How to configure Postfix with SMTP-AUTH over SASL2 with authentication against PAM in Ubuntu

I would like to submit emails to Postfix using smtp authentication. I will authenticate my smtp users against PAM.

Install sasl2:

apt-get install sasl2-bin

Add the following to /etc/postfix/sasl/smtpd.conf:

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

Create saslauthd’s config file copy to /etc/default/saslauthd-postfix so that is used from postfix:

cp /etc/default/saslauthd /etc/default/saslauthd-postfix

Update the following in /etc/default/saslauthd-postfix:

START=yes
NAME="saslauthd-postf"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

Since we have chrooted saslauthd to postfix so its good to symlink it:

rm -rf /run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /run/saslauthd

Create required subdirectories:

dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd

Setup proper permission by adding postfix to ‘sasl’ group:

adduser postfix sasl

Restart saslauthd service

systemctl restart saslauthd.service

Add the following directives to /etc/postfix/main.cf:

smtpd_sasl_local_domain = $myhostname
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

Restart postfix service

systemctl restart postfix.service

Create linux user

useradd postmaster

Test authentication using ‘swaks’ mailing utility :

swaks --from [email protected] --to [email protected] --tls --auth LOGIN --auth-user [email protected] --auth-password 123pass --server console.postfix.io:25

Leave a Reply

Your email address will not be published. Required fields are marked *