Postfix authentication default configuration

Ben Bucksch at
Fri Dec 18 16:06:44 UTC 2009

  I'm trying to set up a mail server with Ubuntu, Cyrus and Postix, and 
need authentication (via sasldb2)

Cyrus works fine, and postfix works and delivers, but I find it 
extremely hard to configure SMTP AUTH, due to the Postfix-SASL 
connection, incl. chroot.

It's normal for a mail server to not only offer IMAP, but also SMTP to 
clients. The new specs [1] say we should use port 587 (not 25) for that, 
and *require* authentication on port 587. This allows mail sending to 
work even when I'm not connected to the office / my ISP. Therefore, I 
(and the specs) consider SMTP AUTH to be basic feature of a mail server.

Unfortunately, it's incredibly hard to configure in Ubuntu. I can't even 
find tutorials that get me there, but I don't think I should have to 
follow tutorials, it should be configured properly out of the box.

So, I suggest as default config for a mail server:

    * sasldb2
      (Unix accounts are a bad idea for mail users. More complex setups
      like mysql can be easily swapped for sasldb2, once that is working)
    * dovecot or cyrus with auth via SASL
    * postfix with SMTP auth via SASL
    * postfix on port 25 (only for incoming/MX) and port 587 (for
      clients, and mandating auth per spec)
    * working CRAM-MD5, plaintext login disabled.

This is more or less what the specs require from mail servers these 
days. I think that should work out of the box.

And a tutorial which tells how to add users (cyradm, saslpasswd2).

[1] RFC 4409, RFC 5068

More information about the Ubuntu-devel-discuss mailing list