Postfix-sasl on FreeBSD will not authenticate

Jerry jerry at
Wed Sep 9 11:51:13 UTC 2020

On Tue, 8 Sep 2020 22:12:50 +0000 (UTC), doug at stated:
>On Tue, 3 Jul 2018, James B. Byrne via freebsd-questions wrote:
>> On Tue, July 3, 2018 18:12, Per olof Ljungmark wrote:  
>>> On 07/03/18 22:39, James B. Byrne via freebsd-questions wrote:  
>>>> On server A we have cyrus-imapd running with spiped listening on
>>>> TCP:143.  On server B we have postfix-sasl-3.3.0 running with
>>>> spiped listening on TCP:143 linked to server A.
>>>> On server A saslauthd is configured in rc.conf to use rimap to the
>>>> localhost:
>>>> saslauthd_flags="-a rimap \
>>>>                  -O localhost"    # Use Remote IMAP to authenticat
>>>> Postfix is configured to use saslauth to authenticate outgoing
>>>> senders:
>>>> smtpd_sasl_auth_enable = yes
>>>> smtpd_sasl_authenticated_header = no
>>>> smtpd_sasl_exceptions_networks =
>>>> smtpd_sasl_local_domain =
>>>> smtpd_sasl_path = smtpd
>>>> smtpd_sasl_security_options = noanonymous
>>>> smtpd_sasl_service = smtp
>>>> smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
>>>> smtpd_sasl_type = cyrus
>>>> But I cannot find any such file named smtpd.conf which, according
>>>> to the Postfix documentation, should exist and should contain:
>>>> pwcheck_method: saslauthd
>>>> mech_list: PLAIN
>>>> It appears to me that postfix is directly looking in
>>>> /usr/local/etc/sasldb2.db itself and, finding no entries, failing
>>>> to authenticate.  How do I tell postfix to use the saslauthd daemon
>>>> instead?
>>> You must create the file yourself and adjust it to whatever mech you
>>> use, in our case it is saslauthd:
>>> cat /usr/local/lib/sasl2/smtpd.conf
>>> pwcheck_method: saslauthd
>>> mech_list: plain login
>> Thank you.  Do you know where the path to the file location is
>> specified in the FreeBSD documentation?  
>It is in the postfix docs. As I recall it says put it in ../sasls (or
>some such).

This question really belongs on the Postfix forum. In any case, have
you investigated:

I would highly recommend the following two suggestions:

Better, provide output from the postfinger tool. This can be found at

If the problem is SASL related, consider including the output from the
saslfinger tool. This can be found at


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the freebsd-questions mailing list