This guide is a quick start document on how to get the postfix to at least do some incoming smtp authentication instead of the systematically broken pop-before-smtp. This document only describes the situation on Debian/GNU/Linux Woody (the current stable).

Install the following packages via apt-get:

• postfix-tls
• sasl-bin
• libsasl-modules-plain
• mime-codecs

Configure postfix to at least include these statements:

	smtpd_recipient_restrictions =
		permit_mynetworks,
		permit_sasl_authenticated

	smtp_sasl_auth_enable = no
	smtpd_sasl_security_options = noanonymous
	smtpd_sasl_local_domain = $myhostname
	smtpd_sasl_auth_enable = yes
	smtpd_tls_auth_only = no

The smtpd_tls_auth_only should probably be changed to yes later as plain text login should only be allowed over encrypted links. Setting this to no makes it easier to debug later on.

Create a file /etc/postfix/sasl/smtpd.conf containing

	pwcheck_method: sasldb

Don't forget to restart your postfix with /etc/init.d/postfix restart.

Create a sasldb with saslpasswd and copy the resulting /etc/sasldb to /var/spool/postfix/etc/sasldb.

Create the base64 encoded string you will need in the smtp session in the auth plain statement:

	printf "\0%s\0%s" username password | base64-encode ; echo

Now telnet into your smtp server:

	flo@touch:~$ telnet 127.0.0.1 smtp
	Trying 127.0.0.1...
	Connected to 127.0.0.1.
	Escape character is '^]'.
	220 test.rfc822.org ESMTP Postfix
	ehlo test
	250-test.rfc822.org
	250-PIPELINING
	250-SIZE 10240000
	250-VRFY
	250-ETRN
	250-AUTH LOGIN PLAIN CRAM-MD5
	250-XVERP
	250 8BITMIME
	auth plain AHVzZXJuYW1lAHBhc3N3b3Jk
	235 Authentication successful
	quit
	221 Bye
	Connection closed by foreign host.