I just realized my config doesn't appear to be using SASL, though I
compiled it with the correct libs and flags (from makedefs.out):
SYSLIBS = -lssl -lcrypto -L/usr/lib/sasl -lsasl2 -lpcre -ldb -lnsl
-lresolv -ldl
CC = gcc -I. -I../../include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL
-DUSE_TLS -I/usr/include/sasl -DNO_EAI -DHAS_PCRE -UUSE_DYNAMIC_LIBS
-DDEF_SHLIB_DIR=\"no\" -UUSE_DYNAMIC_MAPS $(
WARN)
OPT = -O
DEBUG = -g
AWK = awk
STRCASE =
EXPORT = CCARGS='-I. -I../../include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL
-DUSE_TLS -I/usr/include/sasl -DNO_EAI -DHAS_PCRE -UUSE_DYNAMIC_LIBS
-DDEF_SHLIB_DIR=\"no\" -UUSE_DYNAMIC_MAP
S' OPT='-O' DEBUG='-g'
EHLO shows this:
250-PIPELINING
250-SIZE [ omitted ]
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 8BITMIME
My main.cf:
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_ask_ccert = yes
smtpd_tls_security_level = may
smtp_tls_session_cache_database =
btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem
smtpd_tls_cert_file = /etc/postfix/certs/my.domain.com.pem
smtpd_tls_key_file = /etc/postfix/certs/my.domain.com.key
smtp_tls_loglevel = 1
smtpd_tls_received_header = yes
tls_random_source = dev:/dev/urandom
smtpd_tls_auth_only = yes
smtpd_client_new_tls_session_rate_limit = 4
Prior to this, I was getting errors in the logs, indicating that SASL
was configured, but not compiled in. I'm no longer getting those errors.
Can someone point me in the right direction? Or did I miss something above.
Thanks.
