CentOS - Mail Server - Secure Connection, Configuring Saslauthd

Following from the previous article, we can begin configuring our mail server for secure connections. The first step is to setup Saslauthd.


Saslauthd

Eh?

From its 'man' page: "saslauthd is a daemon process that handles plaintext authentication requests on behalf of the SASL library."

Or to put it in plain English: You need this to log on.

Installation

Sasluthd itself should already be installed on the slice. However, we need to install a plugin which will allow us to enable PLAIN logins later in this article.

sudo yum install cyrus-sasl-plain

Now that the necessary packages are installed, let's proceed with configuring Postfix for SMTP Authentication using SASL.

Configuration

We need to open the main Postfix configuration file:

sudo nano /etc/postfix/main.cf

and add the following lines:

smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

Good.

Smtpd.conf

Now we need to make a quick change to our smtpd.conf file that is used by Saslauthd for SMTP authentication.

Open this file for editing:

sudo nano /usr/lib64/sasl2/smtpd.conf

We want Postfix to allow PLAIN and LOGIN logins so add the line as follows:

mech_list: plain login

Done.

Chkconfig

The next step is to make sure Saslauthd starts automatically if our slice was ever rebooted.

To do so, we need to adjust the chkconfig settings for Saslauthd:

sudo /sbin/chkconfig --levels 345 saslauthd on

We can check our work to be safe:

sudo /sbin/chkconfig --list saslauthd

Good.

Start

As we'll be using Saslauthd for Postfix authentication, let's go ahead and start it on our slice:

sudo /etc/init.d/saslauthd start

Done.

Summary

Adding saslauthd details for our mail server and configuring the service accordingly means that Postfix has access to the authorization process and that any login requests can be processed securely.

Let's move on to the next article which looks at creating an SSL certificate for our secure connection.

Article Comments:

egarcia commented Mon Dec 21 18:19:57 UTC 2009:

The "previous article" link at the beginning of the post is incorrect.

Mark James commented Tue Feb 16 11:22:10 UTC 2010:

I am using 32bit Centos 5.3 and there is no usr/lib64/sasl2/ directory.

Jered commented Tue Feb 16 16:18:43 UTC 2010:

The lib64 directory would only be there on 64-bit installations (all our slice images right now are 64-bit). For 32-bit you would usually substitute just "lib" for "lib64", so "/usr/lib/sasl2/" might exist on your installation.

Want to comment?


(not made public)

(optional)

(use plain text or Markdown syntax)