I have no idea why, but postfix + ubuntu + sasl (cyrus-type) are stupidly unhappy… and honestly I’m tired it it.

Install cyrus sasl2 (from apt)
Download the latest source for postfix
compile postfix with the right flags (wietse could do far better with this conglomeration!!)

make makefiles CCARGS="-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl” AUXLIBS="-lssl -lcrypto -lsasl2”

install this postfix. Yes, you should really use the .deb from Ubuntu but for 3 major versions (from 7 through 10) they’ve not been able to offer a postfix package, a sasl2 package and a saslauthd that all play nice together.

Configure the minimal postfix bits (follow the postfix tutorial)
configure sasl handoff from postfix to saslauthd:

# cat /etc/postfix/sasl2/smtpd.conf
log_level: 4
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

Make saslauthd validate against shadow passwds and listen in a socket in /var/run/saslauthd.

Add postfix to the saslauthd group

restart saslauthd
restart postfix

test a client connection:

openssl s_client -host mailsystem -port 465
ehlo me
AUTH PLAIN bW9ycm9adsasd3Ywdjasdasdasd=

Create the string of base64 with:

perl -MMIME::Base64 -e ‘print encode_base64("username\0username\0password")’

If you get back an ‘Authentication Succeeded!’ everything’s looking good!