Business Machine

Technology, business
and innovation.

And, not least, about
the Mac.

Weblog Archive Cutedge

by: Bernard Teo

Creative Commons License

Copyright © 2003-2012
Bernard Teo
Some Rights Reserved.

The Ultimate Business Machine - Archives

List of Categories : Database * Technology * Commentary * Singapore * Travel *

Tue 16 Dec 2003

SMTP-AUTH on Panther's Postfix

Category : Technology/panthersmtp-auth.txt

I hadn't realised that Panther's built-in Postfix binaries support SMTP-AUTH out-of-the-box, until I got a message from Jeff Bishop about doing an -

otool - L `which Postfix`

which results in -


Versions/A/DirectoryService (compatibility
version 1.0.0, current version 1.0.0)

/usr/lib/libssl.0.9.7.dylib (compatibility
version 0.9.7, current version 0.9.7)

/usr/lib/libsasl2.2.0.1.dylib (compatibility
version 3.0.0, current version 1.0.0)

Versions/A/Kerberos (compatibility version 5.0.0, current version 5.0.0)

/usr/lib/libSystem.B.dylib (compatibility version
1.0.0, current version 71.0.0)

which clearly shows Postfix linked against libsasl2, which is SASL's "glue" layer. I know that Panther's Postfix works with SSL, so this looked encouraging, by association.

So I looked through an old Jaguar installation that had Postfix's SMTP-AUTH mode enabled and copied over things that I needed, like saslpasswd2, sasldblistusers2 and also the old sasldb2.db file. (I couldn't build anything from the Cyrus SASL download on Panther - I keep getting compile errors that I don't think I'll ever know how to solve - will have to wait for these to be fixed.) Fortunately, the stuff from Jaguar looked like they continued to work in Panther.

At first I couldn't get it to work - puzzling over a system.log entry that says that the system can't find the sasldb plugin - until I realised that two files, and, were missing in Panther's /usr/lib/sasl2. So I copied them over from Jaguar, restarted Postfix ... and ... everything works!

Actually it was a lot more work than that. I must have tried a million combinations over the weekend when I wasn't feeling sick with flu. (I'm a Chinese of Fujian descent; so it must be the same strain that's coursing thru the Western half of the world right now; just kidding; it's a sick joke.)

Anyway, it's a nice discovery. Will this make it to Postfix Enabler? Implementing SMTP-AUTH via sasldb means having to maintain a separate password database, plus all the extra code needed to handle the user-interface. Instead, I'm trying to see if we can make SMTP authenticate against PAM, and thereby use the built-in OS X users and group password system. That'll be neater. SMTP works over SSL (TLS). So it'll probably be OK to use plain text passwords. Anyway, it's good that at least one way works. I would never have been able to do this with sendmail. Thanks to whoever at Apple was responsible for the decision to go with Postfix.

Posted at 6:10AM UTC | permalink

Put your Mac to Work Now how would you do something like that?

Weblogs. Download and start a weblog of your own.

A Mac Business Toolbox
A survey of the possibilities

A Business Scenario
How we could use Macs in businesses

VPN Enabler for Mavericks

MailServe for Mavericks

DNS Enabler for Mavericks

DNS Agent for Mavericks

WebMon for Mavericks

Luca for Mavericks

Liya for Mountain Lion & Mavericks

Postfix Enabler for Tiger and Panther

Sendmail Enabler for Jaguar

Services running on this server, a Mac Mini running Mac OS X 10.9.2 Mavericks:

  • Apache 2 Web Server
  • Postfix Mail Server
  • Dovecot IMAP Server
  • Fetchmail
  • SpamBayes Spam Filter
  • Procmail
  • BIND DNS Server
  • DNS Agent
  • WebDAV Server
  • VPN Server
  • PHP-based weblog
  • MySQL database
  • PostgreSQL database

all set up using MailServe, WebMon, DNS Enabler, DNS Agent, VPN Enabler, Liya and our SQL installers, all on Mavericks.