Following from the previous article, we can begin configuring our mail server for secure connections. The first step is to setup Saslauthd.
From its 'man' page: "saslauthd is a daemon process that handles plaintext authentication requests on behalf of the SASL library."
Or to put it in plain English: You need this to log on.
Sasluthd itself should already be installed on the slice. However, we need to install a plugin which will allow us to enable PLAIN logins later in this article.
sudo yum install cyrus-sasl-plain
Now that the necessary packages are installed, let's proceed with configuring Postfix for SMTP Authentication using SASL.
We need to open the main Postfix configuration file:
sudo nano /etc/postfix/main.cf
and add the following lines:
smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
Now we need to make a quick change to our smtpd.conf file that is used by Saslauthd for SMTP authentication.
Open this file for editing:
sudo nano /usr/lib64/sasl2/smtpd.conf
We want Postfix to allow PLAIN and LOGIN logins so add the line as follows:
mech_list: plain login
The next step is to make sure Saslauthd starts automatically if our slice was ever rebooted.
To do so, we need to adjust the chkconfig settings for Saslauthd:
sudo /sbin/chkconfig --levels 345 saslauthd on
We can check our work to be safe:
sudo /sbin/chkconfig --list saslauthd
As we'll be using Saslauthd for Postfix authentication, let's go ahead and start it on our slice:
sudo /etc/init.d/saslauthd start
Adding saslauthd details for our mail server and configuring the service accordingly means that Postfix has access to the authorization process and that any login requests can be processed securely.
Let's move on to the next article which looks at creating an SSL certificate for our secure connection.