Monthly Archives: December 2007

Debian Etch Postfix + Sasl2

Some time ago I had some problems sending mail to one of our clients, something with their primary mailserver not accepting connections and a non-existent secondary mailserver. So I wanted to enable authenticated mail sending on my own mailserver.

It was quite easy to get it working, after finding some articles which I could use. The biggest problem was the jail Postfix was in so it couldn’t talk with saslauthd direcly.

I added the following in my main.cf

#SMTP Auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = smtpd
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unknown_recipient_domain

And I created directory sasl and placed a smtpd.conf in there containing:

pwcheck_method: saslauthd
mech_list: plain login

And I changed /etc/default/saslauthd to use the suggested option (suggested in comment in the file itself):

OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

Used articles:

Update 2008-05-15:
Today I ran into a problem after I did a package upgrade. I got the warning:

SASL authentication failure: cannot connect to saslauthd server: Permission denied

Seems some permissions where incorrect. I did a:

sudo chgrp sasl /var/spool/postfix/var/run/saslauthd
sudo passwd postfix sasl
sudo /etc/init.d/postfix restart

and that solved it. Why I didn’t get this before I don’t know, but well, this fixed it. Thanks to Jimmy who blogged about Debian and SASL as well.