Debian Postfix backports and SASL2

Markus Welsch markus.welsch at
Tue Apr 29 06:13:34 EDT 2003


> Hi, I've been following the Web-Cryadm howto to install Cyrus, Postfix 
> etc and I've managed to get Cyrus working fine using SASL2.  I'm using 
> Debian Testing distro and using the backports of Cyrus, Postfix etc.  
> The problem I can see, is that Cyrus is using SASL2, and Postfix is 
> using (or depends on at least) SASL1.  I've got both SASL2 and SASL1 
> installed - but I think I've only configured it all for SASL2 (I 
> think) - however when I enable SASL authentication in postfix, I get a 
> "Bad command at startup - throttling" message whenever I try to send an 
> email.  If I turn SASL off, then it works.
> I'd prefer not to have to re-compile Postfix from the sources (I like 
> the automatic updating facility of Debian packages).
> So - has anyone got SASL2 authentication working with Postfix using the 
> Debian backports (  Is it 
> possible to still use the saslauthd (SASL2) with Postfix which is 
> expecting SASL1?  I'm quite confused by all this SASL stuff.

Well there is a more recent version of the postfix backport available at

You can't use SASL2 with Postfix 2.x backports if you are not compiling 
Postfix yourself. This is because of a dependency problem that would 
occur when Postfix would be using SASL2.

I have SMTP AUTH working fine with Postfix 2.09 (including 
sender_login_map). All you need is

	smtpd_recipient_restrictions =

	smtpd_sasl_auth_enable          = yes
	smtpd_sasl_local_domain         = $myhostname
	smtpd_sasl_security_options     = noanonymous
	smtpd_sender_login_maps         = hash:/etc/postfix/sender_login

If you do not want to use sender login maps then just disable that 
stuff. When you use sasldblistusers be sure that the users that you want 
to authentificate for is created correctly. E. g. if your $myhostname is then you could create a smtp auth user using:

	saslpasswd -a -u username


	cp /etc/sasldb /var/spool/postfix/etc

Since postfix is running chrooted to /var/spool/postfix by default - 
which is a good task :-))



More information about the Info-cyrus mailing list