SMTP Authentication in Luminis / iPlanet Environment
in [Postfix]
|
Prev: SMTP Authentication in Exchange environment
Next: overidding with my networks. Better way of doing it?
From: Robert Lopez on 13 May 2010 16:38 I just read Kaleb Hosie's post with the subject "SMTP Authentication in Exchange environment". I did not want to steal his thread but I would like to follow up on some of the ideas that came up in that thread. I have been attempting to understand how to do the same thing with a different environment, Luminis. For those who do not know, this is how the provider, Sungard Higher Education, describes Luminis on their web site: " The Luminis Platform functions as the foundation of a unified digital campus through a combination of portal features, enterprise applications, and infrastructure. Combined with the Luminis Content Management Suites web content management capabilities, the Luminis Platform can showcase a consistent institutional brand and fresh web content, giving your institution a vibrant web presence. " A component of Luminis is a web portal to a Sun mail system called iPlanet (Sun Java Messaging Server email system). We have a few postfix servers that receive mail and forward clean email to the Luminis email / iPlanet. Users who use portable devices including notebooks, web books, and smart phones keep asking to be able to send and reply-to mail remotely. The Luminis system is setup to allow users to read their email via the web interface from any internet connection. However, if they are off the campus network they are not able to reply-to or send new email. The iPlanet has an IMAP interface (there is a 143/tcp port open for IMAP and a running imapd). LDAP is working for a single sign on system on a different server. I (like all the students) have been able to read email but have yet to be successful in sending email. The administrators of that system say they understand it is possible to use the postfix system and SASL to send email from remote devices through the postfix and SASL to the iPlanet IMAP service. I have been unable to make this happen. The college auditors require this situation to use the same password (the single sign on authentication) used for all other college systems. I have been reading Postfix, LDAP, SASL, andDovecot documentation and testing ideas on a virtual system but I have thus far not created a working solution. What's the best way to accomplish the goal in this environment? -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106
From: Victor Duchovni on 13 May 2010 16:55 On Thu, May 13, 2010 at 02:38:40PM -0600, Robert Lopez wrote: > We have a few postfix servers that receive mail and forward clean > email to the Luminis email / iPlanet. > > Users who use portable devices including notebooks, web books, and > smart phones keep asking to be able to send and reply-to mail > remotely. To enable remote submission, provision a port 587 TLS encrypted submission service that offers AUTH PLAIN, and perhaps also GSSAPI if you are willing to expose a suitable KDC to the Internet and client software supports SMTP with GSSAPI auth. Postfix supports Cyrus SASL. As backends for "PLAIN", you can use the "rimap" support to delegate password validation to the imap server, or directly consult the same password oracle that the IMAP server uses. > What's the best way to accomplish the goal in this environment? Figure out which SASL modules are inter-operable with your IMAP server or its single-sign-on backend. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
From: Robert Lopez on 14 May 2010 12:22
On Thu, May 13, 2010 at 2:55 PM, Victor Duchovni <Victor.Duchovni(a)morganstanley.com> wrote: > To enable remote submission, provision a port 587 TLS encrypted > submission service that offers AUTH PLAIN, and perhaps also GSSAPI > if you are willing to expose a suitable KDC to the Internet and > client software supports SMTP with GSSAPI auth. > > Postfix supports Cyrus SASL. As backends for "PLAIN", you can use the > "rimap" support to delegate password validation to the imap server, or > directly consult the same password oracle that the IMAP server uses. > >> What's the best way to accomplish the goal in this environment? > > Figure out which SASL modules are inter-operable with your IMAP > server or its single-sign-on backend. > > -- > Viktor. > > P.S. Morgan Stanley is looking for a New York City based, Senior Unix > system/email administrator to architect and sustain our perimeter email > environment. If you are interested, please drop me a note. > I have a lot to learn! There are terms and concepts in you response that are new to me. Thanks for the direction tips. -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 |