DBMail over PostgreSQL + Postfix + SASL on Debian. Part 4. SASL.

Part 1. Introduction.
Part 2. DBMail.
Part 3. Postfix.
Part 4. SASL.
Part 5. SPF. DKIM. DMARC. Clear headers. DNS PTR.

Install SASL.

apt install libsasl2-modules sasl2-bin

Add postfix user to sasl group.

adduser postfix sasl

Create /etc/postfix/sasl/smtpd.conf file.

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

Edit /etc/default/saslauthd file.

DESC="SASL Authentication Daemon"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

Add the following lines to /etc/postfix/main.cf file.

smtpd_sasl_local_domain = $mydomain
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = cyrus
smtpd_sasl_security_options = noanonymous
smtpd_sasl_path = smtpd
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

Restart services.

systemctl restart saslauthd
systemctl restart postfix

Now, test mail server with your favorite email client program, such as Thunderbird.

imap mail.somewhere-in-the.space 993 SSL/TLS "Encrypted password" Username: admin
smtp mail.somewhere-in-the.space 587 STARTTLS "Normal password" Username: admin

Now you can send and receive mail on all devices, but all outgoing messages will probably moved into spam by all major mail providers. Let’s see what we can do here.

Leave a Comment

Your email address will not be published. Required fields are marked *