Table of Contents

Postfix with SMTP-auth

main.cf

smtpd_recipient_restrictions =
...
   permit_sasl_authenticated
...

smtp_use_tls = yes
smtpd_tls_auth_only = no

tls_random_source = dev:/dev/urandom
tls_daemon_random_source = $tls_random_source

# How to make SSL key FIXME

smtpd_tls_cert_file = /etc/ssl/certs/cert.pem
smtpd_tls_key_file = /etc/ssl/certs/cert.key
smtpd_use_tls = yes

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtp_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

sasl + pam-mysql (encrypted passwords in db)

Installing the saslauthd and connection with pam.d

# apt-get install libsasl2 libsasl2-modules libsasl2-modules-sql sasl2-bin

/etc/default/saslauthd # This needs to be uncommented before saslauthd will be run automatically

 START=yes
 # You must specify the authentication mechanisms you wish to use.
 # This defaults to "pam" for PAM support, but may also include
 # "shadow" or "sasldb", like this:
 # MECHANISMS="pam shadow"
 MECHANISMS="pam"

Postix-extra configuration

/etc/posfix/sasl/smtpd.conf

 #minimum_layer: 0
 mech_list: plain login
 pwcheck_method: saslauthd
 #auto_transition: no
 saslauthd_path:/var/run/saslauthd/mux

in this case you cannot use CRAM-MD5, DIGEST-MD5 password hashes, bause cannot they cannot be generated since the password are already oneway encripted in the database;

pam.d-mysql

 # apt-get install libpam-mysql

/etc/pam.d/smtp auth required pam_mysql.so host=<hostname> user=<username> passwd=<password> \

       db=postfix table=user   usercolumn=User passwdcolumn=Password crypt=1
 account required pam_mysql.so host=<hostname> user=<username> passwd=<password> \
       db=postfix table=user usercolumn=User passwdcolumn=Password crypt=1

the other way