I used this document as main source. This blogpost is also useful.
First install libsasl2 and configure it. Enable it in /etc/default/sasl.
First make the sasl config file in /etc/postfix/sasl which says:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
Then configure the ssl paramters in postfix (the following is deprecated. See aforementioned official postfix docs for good way):
# According to official docs, this should be in one pem file.
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
# This should be smtp_tls_security_level = may, because use_tls is deprecated.
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
# I don't know if this one is also needed.
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
# When TLS encryption is optional in the Postfix SMTP server, do not announce or accept SASL authentication over unencrypted connections.
smtpd_tls_auth_only=yes
Then enable the three smtps lines in master.cf:
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
Then you need to do some hacking to get the jailed postfix to access /var/run/saslauthd:
rm -r /var/run/saslauthd/
mkdir -p /var/spool/postfix/var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run
chgrp sasl /var/spool/postfix/var/run/saslauthd
# Add user postfix to group sasl
adduser postfix sasl
Then you should be good to go. Start all daemons.
Recent Comments