Some time ago I had some problems sending mail to one of our clients, something with their primary mailserver not accepting connections and a non-existent secondary mailserver. So I wanted to enable authenticated mail sending on my own mailserver.
It was quite easy to get it working, after finding some articles which I could use. The biggest problem was the jail Postfix was in so it couldn’t talk with saslauthd direcly.
I added the following in my
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = smtpd
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unknown_recipient_domain
And I created directory sasl and placed a smtpd.conf in there containing:
mech_list: plain login
And I changed
/etc/default/saslauthd to use the suggested option (suggested in comment in the file itself):
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
- The first article I found on the subject
- A mailinglist post describing a problem I encountered (I didn’t use the suggested solution)
- A good article on howtoforge describing the final solution I used
Today I ran into a problem after I did a package upgrade. I got the warning:
SASL authentication failure: cannot connect to saslauthd server: Permission denied
Seems some permissions where incorrect. I did a:
sudo chgrp sasl /var/spool/postfix/var/run/saslauthd
sudo passwd postfix sasl
sudo /etc/init.d/postfix restart
and that solved it. Why I didn’t get this before I don’t know, but well, this fixed it. Thanks to Jimmy who blogged about Debian and SASL as well.