
|
|
|
# The smtpd_sasl_auth_enable parameter controls whether SMTP client
|
|
# authentication is enabled in the Postfix SMTP server. By default,
|
|
# the Postfix SMTP server does not use authentication.
|
|
#
|
|
# If an SMTP client is authenticated, then the permit_sasl_authenticated
|
|
# access restriction can be used to permit relay access, like this:
|
|
#
|
|
# smtpd_recipient_restrictions = permit_sasl_authenticated, ...
|
|
#
|
|
# To reject all SMTP connections from unauthenticated clients,
|
|
# specify smtpd_delay_reject=yes (which is the default) and use:
|
|
#
|
|
# smtpd_client_restrictions = permit_sasl_authenticated
|
|
#
|
|
# In order to enable server-side authentication, build Postfix with
|
|
# SASL support, and install a configuration file /usr/lib/sasl/smtpd.conf
|
|
# (SASL version 1) or /usr/lib/sasl2/smtpd.conf (SASL version 2) with
|
|
# as contents, for example,
|
|
#
|
|
# pwcheck_method: sasldb
|
|
#
|
|
# or whatever method is suitable for your environment: PAM, shadow,
|
|
# etc. If you use sasldb, you can add users with the "saslpasswd"
|
|
# command that comes with the SASL library. If you configure Postfix
|
|
# to use PAM, the PAM service name for SASL authentication is "smtp",
|
|
# and adding users depends entirely on how PAM is set up.
|
|
#
|
|
# If you run your SMTP server chrooted, then you need to copy PAM
|
|
# and/or SASL support libraries and data files into the chroot jail.
|
|
# That's a lot of files, and it seems not very practical to do so.
|
|
#
|
|
#smtpd_sasl_auth_enable = yes
|
|
smtpd_sasl_auth_enable = no
|
|
|
|
# The smtpd_sasl_security_options parameter controls what authentication
|
|
# mechanisms the Postfix SMTP server will offer to the client. The
|
|
# list of available authentication mechanisms is system dependent.
|
|
#
|
|
# Specify zero or more of the following:
|
|
#
|
|
# noplaintext: disallow methods that use plaintext passwords
|
|
# noactive: disallow methods subject to active (non-dictionary) attack
|
|
# nodictionary: disallow methods subject to passive (dictionary) attack
|
|
# noanonymous: disallow methods that allow anonymous authentication
|
|
#
|
|
# An additional option is available in SASL version 2:
|
|
#
|
|
# mutual_auth: only allow methods that provide mutual authentication
|
|
#
|
|
# By default, the Postfix SMTP server accepts plaintext passwords but
|
|
# not anonymous logins.
|
|
#
|
|
# HORROR! It appears that clients try authentication methods in the
|
|
# order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5)
|
|
# which means that if you disable plaintext passwords, clients will
|
|
# log in anonymously, even when they should be able to use CRAM-MD5.
|
|
# So, if you disable plaintext logins, disable anonymous logins too.
|
|
# Postfix treats anonymous login as no authentication.
|
|
#
|
|
#smtpd_sasl_security_options = noanonymous, noplaintext
|
|
smtpd_sasl_security_options = noanonymous
|
|
|
|
# The smtpd_sasl_local_domain parameter specifies the name of the
|
|
# local authentication realm.
|
|
#
|
|
# By default, the local authentication realm name is the name of the
|
|
# machine.
|
|
#
|
|
#smtpd_sasl_local_domain = $mydomain
|
|
smtpd_sasl_local_domain = $myhostname
|
|
|
|
# SMTP CLIENT CONTROLS
|
|
|
|
# The smtp_sasl_auth_enable parameter controls whether authentication
|
|
# is enabled in the Postfix SMTP client. By default, the Postfix SMTP
|
|
# client uses no authentication.
|
|
#
|
|
#smtp_sasl_auth_enable = yes
|
|
smtp_sasl_auth_enable = no
|
|
|
|
# The smtp_sasl_password_maps parameter specifies the names of lookup
|
|
# tables with one username:password entry per remote hostname or
|
|
# domain. If a remote host or domain has no username:password entry,
|
|
# then the Postfix SMTP client will not attempt to authenticate to
|
|
# the remote host.
|
|
#
|
|
# The Postfix SMTP client opens the lookup table before going to
|
|
# chroot jail, so you can leave the password file in /etc/postfix.
|
|
#
|
|
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
|
|
|
|
# The smtp_sasl_security_options parameter controls what authentication
|
|
# mechanisms the local Postfix SMTP client is allowed to use. The
|
|
# list of available authentication mechanisms is system dependent.
|
|
#
|
|
# Specify zero or more of the following:
|
|
#
|
|
# noplaintext: disallow methods that use plaintext passwords
|
|
# noactive: disallow methods subject to active (non-dictionary) attack
|
|
# nodictionary: disallow methods subject to passive (dictionary) attack
|
|
# noanonymous: disallow methods that allow anonymous authentication
|
|
#
|
|
# An additional option is available in SASL version 2:
|
|
#
|
|
# mutual_auth: only allow methods that provide mutual authentication
|
|
#
|
|
# By default, the Postfix SMTP client will not use plaintext passwords.
|
|
#
|
|
#smtp_sasl_security_options =
|
|
smtp_sasl_security_options = noplaintext
|