Postfix smtpd won't talk to saslauthd
Solution 1:
This cyrus-sasl mailing list post eventually set me on the right path.
For posterity, an attempt to produce reasonably explicit config. /etc/postfix/main.cf:
smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd
cyrus_sasl_config_path = /etc/postfix/sasl
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
The trick in above conf is that postfix+libsasl2 does this: ${cyrus_sasl_config_path}/${smtpd_sasl_path}.conf
Once we have gotten that far, in /etc/postfix/sasl/smtpd.conf we can tell libsasl that we wanna talk to saslauthd:
pwcheck_method: saslauthd
mech_list: LOGIN PLAIN
saslauthd_path: private/saslauthd/mux
Since smtpd is chrooted, saslauthd_path is relative to /var/spool/postfix. I use bind mounting to get /var/run/saslauthd into private.
Solution 2:
Stumbling over similar issue in Ubuntu 20.04. There, the cyrus_sasl_config_path
parameter to postfix isn't recognized at all. It's looking up /etc/postfix/sasl2/ for containing the smtpd.conf instead.
In Ubuntu 20.04 smtpd seems to be chrooted by default. However, its chroot preparation script in /usr/lib/postfix/configure-instance.sh isn't covering any SASL-related files, thus you have to put it into chroot manually.
-
Create the missing folder in chroot:
mkdir -p /var/spool/postfix/etc/postfix/sasl2
-
Create the SASL2 configuration file there:
cat >>/var/spool/postfix/etc/postfix/sasl2/smtpd.conf <<EOT pwcheck_method: saslauthd mech_list: LOGIN PLAIN EOT
-
Link it from related global folder:
mkdir -p /etc/postfix/sasl2 ln -s /var/spool/postfix/etc/postfix/sasl2/smtpd.conf /etc/postfix/sasl2/smtpd.conf
-
Make sure saslauthd socket is available in folder /var/spool/postfix/var/run/saslauthd/. You can control this by adjusting file /etc/default/saslauthd. See the comments found in that file.