Debian Postfix backports and SASL2

David Hearn dave at
Tue Apr 29 06:23:24 EDT 2003

----- Original Message ----- 
From: "Markus Welsch" <markus.welsch at>
To: "David Hearn" <dave at>
Cc: <info-cyrus at>
Sent: Tuesday, April 29, 2003 11:13 AM
Subject: Re: Debian Postfix backports and SASL2

> Hi,
> > Hi, I've been following the Web-Cryadm howto to install Cyrus, Postfix
> > etc and I've managed to get Cyrus working fine using SASL2.  I'm using
> > Debian Testing distro and using the backports of Cyrus, Postfix etc.
> > The problem I can see, is that Cyrus is using SASL2, and Postfix is
> > using (or depends on at least) SASL1.  I've got both SASL2 and SASL1
> > installed - but I think I've only configured it all for SASL2 (I
> > think) - however when I enable SASL authentication in postfix, I get a
> > "Bad command at startup - throttling" message whenever I try to send an
> > email.  If I turn SASL off, then it works.
> >
> > I'd prefer not to have to re-compile Postfix from the sources (I like
> > the automatic updating facility of Debian packages).
> >
> > So - has anyone got SASL2 authentication working with Postfix using the
> > Debian backports (  Is it
> > possible to still use the saslauthd (SASL2) with Postfix which is
> > expecting SASL1?  I'm quite confused by all this SASL stuff.
> Well there is a more recent version of the postfix backport available at
> You can't use SASL2 with Postfix 2.x backports if you are not compiling
> Postfix yourself. This is because of a dependency problem that would
> occur when Postfix would be using SASL2.

I suspect that re-compiling might be the best idea for my situation.  I'm
currently looking at this.

> I have SMTP AUTH working fine with Postfix 2.09 (including
> sender_login_map). All you need is
> smtpd_recipient_restrictions =
> ...
> permit_sasl_authenticated,
> reject_sender_login_mismatch,
> ...
> smtpd_sasl_auth_enable          = yes
> smtpd_sasl_local_domain         = $myhostname
> smtpd_sasl_security_options     = noanonymous
> smtpd_sender_login_maps         = hash:/etc/postfix/sender_login
> If you do not want to use sender login maps then just disable that
> stuff. When you use sasldblistusers be sure that the users that you want
> to authentificate for is created correctly. E. g. if your $myhostname is
> then you could create a smtp auth user using:
> saslpasswd -a -u username
> Afterwards
> cp /etc/sasldb /var/spool/postfix/etc

At the moment, I've got Cyrus using saslauthd (SASL2) and PAM and using a
MySQL database to store the users.  This is my preferred option.  Is there
any way of doing this with SASL1?  If not, then I guess its the recompile
option. ;)

> Since postfix is running chrooted to /var/spool/postfix by default -
> which is a good task :-))

At the moment, I've turned it off due to problems with it accessing the
mysql socket - but I think I know a way around that, and shall probably try
chrooting it again once I've got it to a fully working state.



More information about the Info-cyrus mailing list