= Postfix Authentication = Postfix handles '''authentication''' separately for sending (`smtp`) and receiving (`smtpd`) mail. <> ---- == Receiving Authenticated Mail == At a minimum, install the `cyrus-sasl` package. The basic configuration for incoming mail is: {{{ smtpd_sasl_auth_enable = yes smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous smtpd_tls_auth_only = yes }}} It may also be helpful to explicitly set the parameters for hooking into Cyrus. {{{ cyrus_sasl_config_path = /etc/sasl2/ smtpd_sasl_local_domain = $mydomain smtpd_sasl_path = smtpd smtpd_sasl_service = smtpd }}} The `cyrus_sasl_config_path` and `smtpd_sasl_path` settings are used to look up the appropriate Cyrus profile, i.e. `/etc/sasl2/smptd.conf`. See [[Cyrus#Auxiliary_Properties|here]] for details. `smptd_sasl_service` is a value passed into the plugin. The `smtpd_sasl_local_domain` is the domain name embedded in the Cyrus database, as in `saslpasswd2 -c -u $mydomain USERNAME`. ---- == Sending Authenticated Mail == The basic configuration for outgoing mail is: {{{ smtp_sasl_auth_enable = yes smtp_sasl_password_maps = lmdb:/etc/postfix/sasl/sasl_passwd smtp_sasl_security_options = noanonymous }}} Create a SASL `passwd` file like: {{{ [smtp.gmail.com]:587 alias@gmail.com:wwwwxxxxyyyyzzzz }}} Note that GMail specifically provides 16-character tokens. This is not a system requirement. Run `postmap /etc/postfix/sasl/sasl_passwd` and a hashed file will be produced. If your `postmap(1)` does not use LMDB, replace the `lmdb:` with whatever algorithm ''was'' compiled into the distribution. ---- CategoryRicottone