||<>|| = Introduction = This guide will guide you through the steps needed to enable '''Postfix''' to use the '''SASL''' implementation provided by '''Dovecot'''. This is an alternative to configuring Postfix to use the Cyrus SASL implementation. = Installation = Everything you need to configure Postfix to use Dovecot SASL is included when you install the '''dovecot-common''' and '''postfix''' packages from the Main repository. You will probably also want to install '''dovecot-imapd''' or '''dovecot-pop3d ''' which provide IMAP and POP3 services. See the [[Dovecot]] guide for more information on setting up Dovecot. = Configuration = == Dovecot == First let's configure '''Dovecot''' to provide SASL client authentication. To accomplish this on 12.04 (Precise) and newer version, edit the Dovecot configuration {{{/etc/dovecot/conf.d/10-master.conf}}}: {{{ ... service auth { ... # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 } ... } }}} Enable LOGIN authentication, edit the configuration file {{{/etc/dovecot/conf.d/10-auth.conf}}} and add the login authentication mechanism: {{{ auth_mechanisms = plain login }}} If you're using Ubuntu 7.10 (Gutsy) or a later version until 11.10 (Oneiric), edit configuration file {{{/etc/dovecot/dovecot.conf}}}. Your configuration should look like this: {{{ auth default { mechanisms = plain login socket listen { #master { # Master socket provides access to userdb information. It's typically # used to give Dovecot's local delivery agent access to userdb so it # can find mailbox locations. #path = /var/run/dovecot/auth-master #mode = 0600 # Default user/group is the one who started dovecot-auth (root) #user = #group = #} client { # The client socket is generally safe to export to everyone. Typical use # is to export it to your SMTP server so it can do SMTP AUTH lookups # using it. path = /var/spool/postfix/private/auth-client mode = 0660 user = postfix group = postfix } } } }}} The {{{/etc/dovecot/dovecot.conf}}} file on Ubuntu 6.06 (Dapper) is slightly different: {{{ auth default_with_listener { mechanisms = plain login passdb pam { } userdb passwd { } socket listen { # master { #path = /var/run/dovecot-auth-master # WARNING: Giving untrusted users access to master socket may be a # security risk, don't give too wide permissions to it! #mode = 0600 # Default user/group is the one who started dovecot-auth (root) #user = #group = # } client { path = /var/spool/postfix/private/auth-client mode = 0660 user = postfix group = postfix } } } }}} '''Note:''' you will need to install the '''Postfix''' version in dapper-backports in order to use Dovecot SASL on Ubuntu 6.06. See UbuntuBackports for more information. Once you've configured Dovecot to provide SASL you'll need to restart it: {{{ sudo /etc/init.d/dovecot restart }}} == Postfix == After you've configured Dovecot to provide SASL authentication it's time to configure Postfix to use it. First edit the {{{/etc/postfix/main.cf}}} configuration file. You can do this with a text editor or by using the '''postconf -e''' command: {{{ sudo postconf -e 'smtpd_sasl_type = dovecot' sudo postconf -e 'smtpd_sasl_auth_enable = yes' sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' }}} You then need to configure the path to the authentication client. On 12.04 (Precise) and newer: {{{ sudo postconf -e 'smtpd_sasl_path = private/auth' }}} on versions older than 12.04 (Precise): {{{ sudo postconf -e 'smtpd_sasl_path = private/auth-client' }}} '''Note:''' the '''smtpd_sasl_path''' configuration needs to be a path relative to the Postfix '''queue''' directory. Now restart Postfix to enable the new configurations: {{{ sudo /etc/init.d/postfix restart }}} = Testing = To see if Dovecot SASL is working properly run the following command: telnet localhost 25 After you have established the connection to your postfix mail server type ehlo localhost If you see the lines {{{ 250-AUTH PLAIN LOGIN }}} among others, everything is working. Type quit to return to the system's shell. <
> '''Note:''' this guide has been tested on Ubuntu 6.06 (Dapper Drake), Ubuntu 7.10 (Gutsy Gibbon), Ubuntu 14.04 (Trusty Tahr) and Ubuntu 15.10 (Wily Werewolf). ----