Postfix and saslauthd

Ken Murchison ken at
Tue Apr 29 12:11:25 EDT 2003

> David Hearn wrote:
> Hi
> I've now got Postfix using SASL2 (via saslauthd) to some extent.
> My client is Outlook Express 6 in XP Pro and here is my situation:
> smtpd_sasl_auth_enable = yes
> smtpd_recipient_restrictions = permis_sasl_authenticated,
> permit_mynetworks, reject_unauth_destination
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_local_domain =
> broken_sasl_auth_clients = yes
> Note that I have the smtpd_sasl_local_domain set to blank.
> When I try sending an email through the server, smtpd trys to use
> sasldb2 and NTLM authentication first (SPA is turned off in my
> client).  OE displays a "username, password and domain" box asking for
> these details.  If I put anything in and click okay - it comes back
> and asks it again.  I've tried various combinations of username
> without domain, with domain, etc.  If I click cancel, then it then
> tries LOGIN and it works.  However - (BIG HOWEVER) - it ONLY works if
> I have smtpd_sasl_local_domain set to blank.  If I have it set to the
> real domain, then it tries to authenticate
> at - which fails.
> saslauthd is set up to use PAM, and the imap pam.d file is the same as
> the one used for smtp.  I have got OE set up to not use SPA (which I
> understand is NTLM), and its meant to use "same settings as incoming
> mail server".
> Am I doing something wrong here?  Why do I have to set
> smtpd_sasl_local_domain to empty?  Is this right?
> Is there any way that I can stop it trying to use NTLM authentication
> (anything I can turn off in postfix or something) as I don't want it
> attempting to use that (as it doesn't appear to work).

Either remove the NTLM plugin (eg, /usr/lib/sasl2/libntlm.*) or limit
the list of advertised mechanisms by using the mech_list in your Postfix
SASL config file.  See doc/options.html in the SASL distro.

Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--

More information about the Info-cyrus mailing list