Configure saslauthd to use MySQL
On Ubuntu postfix executes a chroot, therefore we have to create a directory in the following location otherwise it won’t be able to write anything there :
mkdir -p /var/spool/postfix/var/run/saslauthd
Before continuing it might be worth taking a backup of the original distribution provided saslauthd file, incase you need to reset, by issuing the following command :
cp -a /etc/default/saslauthd /etc/default/saslauthd.bak
Edit the file /etc/default/saslauthd as below.
START=yes DESC="SASL Authentication Daemon" NAME="saslauthd" MECHANISMS="pam" MECH_OPTIONS="" THREADS=5 OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
Next, create the file
/etc/pam.d/smtp and copy the following lines below. Make sure that you change the “postfix_complex_password” to the password you used for the postfix user id you created earlier. This tells pam to use MySQL tables to authenticate the user for smtp.
auth required pam_mysql.so user=postfix passwd=postfix_complex_password host=127.0.0.1 db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1 auth sufficient pam_mysql.so user=postfix passwd=postfix_complex_password host=127.0.0.1 db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1
Create a file named
/etc/postfix/sasl/smtpd.conf with the following information. Again make sure that you change the
"postfix_complex_passwd" to the password you used for the postfix userid you created earlier. This tell postfix to use sasl and to use the saslauthd authentication method through PAM.
pwcheck_method: saslauthd mech_list: plain login allow_plaintext: true auxprop_plugin: mysql sql_hostnames: 127.0.0.1 sql_user: postfix sql_passwd: postfix_complex_password sql_database: postfix sql_select: select password from mailbox where username = '%s'
Next, the permissions on these files need to be changed to add security :
chmod o= /etc/pam.d/smtp chmod o= /etc/postfix/sasl/smtpd.conf
Now we need to add the postfix user into the sasl group so that postfix can use sasl and restart Postfix and saslauthd as follows :
adduser postfix sasl service postfix restart service saslauthd restart
Testing Postfix SMTP-AUTH & TLS
To see whether the postfix configuration is working, Telnet can be used to see whether SMTP-AUTH and TLS is working as follows :
telnet localhost 25
After this issue the following command :
This should output the following, the line of most interest is the line where it states “250-STARTTLS” :
Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. 220 myhost.co.uk ESMTP Postfix (Ubuntu) ehlo localhost 250-myhost.co.uk 250-PIPELINING 250-SIZE 30720000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
This completes the configuration for
saslauthd, and Postfix the next stage is to configure Dovecot so that it used MySQL tables for IMAP/POP3 user authentication.