[Dovecot] Postfix SASL AUTH from Dovecot

Farkas Levente lfarkas at bppiac.hu
Mon May 31 15:47:07 EEST 2004

my main question here (as always) why we need sasl at all?
what is the main pros for sasl?
I've never seen any good reason.
anyway why do you use dovecot-auth for postfix? postfix has many 
authentication mechanism for everything.

Timo Sirainen wrote:
> Again today got annoyed at Cyrus SASL. Upgrading it to newer version had
> broken PAM support. Trying to login as "user at domain" resulted it only
> asking for "user" from PAM. Well, got it patched and working again, but
> I'd rather not go through it all the time..
> So I finally did what I had been thinking about a year or so, change
> Postfix to use dovecot-auth directly. This required cleaning
> dovecot-auth quite a lot, but it seems to be working now.
> Actually I finally implemented support for initial SASL response as
> well. POP3's AUTH command had required support for it, strange that
> no-one ever complained about it not working.
> If you want to try it, you need very latest CVS version of Dovecot and
> this patch for Postfix:
> http://dovecot.org/patches/postfix-dovecot-auth.patch
> dovecot-auth can be run on it's own (configuration in environment
> variables), or you can use extra_sockets auth setting which is a ':'
> separated list of UNIX sockets where to listen in. You'd probably want
> to set it to /var/spool/postfix/etc/dovecot-auth, the location is
> hardcoded to /etc/dovecot-auth in the patch for now (smtpd is chrooted).
> The only real problem is that Dovecot creates the dovecot-auth socket
> using 0660 root:root modes, so you have to manually chmod it to 0666 or
> fix owner/group. I guess that needs some more thinking.. Probably each
> socket should have separate settings for it, but how to do it easily in
> configuration? ..
> The patch has also hardcoded dovecot path in Makefile.in, you'll need to
> change that.

   Levente                               "Si vis pacem para bellum!"

More information about the dovecot mailing list