I was migrating my mail server to a new machine the other day and in the process, I sorted out my smtp/sasl logic.
I'm using virtual domains/mailboxes/aliases with Postfix, PostfixAdmin and Postgresql on Debian servers, works like a charm, but my sasl config was such that it wasn't using the same postfix database for password lookups and I was having to use saslpasswd2 to add accounts so that I could send mail using this server for SMTP as it was using its own sasldb or whatever.
Madness.
This time I've implemented Dovecot's SASL mechanism, it reduced double-up and means the authentication is done via the database in the same way that logging in to *retrieve* mail was being performed (as far as I understand it anyway. I'm not a mailserver guru).
All I changed was in /etc/dovecot/dovecot.conf
# It's possible to export the authentication interface to other programs:
socket listen {
client {
path = /var/spool/postfix/private/auth-client
mode = 0660 user = postfix group = postfix
}
}
And in /etc/postfix/main.cf
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth-client
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
