Debian Postfix backports and SASL2
dave at swampie.org.uk
Tue Apr 29 06:23:24 EDT 2003
----- Original Message -----
From: "Markus Welsch" <markus.welsch at suk.net>
To: "David Hearn" <dave at swampie.org.uk>
Cc: <info-cyrus at andrew.cmu.edu>
Sent: Tuesday, April 29, 2003 11:13 AM
Subject: Re: Debian Postfix backports and SASL2
> > Hi, I've been following the Web-Cryadm howto to install Cyrus, Postfix
> > etc and I've managed to get Cyrus working fine using SASL2. I'm using
> > Debian Testing distro and using the backports of Cyrus, Postfix etc.
> > The problem I can see, is that Cyrus is using SASL2, and Postfix is
> > using (or depends on at least) SASL1. I've got both SASL2 and SASL1
> > installed - but I think I've only configured it all for SASL2 (I
> > think) - however when I enable SASL authentication in postfix, I get a
> > "Bad command at startup - throttling" message whenever I try to send an
> > email. If I turn SASL off, then it works.
> > I'd prefer not to have to re-compile Postfix from the sources (I like
> > the automatic updating facility of Debian packages).
> > So - has anyone got SASL2 authentication working with Postfix using the
> > Debian backports (http://people.debian.org/~hmh/woody/hmh)? Is it
> > possible to still use the saslauthd (SASL2) with Postfix which is
> > expecting SASL1? I'm quite confused by all this SASL stuff.
> Well there is a more recent version of the postfix backport available at
> You can't use SASL2 with Postfix 2.x backports if you are not compiling
> Postfix yourself. This is because of a dependency problem that would
> occur when Postfix would be using SASL2.
I suspect that re-compiling might be the best idea for my situation. I'm
currently looking at this.
> I have SMTP AUTH working fine with Postfix 2.09 (including
> sender_login_map). All you need is
> smtpd_recipient_restrictions =
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_security_options = noanonymous
> smtpd_sender_login_maps = hash:/etc/postfix/sender_login
> If you do not want to use sender login maps then just disable that
> stuff. When you use sasldblistusers be sure that the users that you want
> to authentificate for is created correctly. E. g. if your $myhostname is
> testing.isp.com then you could create a smtp auth user using:
> saslpasswd -a -u testing.isp.com username
> cp /etc/sasldb /var/spool/postfix/etc
At the moment, I've got Cyrus using saslauthd (SASL2) and PAM and using a
MySQL database to store the users. This is my preferred option. Is there
any way of doing this with SASL1? If not, then I guess its the recompile
> Since postfix is running chrooted to /var/spool/postfix by default -
> which is a good task :-))
At the moment, I've turned it off due to problems with it accessing the
mysql socket - but I think I know a way around that, and shall probably try
chrooting it again once I've got it to a fully working state.
More information about the Info-cyrus