Introduction

This guide will guide you through the steps needed to enable Postfix to use the SASL implementation provided by Dovecot. This is an alternative to configuring Postfix to use the Cyrus SASL implementation.

Installation

Everything you need to configure Postfix to use Dovecot SASL is included when you install the dovecot-common and postfix packages from the Main repository. You will probably also want to install dovecot-imapd or dovecot-pop3d which provide IMAP and POP3 services.

See the Dovecot guide for more information on setting up Dovecot.

Configuration

Dovecot

First let's configure Dovecot to provide SASL client authentication.

To accomplish this on 12.04 (Precise) and newer version, edit the Dovecot configuration /etc/dovecot/conf.d/10-master.conf:

...
service auth {
...
  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
  }
...
}

Enable LOGIN authentication, edit the configuration file /etc/dovecot/conf.d/10-auth.conf and add the login authentication mechanism:

auth_mechanisms = plain login

If you're using Ubuntu 7.10 (Gutsy) or newer version, edit configuration file /etc/dovecot/dovecot.conf. Your configuration should look like this:

auth default {
  mechanisms = plain login
socket listen {
    #master {
      # Master socket provides access to userdb information. It's typically
      # used to give Dovecot's local delivery agent access to userdb so it
      # can find mailbox locations.
      #path = /var/run/dovecot/auth-master
      #mode = 0600
      # Default user/group is the one who started dovecot-auth (root)
      #user = 
      #group = 
    #}
    client {
      # The client socket is generally safe to export to everyone. Typical use
      # is to export it to your SMTP server so it can do SMTP AUTH lookups
      # using it.
      path = /var/spool/postfix/private/auth-client
      mode = 0660
      user = postfix
      group = postfix
    }
  }
}

The /etc/dovecot/dovecot.conf file on Ubuntu 6.06 (Dapper) is slightly different:

auth default_with_listener {
  mechanisms = plain login
  passdb pam {
  }
  userdb passwd {
  }
  socket listen {
  #  master {
       #path = /var/run/dovecot-auth-master
       # WARNING: Giving untrusted users access to master socket may be a 
       # security risk, don't give too wide permissions to it!
       #mode = 0600
       # Default user/group is the one who started dovecot-auth (root)
       #user = 
       #group = 
  # }
    client {
      path = /var/spool/postfix/private/auth-client
      mode = 0660
      user = postfix
      group = postfix
    }
  }
}

Note: you will need to install the Postfix version in dapper-backports in order to use Dovecot SASL on Ubuntu 6.06. See UbuntuBackports for more information.

Once you've configured Dovecot to provide SASL you'll need to restart it:

sudo /etc/init.d/dovecot restart

Postfix

After you've configured Dovecot to provide SASL authentication it's time to configure Postfix to use it.

First edit the /etc/postfix/main.cf configuration file. You can do this with a text editor or by using the postconf -e command:

sudo postconf -e 'smtpd_sasl_type = dovecot'
sudo postconf -e 'smtpd_sasl_path = private/auth-client'
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'

Note: the smtpd_sasl_path configuration needs to be a path relative to the Postfix queue directory.

Now restart Postfix to enable the new configurations:

sudo /etc/init.d/postfix restart

Testing

To see if Dovecot SASL is working properly run the following command:

telnet localhost 25

After you have established the connection to your postfix mail server type

ehlo localhost

If you see the lines

250-AUTH PLAIN LOGIN

among others, everything is working.

Type quit to return to the system's shell.


Note: this guide has been tested on Ubuntu 6.06 (Dapper Drake), Ubuntu 7.10 (Gutsy Gibbon) and Ubuntu 14.04 (Trusty Tahr).


PostfixDovecotSASL (last edited 2014-10-18 14:17:12 by falstaff)