If I am now understanding correctly: ==== The "smtpd_sasl_auth_enable=yes" configuration parameter for accessing "smtpd submissions", in master.cf, is *entirely distinct* from the "smtpd_relay_restrictions = permit_sasl_authenticated" configuration parameter, which subsequently allows access to "smtp relay", in main.cf. To send mail using sasl authentication, *both* checks, or smtpd sasl and some other "smtp relay" check, have to succeed. Otherwise, the smtpd log will only show "warning: SASL authentication failure: Password verification failed", even when the failure actually occurred with the "smtp relay" check, and not with the "smtpd submissions" check. ====
Since I was rather confused on this point, and confused by the log message - checking and rechecking the SASL configuration, in futility - other people might be as well. Perhaps a bold print "Important" notice with the above text, or something similar, could be added to https://www.postfix.org/SASL_README.html under the section "Enabling SASL authorization in the Postfix SMTP server". And/or, the log message could be made in stages, to distinguish explicitly whether the failure occurred with the master.cf "smtpd submissions" check or with the main.cf "smtp relay" check. I know this may seem obvious in retrospect, and the SASL_README already says explicitly - though without emphasis - that: ---- After the client has authenticated with SASL, the Postfix SMTP server decides what the remote SMTP client will be authorized for. ... These permissions are not enabled by default. ---- that language, to my mind, does not really convey the significance of this configuration parameter in main.cf, *in addition to* the configuration in master.cf, or the frustrating consequence of failing to configure this parameter properly. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
