After trying to find a way to make my postfix installation allow authenticated users (over TLS will come later) relay mail using SASL, on a CentOS machine using only CentOS packages I discovered it was not as easy as I may have liked.
So after installing cyrus-sasl, postfix and dovecot all I needed to do was:
Edit /etc/postfix/main.cf – At the end of your configuration add:
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
Don’t forget that postfix by default runs in it’s own chroot jail, so the smptd_sasl_path above is relative to the postfix root. So in my case on CentOS 5 that equates to “/var/spool/postfix/private/auth”
Now go on and edit your /etc/dovecot.conf file. Find the lines
userdb passwd {
}
Then add this immediately below it
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
Now all you need to do is restart postfix, dovecot and (re)start saslauthd
/etc/init.d/postfix restart
/etc/init.d/dovecot restart
/etc/init.d/saslauthd restart
If you now telnet to your mail server on port 25, and use EHLO you should be able to see the following
ehlo me
250-your.server.domain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
My next posting will include details on how to extend this to include the use of TLS
