Finally had an evening to myself to continue the research in setting up a good and secure mailserver for multiple virtual domains. I’ve started by getting SASL up and running doing some proper authentication when someone wants to send mail via our mailserver. Normally one is able to do this without providing a username and password, but in this day and age of evil spammers this is not a good idea.

Authentication for SMTP access is a good thing. But not by itself, we need to encrypt the communication between the client and the server so nobody can sniff out the passwords on the internet. To do this we need to recompile postfix for TLS support. It’s a SSL lookalike for a specific transport. More on this later.

It took me some effort and some Googling to get the authentication on STMP working using the compiled SASL library. As an added bonus I got it to use the authdaemon which we configured already for the IMAP authentication. Which saves a lot of problems now we don’t have to keep multiple user administrations. It’s getting better all the time.

Next step is getting TLS working on Postfix, keep watching…