====== Postfix with SMTP-auth ======
**''main.cf''**
  smtpd_recipient_restrictions =
  ...
     permit_sasl_authenticated
  ...
  
  smtp_use_tls = yes
  smtpd_tls_auth_only = no
  
  tls_random_source = dev:/dev/urandom
  tls_daemon_random_source = $tls_random_source
  
# [[How to make SSL key]] FIXME
  smtpd_tls_cert_file = /etc/ssl/certs/cert.pem
  smtpd_tls_key_file = /etc/ssl/certs/cert.key
  smtpd_use_tls = yes
  
  smtpd_sasl_auth_enable = yes
  smtpd_sasl_security_options = noanonymous
  smtp_sasl_security_options = noanonymous
  smtpd_sasl_local_domain =

==== sasl + pam-mysql (encrypted passwords in db) ====

=== Installing the saslauthd and connection with pam.d ===

  # apt-get install libsasl2 libsasl2-modules libsasl2-modules-sql sasl2-bin

**''/etc/default/saslauthd''** 
   # This needs to be uncommented before saslauthd will be run automatically
   START=yes
   # You must specify the authentication mechanisms you wish to use.
   # This defaults to "pam" for PAM support, but may also include
   # "shadow" or "sasldb", like this:
   # MECHANISMS="pam shadow"
   MECHANISMS="pam"

=== Postix-extra configuration ===

**''/etc/posfix/sasl/smtpd.conf''**
   #minimum_layer: 0
   mech_list: plain login
   pwcheck_method: saslauthd
   #auto_transition: no
   saslauthd_path:/var/run/saslauthd/mux

in this case you cannot use CRAM-MD5, DIGEST-MD5 password hashes, bause cannot they cannot be generated since the password are already oneway encripted in the database;

=== pam.d-mysql ===

   # apt-get install libpam-mysql

**''/etc/pam.d/smtp''**   
   auth required pam_mysql.so host=<hostname> user=<username> passwd=<password> \
         db=postfix table=user   usercolumn=User passwdcolumn=Password crypt=1
   account required pam_mysql.so host=<hostname> user=<username> passwd=<password> \
         db=postfix table=user usercolumn=User passwdcolumn=Password crypt=1


==== the other way  ====