main.cf
smtpd_recipient_restrictions = ... permit_sasl_authenticated ... smtp_use_tls = yes smtpd_tls_auth_only = no tls_random_source = dev:/dev/urandom tls_daemon_random_source = $tls_random_source
smtpd_tls_cert_file = /etc/ssl/certs/cert.pem smtpd_tls_key_file = /etc/ssl/certs/cert.key smtpd_use_tls = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtp_sasl_security_options = noanonymous smtpd_sasl_local_domain =
# apt-get install libsasl2 libsasl2-modules libsasl2-modules-sql sasl2-bin
/etc/default/saslauthd
# This needs to be uncommented before saslauthd will be run automatically
START=yes # You must specify the authentication mechanisms you wish to use. # This defaults to "pam" for PAM support, but may also include # "shadow" or "sasldb", like this: # MECHANISMS="pam shadow" MECHANISMS="pam"
/etc/posfix/sasl/smtpd.conf
#minimum_layer: 0 mech_list: plain login pwcheck_method: saslauthd #auto_transition: no saslauthd_path:/var/run/saslauthd/mux
in this case you cannot use CRAM-MD5, DIGEST-MD5 password hashes, bause cannot they cannot be generated since the password are already oneway encripted in the database;
# apt-get install libpam-mysql
/etc/pam.d/smtp
auth required pam_mysql.so host=<hostname> user=<username> passwd=<password> \
db=postfix table=user usercolumn=User passwdcolumn=Password crypt=1 account required pam_mysql.so host=<hostname> user=<username> passwd=<password> \ db=postfix table=user usercolumn=User passwdcolumn=Password crypt=1