FreeBSD 7.2 +postfix + SASL

В ответ на: Предложенный в мане pam.conf сохраняем в /etc/pam.d/smtpd

В ответ на: The name of the file in /usr/local/lib/sasl (SASL version 1.5.5) or /usr/local/lib/sasl2 (SASL version 2.1.1) used by the SASL library for configuration can be set with:

/etc/postfix/main.cf:
smtpd_sasl_application_name = smtpd

The pwcheck daemon is contained in the cyrus-sasl source tarball.

IMPORTANT: postfix processes need to have group read+execute permission for the /var/pwcheck directory, otherwise authentication attempts will fail.

Alternately, in SASL 1.5.26 and later (including 2.1.1), try:

(SASL version 1.5.26)

/usr/local/lib/sasl/smtpd.conf:
pwcheck_method: saslauthd

(SASL version 2.1.1)

/usr/local/lib/sasl2/smtpd.conf:
pwcheck_method: saslauthd

The saslauthd daemon is also contained in the cyrus-sasl source tarball. It is more flexible than the pwcheck daemon, in that it can authenticate against PAM and various other sources. To use PAM, start saslauthd with "-a pam".

In order to authenticate against SASL's own password database:

(SASL version 1.5.5)

/usr/local/lib/sasl/smtpd.conf:
pwcheck_method: sasldb

(SASL version 2.1.1)

/usr/local/lib/sasl2/smtpd.conf:
pwcheck_method: auxprop

This will use the SASL password file (default: /etc/sasldb in version 1.5.5, or /etc/sasldb2 in version 2.1.1), which is maintained with the saslpasswd or saslpasswd2 command (part of the Cyrus SASL software). On some poorly-supported systems the saslpasswd command needs to be run multiple times before it stops complaining. The Postfix SMTP server needs read access to the sasldb file - you may have to play games with group access permissions. With the OTP authentication mechanism, the SMTP server also needs write access to /etc/sasldb2 or /etc/sasldb (or the back end SQL database, if used).

IMPORTANT: all users must be able to authenticate using ALL authentication mechanisms advertised by Postfix, otherwise the negotiation might end up with an unsupported mechanism, and authentication would fail. For example if you configure SASL to use saslauthd for authentication against PAM (pluggable authentication modules), only the PLAIN and LOGIN mechanisms are supported and stand a chance to succeed, yet the SASL library would also advertise other mechanisms, such as DIGEST-MD5. This happens because those mechanisms are made available by other plugins, and the SASL library have no way to know that your only valid authentication source is PAM. Thus you might need to limit the list of mechanisms advertised by Postfix. This is only possible with SASL version 2.1.1 or later:

/usr/local/lib/sasl2/smtpd.conf:
mech_list: plain login

For the same reasons you might want to limit the list of plugins used for authentication. With SASL version 1.5.5 your only choice is to delete the corresponding libraries from /usr/local/lib/sasl. With SASL version 2.1.1:

/usr/local/lib/sasl2/smtpd.conf:
pwcheck_method: auxprop
auxprop_plugin: sql

IMPORTANT: To get sasldb running, make sure that you set the SASL domain (realm) to a fully qualified domain name.

EXAMPLE:

(SASL version 1.5.5)

% saslpasswd -c -u `postconf -h myhostname` exampleuser

(SASL version 2.1.1)

% saslpasswd2 -c -u `postconf -h myhostname` exampleuser

You can find out SASL's idea about the realms of the users in sasldb with sasldblistusers (SASL version 1.5.5) or sasldblistusers2 (SASL version 2.1.1).

В ответ на: У вас хауту от 2003 года...
Попробуйте сделать по чему-нибудь посвежее