Newbie lament on SASL authentication with Postscript...

Thu Jul 7 05:01:57 EDT 2011

Hello,

Please accept my apologies in advance for what is only venting my 
frustration with my own combination of hubris and incompetence...

I am building a new mail server to replace an existing FreeBSD 
8.1/Postfix/CourierIMAP/SQWebwail mail server that seems to be working 
OK so far. It, and its predecessors, have been working for years.

But I want to make a new server (on another machine) that uses the most 
recent software, has SMTP user authentication (and maybe some other less 
important bells and whistles), and permit me to keep the old server for 
backup.

So I want to add SMTP user authentication to Postfix. Since Postfix's 
main interest in life is email and not authentication as such, it uses 
SASL from the Cyrus guys. Since Cyrus' main interest in life is 
authentication, and not databases as such, it uses MySQL from the MySQL 
guys. This is GOOD, in the spirit of Newton's remark "If I have seen 
further it is by standing on the shoulders of giants."

This really is GOOD, but I now have to configure three (3) different, 
rather complex (this is not a low blow since the software packages in 
question do all sorts of great things), sets of software.

To stay in the same imagery, I would rather stand on others' shoulders 
than have to figure it all out myself. In short, I would like a simple 
cook-book recipe which says "do steps 1 through 5" and voilà! (I agree 
with Tom Lehrer: "Don't strain your eyes. Plagiarize!").

But I have not found the magic recipe. Such recipes as I have found 
either 1) are very old or 2) describe FreeBSD/Postfix/Dovecot/SQWebwail 
or 3) describe FreeBSD/Postfix/Dovecot/Squirrelmail or 4) describe 
Ubuntu/Postfix/Dovecot/Squirrelmail or 5) describe 
FreeBSD/Postfix/CyrusIMAP/Squirrelmail or ..... 67) describe 
Windows/MSExchangeServer/Dovecot/SQWebwail.

So my next step is to see if, guided by the recipes I have found, I can 
adjust them by using the tried and trusted RTFM method.

In my newbieness, my perception of Cyrus SASL documentation is that it 
falls into a common pitfall for open source documentation: ultra-geek 
documentation for someone who already knows (almost) everything about 
the subject at hand, but is missing that little detail to change the 
package for his/her own ends (admittedly one of the glories of open 
source software). One comes across passages like "Bear in mind that the 
frazzleduper communicates through a noozle-socket (since release 2.3.1) 
but only if you are using IPV6. If you have installed Whizzbang 2 you 
will also have to configure your doosiewhatsis to conform to RFC2542.b" 
After reading passages like this, one wonders if one wouldn't enjoy 
doing one's taxes at least as much...

In the case at hand we have

1) mail clients logging into postfix mail server
2) postfix communicating (logging in?) to Cyrus SASL
3) Cyrus logging in to MySQL
4) and somewhere, Courier authdaemon is doing stuff

I contend there are times when it isn't clear in the documentation who's 
logging into what and for what purpose.

Feel free to flame me, I do deserve it for wanting something GOOD for 
free and with little effort, and I hope I have made it clear I 
understand this.

But right now I'm frustrated and trying to blame my shortcomings on others.

On the other hand, I can use a watch without having to know everything 
about it's insides.

If, after flaming me, you can point me to documentation that hits that 
delicate balance between over-generalized marketing hype and excessive 
technical detail that would be nice.

And finally (at last!), notwithstanding my rant, open source software is 
truly amazing!

Bernard Higonnet
PS I'll be happy with PLAIN LOGIN for now...