Recipe 20.8. Installing Cyrus-SASL on Debian

20.8.1 Problem

You need to know The Debian Way of adding Cyrus-SASL to your mail server.

20.8.2 Solution

First, install the SASL packages:

# apt-get install  libsasl2  sasl2-bin  libsasl2-modules

Then, edit /etc/default/saslauthd to look like this:

# This needs to be uncommented before saslauthd will be run automatically  START=yes     # You must specify the authentication mechanisms  # you wish to use. # This defaults to "pam" for PAM support, but may # also include # "shadow" or "sasldb", like this: # MECHANISMS="pam shadow"     MECHANISMS="pam"

Next, add these lines to main.cf:

smtpd_sasl_auth_enable = yes smtpd_sasl2_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_local_domain =$mydomain     smtpd_recipient_restrictions =          permit_sasl_authenticated          permit_mynetworks          reject_unauth_destination

and activate the changes:

# postfix reload

Then verify that Postfix is seeing the new libraries:

$ telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. 220 windbag.test.net ESMTP Postfix (Libranet/GNU) EHLO windbag.test.net 250-windbag.test.net 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-XVERP 250 8BITMIME

The STARTTLS and AUTH lines are just what you want to see. Now you can move on to Recipe Recipe 20.9 for the next step.

20.8.3 Discussion

You can use AUTH LOGIN and PLAIN, because logins will be encrypted by TLS (see Recipe Recipe 20.9).

20.8.4 See Also

• /usr/share/doc/postfix/examples/, for descriptions of main.cf options

• /usr/share/doc/postfix/examples/sample-auth.cf.gz, for explanations of the authentication options

• The Postfix book (/usr/share/doc/postfix/html/index.html)