/etc/postfix/main.cf
Configure the Postfix MTA to support SASL
smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sasl_exceptions_networks = smtpd_sasl_local_domain = smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = noanonymous smtpd_sasl_type = cyrus
/etc/postfix/master.cf
Disable the run of the Postfix MTA in a chroot environment
smtp inet n - n - - smtpd
/etc/postfix/sasl/smtpd.conf
Tell Postfix where he finds the saselauthd socket file
pwcheck_method: saslauthd saslauthd_path: /var/run/saslauthd/mux mech_list: PLAIN LOGIN
/etc/pam.d/smtp
Configure PAM to support local unix Authentication for the SMTP Deamon
auth required pam_unix.so account required pam_unix.so password required pam_unix.so session required pam_unix.so
Finally be sure saslauthd is running and is pointing to the right directory
/usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5 |
Here a Python Script to Test the Auth
#!/usr/bin/python import argparse import smtplib if __name__ == '__main__': parser = argparse.ArgumentParser(description='Tests SASL') parser.add_argument('--username', '-u', dest='username', action='store', help='Username') parser.add_argument('--password', '-p', dest='password', action='store', help='Password') parser.add_argument('--host', '-H', dest='host', action='store', help='SMTP Hostname') parser.add_argument('--port', '-P', dest='port', action='store', help='SMTP Port', default='25') args = parser.parse_args() server = smtplib.SMTP(args.host, int(args.port)) server.set_debuglevel(1) server.ehlo() server.starttls() server.ehlo() server.login(args.username, args.password) server.quit() exit(0) |
Discussion