Mail setup tutorial - Cyrus SASL2

1. Preparations
2. Courier IMAP
3. Cyrus SASL2
4. Postfix
5. Testing and startup
6. Setting up TLS
7. Squirrelmail
8. Spamassassin

This article assumes that you've followed the steps in the previous articles of this tutorial

In the beginning, everything was rosy. The amount of email users was very limited, and everyone trusted each other. The SMTP protocol - which is used when sending mail - was therefore designed without authentication, contrary to IMAP and POP3.

Today you need to effectively prevent spammers from abusing your mailserver, ensuring that only people with an email account, is able to send mail through your system. SASL2 is an authentication layer that provides several authentication mechanisms.

SASL2 is able to use courier-imaps authentication module, and we will of take advantage of that. It is done by adding the WITH_AUTHDAEMON option:

cd /usr/ports/security/cyrus-sasl2/
make WITH_AUTHDAEMON=YES
make install clean

Theres only minor configuration to do. Create smtpd.conf and add content as described:

vim /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path: /var/run/authdaemond/socket

Note that for some obscure reason, the smtpd.conf is placed in /usr/local/lib/ instead of /usr/local/etc which is the place for configuration files according to the file system hierarchy (see 'man hier').

It's crucial to add authentication like this. If your server is open for relay, it will soon end op i several spam-blocking systems, which means that email send from your server will bounce.

If you ever make changes to smtpd.conf, remember to reload Postfix to make them take effect. But if you have followed this tutorial, this is not an issue, since we have not installed Postfix yet.