Postfix + CYRUS + SASL + TLS + PAM

After the death of my former mail server I have been tweaking its replacement. The new box is running SuSE 9.3 and instead of Sendmail + UW IMAP it runs Postfix and Cyrus. I setup the Cyrus authentication to use PAM. The PAM authentication is then using ‘’ to authenticate to my samba domain. Everything seemed to be working well for the past few days. Seemed to be, that is until I attempted to send mail away form home via my mail server. Due to mail security to prevent spammers from using me as an open relay sending was of course blocked. I did some more configuration and went through every HOWTO I could find. Every time I tried connecting I would get errors from the client and the following in the ‘/var/log/mail.warn’ file.

postfix/smtpd[11633]: warning: SASL authentication failure: Password verification failed
postfix/smtpd[11633]: warning: (remote hostname): SASL PLAIN authentication failed
postfix/smtpd[11633]: warning: (remote hostname): SASL LOGIN authentication failed

I finaly ran across a posting on a message board describing this problem. Their resolution was to edit the file ‘/etc/sysconfig/saslauthd’ and change the line:

that change would negate the use of PAM authentication when relaying mail. This was not an option for me. It then occured to me that what was needed was a coresponding PAM entry in ‘/etc/pam.d/’ to handle SMTP. To that end I copied my ‘imap’ file to ‘smtp’ so that the resulting file contained the following:

auth include common-auth
account include common-account
password include common-password
session include common-session

After that file was created I tried sending my message again, and it worked perfectly.

The best HOWTO I found, aside from the one on the PostFix website, was one located on HOWTO Forge. It is a subset of an overall SUSE Perfect Setup . By following it I was able to setup TLS in minutes.