Smokes your problems, coughs fresh air.
When you want to use your IMAP account as authentication for Postfix, you can set the SASL mechanism to “rimap”. However, by default, it will not supply the realm (domain) and therefore will authenticate with an incomplete username (john instead of john@bla.com).
To fix that, you need to add “-r” to the options in /etc/default/saslauthd (in Debian based distro’s):
OPTIONS="-r -c -m /var/run/saslauthd"
I used this document as main source. This blogpost is also useful.
First install libsasl2 and configure it. Enable it in /etc/default/sasl.
First make the sasl config file in /etc/postfix/sasl which says:
pwcheck_method: saslauthd mech_list: PLAIN LOGIN
Then configure the ssl paramters in postfix (the following is deprecated. See aforementioned official postfix docs for good way):
# According to official docs, this should be in one pem file. smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key # This should be smtp_tls_security_level = may, because use_tls is deprecated. smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache # I don't know if this one is also needed. smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache # When TLS encryption is optional in the Postfix SMTP server, do not announce or accept SASL authentication over unencrypted connections. smtpd_tls_auth_only=yes
Then enable the three smtps lines in master.cf:
smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
Then you need to do some hacking to get the jailed postfix to access /var/run/saslauthd:
rm -r /var/run/saslauthd/ mkdir -p /var/spool/postfix/var/run/saslauthd ln -s /var/spool/postfix/var/run/saslauthd /var/run chgrp sasl /var/spool/postfix/var/run/saslauthd # Add user postfix to group sasl adduser postfix sasl
Then you should be good to go. Start all daemons.
© 2025 BigSmoke
Theme by Anders Noren — Up ↑
Recent Comments