SASL, What is it? Why do I need it?

I am still learning email servers and I came across SASL but I do not know what it is for.

from wikipedia

Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols,

  • My understanding is that SMTP has its own inbuilt authentication procedure so why do I need SASL?
  • What problem does it solve?
  • can someone give me a real world explantion of SASL?


The internet is free and open. So there are multiple options SMTP offers and SASL one of them.

It prevents me from impersonating you and send email as you - in the context of SMTP.

Same as above.

But this is not really a discussion related to Virtualmin.

SMTP has had several authentication mechanisms available over the years, the current one is called Simple Authentication and Security Layer. Hmm…

You need SASL.

1 Like
  • So if I do not run a SASL server on Virtualmin, will emails not be authenticated?
  • Wherever I see SASL mentioned in the Postfix config, it is referring to email client authentication which currently is SASL?
  • SASL is an authentication plugin/framework that is currently being used by SMTP and Virtualmin.

Require I think means you must use secure layer to authenticate. You can still authenticate on non secure layer.

Where is that setting btw, I can’t find it.

Webmin → Servers → Postfix Mail Server → SMTP Authentication And Encryption → Require SASL SMTP authentication?

1 Like

It has always been SASL (as long as the Virtualmin installer has been setting up Postfix with authentication in…2006, or so). And is likely to remain SASL for the foreseeable future; I’m unaware of any competing specification (though there are a few OSS implementations of SASL, we use Cyrus, Dovecot also has one).

Virtualmin does not use SASL. The installer configures SASL, and Webmin provides some configuration related to it. The SMTP server (Postfix, in most cases) uses SASL (specifically, Cyrus saslauthd).

1 Like

I’d recommend you not go off-roading without understanding what you’re doing. There are many surprising and non-intuitive things in Postfix configuration. There aren’t really any user serviceable parts inside. SASL is either on or off. saslauthd (which is not part of Postfix) has a couple of options, but you won’t find them in Webmin. It’s configured for you by the Virtualmin installer, with the expectation that you’ll never need to change it.

1 Like

absolutely :smile:

I also have a test server where I mess about with stuff before going anywhere near my live server.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.