[SASL] Pour que redisdead fasse de l'authentification SMTP.

Ignore-this: cb29821c4567bf826fc6bccfc7cf4202

darcs-hash:20120802143205-b6762-ff46de74c6dde65e1b5dcdbb02afc48efb822a79.gz

Bundler/postfix.xml

@@ -21,4 +21,10 @@
       <ConfigFile name="/etc/postfix/ldap-sqlgrey.cf"/>
     </Group>
   </Group>
+
+  <Group name="mail-mx-main">
+    <ConfigFile name="/etc/postfix/sasl/smtpd.conf"/>
+    <ConfigFile name="/etc/saslauthd.conf"/>
+    <ConfigFile name="/etc/default/saslauthd"/>
+  </Group>
 </Bundle>

Cfg/etc/default/saslauthd/saslauthd

@@ -0,0 +1,55 @@
+#
+# Settings for saslauthd daemon
+# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
+#
+
+# Should saslauthd run automatically on startup? (default: no)
+START=yes
+
+# Description of this saslauthd instance. Recommended.
+# (suggestion: SASL Authentication Daemon)
+DESC="SASL Authentication Daemon"
+
+# Short name of this saslauthd instance. Strongly recommended.
+# (suggestion: saslauthd)
+NAME="saslauthd"
+
+# Which authentication mechanisms should saslauthd use? (default: pam)
+#
+# Available options in this Debian package:
+# getpwent  -- use the getpwent() library function
+# kerberos5 -- use Kerberos 5
+# pam       -- use PAM
+# rimap     -- use a remote IMAP server
+# shadow    -- use the local shadow password file
+# sasldb    -- use the local sasldb database file
+# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
+#
+# Only one option may be used at a time. See the saslauthd man page
+# for more information.
+#
+# Example: MECHANISMS="pam"
+MECHANISMS="ldap"
+
+# Additional options for this mechanism. (default: none)
+# See the saslauthd man page for information about mech-specific options.
+MECH_OPTIONS=""
+
+# How many saslauthd processes should we run? (default: 5)
+# A value of 0 will fork a new process for each connection.
+THREADS=5
+
+# Other options (default: -c -m /var/run/saslauthd)
+# Note: You MUST specify the -m option or saslauthd won't run!
+#
+# WARNING: DO NOT SPECIFY THE -d OPTION.
+# The -d option will cause saslauthd to run in the foreground instead of as
+# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
+# to run saslauthd in debug mode, please run it by hand to be safe.
+#
+# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
+# See the saslauthd man page and the output of 'saslauthd -h' for general
+# information about these options.
+#
+# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
+OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

Cfg/etc/postfix/sasl/smtpd.conf/smtpd.conf

@@ -0,0 +1,2 @@
+pwcheck_method: saslauthd
+mech_list: plain login

Cfg/etc/saslauthd.conf/saslauthd.conf

@@ -0,0 +1,5 @@
+ldap_servers: ldap://ldap.adm.crans.org
+ldap_bind_dn: cn=postfix,dc=crans,dc=org
+ldap_password: f34842fd04aa7f58bc45bb
+ldap_filter: (&(objectClass=posixAccount)(uid=%u))
+ldap_search_base: ou=data,dc=crans,dc=org

Python/etc/postfix/main.cf

@@ -270,6 +270,8 @@ if main:
     content_filter = "lmtp:[amavis.adm.crans.org]:10024"
     lmtp_data_done_timeout = 1200
     lmtp_send_xforward_command = True
+    smtpd_sasl_type = cyrus
+    cyrus_sasl_config_path = /etc/postfix/sasl
 
 @# Pieces jointes
 mime_header_checks = "regexp:/etc/postfix/mime_header_checks"