I want to set up Postfix SMTP authentication so I have two different passwords to authenticate with: one main one that gives me access to both SMTP and IMAP, for my own use with trusted clients, and a separate one that gives me the ability to send messages via SMTP only, and that will not work for IMAP.
The reason is that gmail will not let me send mail as an auxiliary mail identity through its own SMTP servers anymore, and requires a username and password to authenticate itself to my own SMTP servers. Since I’m unhappy giving gmail my main email password, I decided a second gmail-specific password would be a good idea.
This turns out to be difficult.
Postfix will authenticate either against Dovecot, or using Cyrus-SASL.
Cyrus-SASL can talk to a number of things, and one of them is a SQL
database, but it won’t let you use
crypt for the passwords stored
in the database. That’s a showstopper there. The other alternative is
to back Cyrus-SASL with PAM, but that involves figuring out PAM.
Painful, and another link in the (already long) chain:
Postfix → Cyrus-SASL → PAM → Database.
I’ve asked on the Freenode
#cyrus channel about the possibility of
getting a patch for
crypted SQL-database passwords accepted, but no
There are a couple of patches out there that get close to what I want;
the best (but still not quite right) is this
one. It needs work to support other
schemes and to extract salt properly.
Perhaps I will give in and learn how to configure PAM…
Update: At the suggestion of the kind people on
decided instead to set up a separate account on my email server for
gmail to log into, and simply forward any mail that’s delivered there
(by accident, presumably) to my main account.