Debian Postfix backports and SASL2

Markus Welsch markus.welsch at suk.net
Tue Apr 29 06:13:34 EDT 2003 

Hi,

> Hi, I've been following the Web-Cryadm howto to install Cyrus, Postfix 
> etc and I've managed to get Cyrus working fine using SASL2.  I'm using 
> Debian Testing distro and using the backports of Cyrus, Postfix etc.  
> The problem I can see, is that Cyrus is using SASL2, and Postfix is 
> using (or depends on at least) SASL1.  I've got both SASL2 and SASL1 
> installed - but I think I've only configured it all for SASL2 (I 
> think) - however when I enable SASL authentication in postfix, I get a 
> "Bad command at startup - throttling" message whenever I try to send an 
> email.  If I turn SASL off, then it works.
>  
> I'd prefer not to have to re-compile Postfix from the sources (I like 
> the automatic updating facility of Debian packages).
>  
> So - has anyone got SASL2 authentication working with Postfix using the 
> Debian backports (http://people.debian.org/~hmh/woody/hmh)?  Is it 
> possible to still use the saslauthd (SASL2) with Postfix which is 
> expecting SASL1?  I'm quite confused by all this SASL stuff.

Well there is a more recent version of the postfix backport available at
http://people.debian.org/~nobse/

You can't use SASL2 with Postfix 2.x backports if you are not compiling 
Postfix yourself. This is because of a dependency problem that would 
occur when Postfix would be using SASL2.

I have SMTP AUTH working fine with Postfix 2.09 (including 
sender_login_map). All you need is

	smtpd_recipient_restrictions =
		...
		permit_sasl_authenticated,
		reject_sender_login_mismatch,
		...

	smtpd_sasl_auth_enable          = yes
	smtpd_sasl_local_domain         = $myhostname
	smtpd_sasl_security_options     = noanonymous
	smtpd_sender_login_maps         = hash:/etc/postfix/sender_login


If you do not want to use sender login maps then just disable that 
stuff. When you use sasldblistusers be sure that the users that you want 
to authentificate for is created correctly. E. g. if your $myhostname is 
testing.isp.com then you could create a smtp auth user using:

	saslpasswd -a -u testing.isp.com username

Afterwards

	cp /etc/sasldb /var/spool/postfix/etc

Since postfix is running chrooted to /var/spool/postfix by default - 
which is a good task :-))



Cheers,

Markus

More information about the Info-cyrus mailing list