edoceo

Postfix + Cyrus SASL - Installation & Configuration

Configure saslauthd

Edit /etc/conf.d/saslauthd as necessary, ours looks like:

SASLAUTHD_OPTS=""
# Auth Mechanisms - use PAM too?
SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam"
# Specify the number of worker processes to create.
SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -n 3"

Now configure the SASL parameters for the smtpd service in /etc/sasl2/smtpd.conf. This example uses the local database (auxprop) and specifies the mechanisms available.

allowanonymouslogin: no
allowplaintext: no
pwcheck_method: auxprop
mech_list: CRAM-MD5 DIGEST-MD5 PLAIN LOGIN

Now start the saslauthd service.

root@host # /etc/init.d/saslauthd start

Add Accounts to SASL Database

The following incantation will create an account for user@example.com.

root@host # saslpasswd2 -c -u example.com user

The -c flag creates the account, -u specifies the domain, followed by the user portion of the account.

Configure Postfix to use SASL

Point Postfix at the SASL system, with proper identidy (smtpd).

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = edoceo.com
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject

See Also

Change Log

  • 2010-08-12 - Created /djb

Loading Comments from Disqus...