This bothered me from the moment I got my new postfix mailserver.
Everything worked,tls/amavisd-new/courier/plain-sasl/postfix all with mysql. But somehow I didn’t get sasl working with the virtual user accounts in mysql. I tried almost everything and nothing worked.
Once in a while I tried to get it working again, but every time it ended in a dissapointment.
Until today! Jippie!
The missing link turned out to be using the “-r ” option in saslauthd.sh.
From the saslauthd man pages:
-r Combine the realm with the login (with an '@' sign in between). e.g. login: "foo" realm: "bar" will get passed as login: "foo@bar". Note that the realm will still be passed, which may lead to unexpected behavior.
On freeBSD, add this to rc.conf:
saslauthd_flags="-r -a getpwent"
And in /usr/local/lib/sasl2/smtpd.conf:
sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sql sql_engine: mysql mech_list: login plain crammd6 digestmd5 sql_user: sql-user sql_passwd: sql-pass sql_database: postfix sql_select: SELECT clear FROM postfix_users WHERE email = '%u@%r' sql_verbose: yes
And don’t forget to restart the saslauthd after editing this file.
# saslauthd -v saslauthd 2.1.21 authentication mechanisms: sasldb getpwent kerberos5 pam rimap