postfix + sasl:

Getting this to work was not exactly the easiest, especially since SASL has horrendous facilities for debugging. I found the following link very useful in getting 90% of the way there but it did not address some of the final steps needed to get SASL working. The following assumes that you are using the postfix SRPM from Simon J Mudd.

Since postfix is operating in a chroot() jail, copy /etc/sasldb to /var/spool/postfix/etc. Additionally, since postfix needs read AND write permissions to sasldb, I changed the group ownership to postfix and the perms to 660.

A useful little tip in /etc/postfix/README_FILES/SASL_README shows how to debug by telnetting to port 25.

    220 server.host.tld ESMTP Postfix
    EHLO client.host.tld
    250-server.host.tld
    250-PIPELINING
    250-SIZE 10240000
    250-ETRN
    250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
    250 8BITMIME
    AUTH PLAIN dGVzdAB0ZXN0AHRlc3RwYXNz
    235 Authentication successful

Generating the base64 phrase dGVzdAB0ZXN0AHRlc3RwYXNz can be done by doing the following,

    % printf 'test\0test\0testpass' | mmencode 

I found it useful to enable smtpd in '-v -v' mode which makes smtpd significantly more verbose as part of the debugging process. Finally, since the SASL authentication methods AUTH and PLAIN send passwords in plaintext, you may choose to only do SASL in TLS mode in which case smtpd_tls_auth_only should be set to yes.