AUTH is the mechanism that allows client email programs to relay their outgoing SMTP data through this server with username/password authentication, thus preventing having to hardcode IP addresses in your mail config, and allowing mobile/roaming users with changing IP addresses to relay.
/usr/local/etc/imapd.confis the real thing under FreeBSD.
Note that the 'imtest -t' recommended earlier does not seem to work.
Note that you should have the users configure to the base server name,
and configure that here in the TLS parms. IMAPd will figure out which
user they are asking about via the other parms, it does not want the
virtual domain name they think they're using.
Beware that if you provide a user that does not already exist, you
will not be notified, it will simply be added. This behaviour really
pisses me off, as there is a "-c" option to do a create. It seems to
me that if you don't provide a "-c", it should return an error on a
Useful test I found:
tldp.org how to Cyrus
imtest -m login -p imap localhost
Then give it your root password. I get an "OK" with a huge list of capabilites, follwed by "Authenticated.". Now type:
. logout to quit (note space after dot)
pkg search sasl
pkg install cyrus-sasl
If you want to enable SMTP AUTH with the system Sendmail, read Sendmail.README NOTE: This port has been compiled with a default pwcheck_method of auxprop. If you want to authenticate your user by /etc/passwd, PAM or LDAP, install ports/security/cyrus-sasl2-saslauthd and set sasl_pwcheck_method to saslauthd after installing the Cyrus-IMAPd 2.X port. You should also check the /usr/local/lib/sasl2/*.conf files for the correct pwcheck_method. If you want to use GSSAPI mechanism, install ports/security/cyrus-sasl2-gssapi. If you want to use SRP mechanism, install ports/security/cyrus-sasl2-srp. If you want to use LDAP auxprop plugin, install ports/security/cyrus-sasl2-ldapdb.
pkg install cyrus-sasl-saslauthd
saslauthd_flags="-r -a pam"
cyrus_imap_flags="-d -l 64"[20200501 -- see note at imap/popper]
pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: CRAM-MD5 DIGEST-MD5 PLAIN LOGIN sasl_passwd_check: shadow defaultdomain: vintners.net log_level: 9Lastly, check for SASLv2 in the "Compiled with:" output:
sendmail -d0.4 -bv root
/var/log/messagesfor errors or anything - nothing. Tried putting a link in
/etc/saslauthdpointing to the same file, repeat, again no errors. Merde. Added
SASL_LOG_ERR=1and left it, we'll see if anything has happened later.
/usr/local/lib/sasl2/Sendmail.conf(yes, mixed case).
saslauthd: login_getclass: unknown class 'customer'
/etc/master.passwdhad gotten messed up by a bad portmaster merge. One of the accounts had gotten the group name "customer" in the field following the actual group number. I guess that field which is usually empty, just colon-colon, must be the "login class".
vipwand remove that word.
] cd /usr/ports/security/cyrus-sasl2 ] make
this means you have both the "base" version of OpenSSL installed (came with FreeBSD distribution) and a (presumedly newer) "Port" version. You will want to do the following (as superuser) in order to clear up this confusion:brix# make Dependency warning: used OpenSSL version contains known vulnerabilities Please update or define either WITH_OPENSSL_BASE or WITH_OPENSSL_PORT *** Error code 1 Stop in /usr/ports/security/cyrus-sasl2.
mv openssl openssl.base
ln -s /usr/local/bin/ openssl
] make install
make(need not be done as superuser)
make(need not be done as superuser)
saslpasswd2 -c username If you want to enable SMTP AUTH with the system Sendmail, read Sendmail.README NOTE: This port has been compiled with a default pwcheck_method of auxprop. If you want to authenticate your user by /etc/passwd, PAM or LDAP, install ports/security/cyrus-sasl2-saslauthd and set sasl_pwcheck_method to saslauthd after installing the Cyrus-IMAPd 2.X port. You should also check the /usr/local/lib/sasl2/*.conf files for the correct pwcheck_method.