Recipe 20.8. Installing Cyrus-SASL on Debian

20.8.1 Problem

You need to know The Debian Way of adding Cyrus-SASL to your mail server.

20.8.2 Solution

First, install the SASL packages:

# apt-get install  libsasl2  sasl2-bin  libsasl2-modules

Then, edit /etc/default/saslauthd to look like this:

# This needs to be uncommented before saslauthd will be run automatically

 START=yes

   

# You must specify the authentication mechanisms 

# you wish to use.

# This defaults to "pam" for PAM support, but may

# also include

# "shadow" or "sasldb", like this:

# MECHANISMS="pam shadow"

   

MECHANISMS="pam"

Next, add these lines to main.cf:

smtpd_sasl_auth_enable = yes

smtpd_sasl2_auth_enable = yes

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_sasl_local_domain =$mydomain

   

smtpd_recipient_restrictions =

         permit_sasl_authenticated

         permit_mynetworks

         reject_unauth_destination

and activate the changes:

# postfix reload

Then verify that Postfix is seeing the new libraries:

$ telnet localhost 25

Trying 127.0.0.1...

Connected to localhost.localdomain.

Escape character is '^]'.

220 windbag.test.net ESMTP Postfix (Libranet/GNU)

EHLO windbag.test.net

250-windbag.test.net

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-STARTTLS

250-AUTH LOGIN PLAIN

250-AUTH=LOGIN PLAIN

250-XVERP

250 8BITMIME

The STARTTLS and AUTH lines are just what you want to see. Now you can move on to Recipe Recipe 20.9 for the next step.

20.8.3 Discussion

You can use AUTH LOGIN and PLAIN, because logins will be encrypted by TLS (see Recipe Recipe 20.9).

20.8.4 See Also

• /usr/share/doc/postfix/examples/, for descriptions of main.cf options

• /usr/share/doc/postfix/examples/sample-auth.cf.gz, for explanations of the authentication options

• The Postfix book (/usr/share/doc/postfix/html/index.html)