hi, all, I'v installed postfix with sasl authentication successfully, it seems work well: the client can not use postfix server to send mail if the client can not pass smtp authentication, this is what i expected. but when i config my client not use smtp authentication, it still can send mail by the postfix server!(on client: if i choose to use smtp authentication, i must enter the correct username and password, but if i do not chose to use smtp authentication, it can send mail without authentication.)

my test client is kmail
my server is redhatlinux 9+cyrus sasl2+ postfix2.0.4

i do the above test on the same pc(the client and the server both on a same machine)

my main.cf is as below:

#postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, postfix.$mydomain
mydomain = mydomain.com
myhostname = test.mydomain.com
mynetworks = 127.0.0.0/8, 10.167.34.0/24, hash:/etc/postfix/access
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /etc/postfix/readme_files
relay_domains = $mydomain
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 450

any help will be appreciated!

There are only 10 types of people in the world: Those who understand binary, and those who don't

I'm trying to do exactly the same thing you are.  My questions is.  you have rh9 out of the box.  What else did you install ontop of that to get things working?  I can't seem to get your same configuration to work.  Thanks!
-ben

hmmm, I think I have solved that problem,and my openwebmail works well with postfix and sasl2.

I run the client and server on the same box, so the client did not need smtp authentication. when I did test on another machine, the client had to be authenticated before it could send mail.

perhaps you should check your sasl2 installation process and the configuration in your main.cf.

There are only 10 types of people in the world: Those who understand binary, and those who don't

What do you mean my "sasl2 installation process"?  What I want to know is, what programs did you isntall ontop of redhat 9 to get this to work.  Are you using the default packages, or is it something you downloaded?
-ben

the authentication daemon that cyrus sasl2 uses(saslauthd) is different from that of cyrus sasl1 (pwcheck,pam,sasldb,shadow)which is the default package for rh9.

I download the source file of sasl2 and install it by the below steps:
tar -zxvf /root/cyrus-sasl-2.1.12.tar.gz
cd cyrus-sasl-2.1.12
 ./configure   \
> --prefix=/usr/local/cyrus-sasl2 --enable-login --enable-plain \
> --enable-pwcheck --with-saslauthd=/var/run \

make clean && make
make install

cd /usr/lib
ln -s /usr/local/cyrus-sasl2/lib/* .
cd /usr/lib/sasl2
echo 'pwcheck_method: saslauthd' > smtpd.conf
echo 'mech_list:plain login'  >>  smtpd.conf

#added a manpath
vi /etc/man.config
#add below:
MANPATH /usr/local/cyrus-sasl2/man

#start the saslauthd daemon
/usr/local/cyrus-sasl2/sbin/saslauthd -a shadow

#test if saslauthd works well, we use the utility comes with source file names 'testsaslauthd'
cd /usr/local/src/cyrus-sasl-2.1.12/saslauthd/
make testsaslauthd
./testsaslauthd -u userID -p 'yours.passwd'
0: OK "Success."
# this mean your sasl works well!

#add it to the system start file
vi /etc/rc.d/rc.local
# add below
/usr/local/cyrus-sasl2/sbin/saslauthd -a shadow

my english is not so well, hope you can understand what i say, good luck.

There are only 10 types of people in the world: Those who understand binary, and those who don't