Quick and dirty instructions on setting up Postfix authentication against the SASL daemon. Note that this will not work for CRAM-MD5 or DIGEST-MD5 (you will get the cryptic error message "SASL authentication failure: no secret in database").

Install SASL libraries and auth daemon:

apt-get install libsasl2-2
apt-get install sasl2-bin

Edit /etc/postfix/main.cf and add the following lines:

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname

• Add permit_sasl_authenticated to smtpd_recipient_restrictions, or if it doesn't exist, add smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

Edit /etc/postfix/sasl/smtpd.conf:

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

Edit /etc/default/saslauthd (rimap means authenticate against an imap server, see man saslauthd for other options):

START=yes
MECHANISMS="rimap"
MECH_OPTIONS="localhost"

• If you are running postfix in a chroot (default for Debian) see /usr/share/doc/sasl2-bin/README.Debian

Allow postfix to access the SASL socket:

adduser postfix sasl

Start saslauthd:

/etc/init.d/saslauthd  start

Reload postfix and test!

postfix reload

• SMTP authentication and Postfix - Andywiki