I'm trying to configure my postfix server to accept connections from outside mail clients using SASL authentication with dovecot. It was previously setup with cyrus sasl.
However when I try to send mail from another server using Mozilla Thunderbird, I get lines like these in my maillog file:
warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
warning: SASL authentication failure: no secret in database
warning: SASL CRAM-MD5 authentication failed: authentication failure
These are lines in my main.cf config file:
smtpd_helo_restrictions =
reject_invalid_hostname
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unknown_recipient_domain,
reject_unauth_destination
reject_non_fqdn_sender
check_client_access hash:/etc/postfix/pop-before-smtp,
reject_non_fqdn_recipient,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client psbl.surriel.com
smtpd_sasl_path = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noplaintext noanonymous
broken_sasl_auth_clients = yes
I've also checked the config files /usr/lib/sasl/smtpd.conf and /etc/postfix/sasl/smtpd.conf and I have:
pwcheck_method:saslauthd
mech_list: plain login
I have no idea why postfix keeps giving me the sasldb2 and cram-md5 authentication error. Help much appreciated.
Best Answer
saslauthd can handle only PLAIN and LOGIN authentication methods but you have disabled plaintext with smtpd_sasl_security_options. Also you have typo in your config - smtpd_sasl_path statement is duplicated, it seems first one should be typed as smtpd_sasl_type instead.
Check http://www.postfix.org/SASL_README.html for additional details.