On Thu, 2004-06-03 at 09:01, James Herschel wrote:
> What I'd like to do know is enable SMTP-AUTH through SASL as it allows
> me to use /etc/passwd and will allow users to use the server remotely.
Hmm, /etc/password is only used (indirectly) if you set your SASL
backend to something like "pam" or "shadow" (see "MECHANISMS" in
/etc/default/saslauthd).
If you plan on using a SASL password database (and maintain it by way of
the "saslpasswd2" command), you should set this mechanism to "sasldb".
This may be preferrable in a setting where you use Cyrus, and/or don't
want local UNIX accounts for every mail user.
> The problem is that I don't even get to the authentication stage. I
> just get the message that "relaying is not permitted". To me, this says
> that I need to enable something that says "it's ok to relay if someone
> has authenticated, even if they're remote".
Your SMTP client (i.e. Outlook Express, Mail.app, Evolution...) needs
to be configured to do authentication.
> Is this assumption correct? If so, can anyone give me a Debian specific
> example of which file to edit and what changes to make?
I use a SASL database for passwords, and so have in
/etc/default/saslauthd:
START=yes
MECHANISMS="sasldb"
> begin authenticators
>
> plain_saslauthd:
> driver = plaintext
> public_name = PLAIN
> server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
> server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
> server_set_id = $2
> server_prompts = :
This looks fine. You may also need a "LOGIN" authenticator for some
SMTP clients (e.g. Apple Mail):
login_saslauthd:
driver = plaintext
public_name = LOGIN
# don't send system passwords over unencrypted connections
server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
server_prompts = "Username:: : Password::"
server_condition = ${if saslauthd{{$1}{$2}{1}{0}}
server_set_id = $1
-tor
