SASL + Postfix with Debian Lenny

2010/01/19 in Blog - 2 Comments

In the last days I have reinstalled a mail server on a new virtual host and upgraded from debian etch to Lenny. The initial set was done by a friend of mine following this instructions. With the upgrade to Lenny however a few adjustments were required. So I describe the new setup here.

apt-get install libsasl2-2 sasl2-bin libsasl2-modules

The postfix configuration requires the following update in/etc/postfix/main.cf.

# add permit_sasl_authenticated for SASL support
smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,
        check_policy_service inet:127.0.0.1:60000

# add these options
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

Create /etc/postfix/sasl/smtpd.conf with this content

pwcheck_method: saslauthd
mech_list: plain login

Then create directory /var/spool/postfix/var/run/saslauthd

 mkdir -p /var/spool/postfix/var/run/saslauthd

Set permissions

dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd

And add postfix user to group sasl

adduser postfix sasl

/etc/default/saslauthd Requires some modifications

START=yes
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

Finally restart some services.

/etc/init.d/saslauthd restart
/etc/init.d/postfix restart

Upgrading from debian etch

If you are upgrading and getting permission errors then you can fix these by berforming the steps above where permissions for /var/spool/postfix/var/run/saslauthd are set and the user group sasl is updated.

SASL authentication failure: Password verification failed
SASL PLAIN authentication failed: generic failure
SASL authentication failure: cannot connect to saslauthd server: Permission denied
SASL LOGIN authentication failed: generic failure