 |
|
|
|
|
### Get SASL authentication working with a Postfix mail server ### |
|
|
|
|
|
How to get the SASL authentication working with the Postfix mail server? |
|
|
|
On my Postfix server, I needed to allow relaying for authenticated people only.… |
|
For authentication purpose, Postfix uses SASL. Here are parameters which I had … |
|
|
|
# SASL configuration |
|
smtpd_sasl_auth_enable = yes |
|
smtpd_sasl_security_options = noanonymous |
|
smtpd_sasl_local_domain = $myhostname |
|
smtpd_sasl_application_name = smtpd |
|
broken_sasl_auth_clients = yes |
|
|
|
smtpd_recipient_restrictions = |
|
permit_sasl_authenticated, |
|
permit_mynetworks, |
|
reject_unauth_destination, |
|
reject_unauth_pipelining |
|
|
|
The next step is to setup SASL itself. That's the content of the /etc/postfix/s… |
|
|
|
pwcheck_method: auxprop |
|
auxprop_plugin: sasldb |
|
mech_list: plain login cram-md5 digest-md5 |
|
|
|
Important to note, that to be able to use auxprop method, I had to install the … |
|
|
|
|
|
Now, the SASL mechanism will use the database at /etc/sasldb2 (this is a standa… |
|
It's important to let Postfix (and SASL, obviously) access the database file (o… |
|
Another trouble I got, is that Postfix was looking after a /var/spool/postfix/e… |
|
|
|
smtp inet n - n - - smtpd |
|
|
|
The second "n" means it is not chrooted. There may be a way of running smtpd in… |
|
|
|
|
|
From now on, Postfix will perform SASL authentication via sasldb2 lookups. Here… |
|
|
|
List users of the sasldb2 database: |
|
sasldblistusers2 |
|
|
|
Add a new user to the sasldb2 database: |
|
saslpasswd2 -c <username> -u <domainname> -a smtpauth |
|
(note, that users will have to use logins in the form "username@domainn… |
|
|
|
Remove a user from the sasldb2 database: |
|
saslpasswd2 -d <username> |
|
|
|
Dump database's content onscreen: |
|
db_dump /etc/sasldb2 -p |
|
(well, on my Debian 5 distro it was actually the "db4.6_dump" command) |
|
