Here is a collection of the magic required to get Postfix to do various things.
mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
Note that this involves having cyrus set up to listen for LMTP on that socket. You can also use TCP delivery for LMTP. See CyrusNotes.
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_pipelining,
reject_unknown_sender_domain,
reject_unknown_recipient_domain
Create this file (under Debian it is in /etc/postfix/sasl/ but this will differ on other distributions).
pwcheck_method: saslauthd mech_list: login mechanisms: pam saslauthd_path: /var/run/saslauthd/mux
Now provided you have Cyrus Sasl working you can authenticate using the same credentials you use for Cyrus.
Note: I experienced problems using saslauthd under the Debian install. I resolved these by turning off chroot for smtpd in master.cf. You need to make sure that the postfix user is a member of the sasl group, otherwise it wont be able to communicate with saslauthd.
smtpd_use_tls = yes smtpd_tls_key_file = /etc/postfix/key.pem smtpd_tls_cert_file = /etc/postfix/cert.pem smtpd_tls_CAfile = /etc/ssl/cacert.pem smtpd_tls_loglevel = 3 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom
alias_maps = hash:/etc/aliases, ldap:ldapaliases, ldap:ldappeople alias_database = hash:/etc/aliases ldapaliases_server_host = shinobi.seclorum.tla ldapaliases_server_port = 389 ldapaliases_search_base = ou=Aliases,dc=seclorum,dc=tla ldapaliases_query_filter = (&(objectClass=nisMailAlias)(|(cn=%u))) ldapaliases_result_attribute = uid,rfc822mailmember ldapaliases_debuglevel = 3
This works with the same LDAP directory setup as described in EximNotes. I also use a second section for ldappeople that instead of searching the aliases OU, it searched people.
recipient_canonical_classes = envelope_recipient recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
In some cases, you will need to use regexp or pcre instead of hash. (postconf -m shows you what types of lookup tables your Postfix system supports.)
No page links to PostfixNotes.
