Postfix where do I configure the SASL authentication methods?

shoulders · May 21, 2024, 5:12pm

SYSTEM INFORMATION
OS type and version	Ubuntu Linux 22.04.4
Webmin version	2.111
Usermin version	2.010
Virtualmin version	7.10.0
Theme version	21.10
Package updates	27 package updates are available

I cannot find where the SASL Authentication methods are defined like the are in dovecot:

I have

looked at postconf -d to see if I could see any information there which did not help me
tried finding the Cyrus SASL Authentication server config files, but I did not find anything of use
http://www.postfix.org/SASL_README.html#server_cyrus_location
The only SASL settings I could find are in:
Webmin --> Servers --> Postfix Mail Server --> SMTP Authentication And Encryption

Have I missed a setting in postfix somewhere or is this option missing?

Some pointers would be helpful.

Thanks

jimr1 · May 21, 2024, 5:16pm

Just learn the subject, once you have everything will make total sense. However with mail related topics there is a long learning curve. So i would trust virtualmins choices until you work out what works for you

Joe · May 22, 2024, 4:44pm

You do not, unless you’re implementing a whole new mail stack on your own with users Virtualmin isn’t managing.

Virtualmin sets up system users for all types of users, which means you can only use plain; there’s no overlap between the encrypted methods mail can use and the encrypted methods Linux can use (at least in a simple way with hashed passwords in shadow). Virtualmin also sets up TLS, so they’ll be encrypted in transit assuming all your clients support TLS.

shoulders · May 22, 2024, 5:02pm

Does this mean the Cyrus SASL Authentication server is pointless? plaintext and login are part of Postfix without the need of Cyrus.

Joe · May 22, 2024, 5:22pm

You sure about that? I don’t know for sure it hasn’t been added, but the last time I looked at the postfix docs for authenticating users, it was about using Cyrus saslauthd. If that isn’t the case, you’ll need to link me to the specific docs proving otherwise.

Joe · May 22, 2024, 5:30pm

Yeah, I don’t see any evidence for that being implemented in Postfix.

http://www.postfix.org/SASL_README.html

Explicitly says, “Postfix does not implement SASL itself, but instead uses existing implementations as building blocks. This means that some SASL-related configuration files will belong to Postfix, while other configuration files belong to the specific SASL implementation that Postfix will use. This document covers both the Postfix and non-Postfix configuration.”

And: “Currently the Postfix SMTP server supports the Cyrus SASL and Dovecot SASL implementations.”

So, I think you’re looking at some other thing (maybe Postfix authenticating to other servers, acting as a client).

shoulders · May 22, 2024, 5:37pm

I feel some more study time for me is going to get scheduled.

Thanks for the clarification.

system · May 30, 2024, 5:37pm

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.