cyrus-sasl

Configuring

This mini-howto helps you to install the saslauthd server using postfix which will authenticate using users and passwords from /etc/{passwd,shadow}.

First install the necessary packages:

# pacman-g2 -S postfix saslauthd

Enable sasl in postfix’s config by appending the following lines to /etc/postfix/main.cf:

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous

You may want to append

broken_sasl_auth_clients = yes

as well.

Put the following lines to /usr/lib/sasl2/smtpd.conf:

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

Edit /etc/sysconfig/saslauthd by changing the following lines:

SASL_DIE=1

to

SASL_DIE=0

and

auth_mechanism=""

to

auth_mechanism="shadow"

Now you can start saslauthd by

service saslauthd start

as well as enabled in by default on startup:

service saslauthd add

Issue id postfix and see if the daemon group is listed. If not, then add postfix to the daemon group:

usermod -G daemon postfix

Finally restart postfix:

service postfix restart

Compeleted!

Verifying

We test it using telnet. We need perl to generate the string for the SASL authentication:

$ perl -MMIME::Base64 -e 'print encode_base64("vmiklos\0vmiklos\0secret");'
dm1pa2xvcwB2bWlrbG9zAHNlY3JldA==

Then use telnet:

$ telnet host.com 25
Trying ip...
Connected to host.com.
Escape character is '^]'.
220 host.com ESMTP Postfix
ehlo my.dhcp
250-host.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN dm1pa2xvcwB2bWlrbG9zAHNlY3JldA==
235 2.0.0 Authentication successful
quit
221 2.0.0 Bye
Connection closed by foreign host.