Postfix & SASL Authentication

Greg Groth ggroth at
Tue Aug 8 16:28:11 UTC 2006

  > This is the contents of the smtpd.conf file:
> ##      Global Values
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> log_level: 7
> mech_list: PLAIN LOGIN

"This will use the Cyrus SASL password file (default: /etc/sasldb in 
version 1.5.5, or /etc/sasldb2 in version 2.1.1), which is maintained 
with the saslpasswd or saslpasswd2 command (part of the Cyrus SASL 
software). On some poorly-supported systems the saslpasswd command needs 
to be run multiple times before it stops complaining. The Postfix SMTP 
server needs read access to the sasldb file - you may have to play games 
with group access permissions. With the OTP authentication mechanism, 
the SMTP server also needs WRITE access to /etc/sasldb2 or /etc/sasldb 
(or the back end SQL database, if used). "

Have you set up the SASL password file?  If not, that's why you're 
getting the error.  If you have, what happens when you test saslauthd on 
it's own?

# /usr/local/sbin/testsaslauthd -u username -p password

It should return:

status 0: OK "Success."

If you'd rather authenticate against the exisiting system usernames & 
passwords, change your smtpd.conf file to the following:

pwcheck_method: saslauthd

and delete the rest.

You might have to restart both services if you update the smtpd.conf file:

# /usr/local/etc/rc.d/saslauthd restart
# postfix reload

Best regards,
Greg Groth

More information about the freebsd-questions mailing list