Postfix smtpd won't talk to saslauthd

Solution 1:

This cyrus-sasl mailing list post eventually set me on the right path.

For posterity, an attempt to produce reasonably explicit config. /etc/postfix/main.cf:

smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd
cyrus_sasl_config_path = /etc/postfix/sasl
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

The trick in above conf is that postfix+libsasl2 does this: ${cyrus_sasl_config_path}/${smtpd_sasl_path}.conf

Once we have gotten that far, in /etc/postfix/sasl/smtpd.conf we can tell libsasl that we wanna talk to saslauthd:

pwcheck_method: saslauthd
mech_list: LOGIN PLAIN
saslauthd_path: private/saslauthd/mux

Since smtpd is chrooted, saslauthd_path is relative to /var/spool/postfix. I use bind mounting to get /var/run/saslauthd into private.

Solution 2:

Stumbling over similar issue in Ubuntu 20.04. There, the cyrus_sasl_config_path parameter to postfix isn't recognized at all. It's looking up /etc/postfix/sasl2/ for containing the smtpd.conf instead.

In Ubuntu 20.04 smtpd seems to be chrooted by default. However, its chroot preparation script in /usr/lib/postfix/configure-instance.sh isn't covering any SASL-related files, thus you have to put it into chroot manually.

  1. Create the missing folder in chroot:

    mkdir -p /var/spool/postfix/etc/postfix/sasl2
    
  2. Create the SASL2 configuration file there:

    cat >>/var/spool/postfix/etc/postfix/sasl2/smtpd.conf <<EOT
    pwcheck_method: saslauthd
    mech_list: LOGIN PLAIN
    EOT
    
  3. Link it from related global folder:

    mkdir -p /etc/postfix/sasl2
    ln -s /var/spool/postfix/etc/postfix/sasl2/smtpd.conf /etc/postfix/sasl2/smtpd.conf
    
  4. Make sure saslauthd socket is available in folder /var/spool/postfix/var/run/saslauthd/. You can control this by adjusting file /etc/default/saslauthd. See the comments found in that file.