#!/bin/sh

#
# $Source:$
# $Id:$
#


# ---- install Berkeley DB 4.6 -----------------------------------------

cd /usr/ports/databases/db46/
make install clean


# ---- install cyrus-sasl2 ---------------------------------------------

cd /usr/ports/security/cyrus-sasl2/
make config
# select [X] BDB           Use Berkeley DB
# select [X] MYSQL         Use MySQL
# select [X] PGSQL         Use PostgreSQL
# select [X] LOGIN         Enable LOGIN authentication
# select [X] PLAIN         Enable PLAIN authentication
# select [X] CRAM          Enable CRAM-MD5 authentication
# select [X] DIGEST        Enable DIGEST-MD5 authentication
make WITH_BDB_VER=46
make install clean


# ---- install postfix-current -----------------------------------------

cd /usr/ports/mail/postfix-current/
make config
# select [X] PCRE      Perl Compatible Regular Expressions
# select [X] SASL2     Cyrus SASLv2 (Simple Auth. and Sec. Layer)
# select [X] TLS       Enable SSL and TLS support
# select [X] BDB       Berkeley DB (choose version with WITH_BDB_VER)
# select [X] MYSQL     MySQL maps (choose version with WITH_MYSQL_VER)
# select [X] PGSQL     PostgreSQL maps (choose with DEFAULT_PGSQL_VER)
#        [ ] OPENLDAP  OpenLDAP maps (choose ver. with WITH_OPENLDAP_VER)
make WITH_BDB_VER=46
make install clean


# ---- configure SASL2 services ----------------------------------------

/usr/local/lib/sasl2/smtpd.conf:
    pwcheck_method: auxprop
    auxprop_plugin: sasldb
    mech_list: plain login
    sasldb_path: /usr/local/etc/sasldb2


# ---- populate SASL2 db file ------------------------------------------

saslpasswd2_program="/usr/local/sbin/saslpasswd2"
saslpasswd2_options="-p -c"
#saslpasswd2_options="-p -c -u `postconf -h myhostname`"

# for each user...
echo secretpassword | ${saslpasswd2_program} ${saslpasswd2_options} ${username} 
# ...

# list users (ensure you have permission to read /usr/local/etc/sasldb2)
/usr/local/sbin/sasldblistusers2

# set permissions
chown postfix:mail /usr/local/etc/sasldb2


# ---- configure postfix as a SASL2 client -----------------------------

/usr/local/etc/postfix/main.cf:
    smtpd_recipient_restrictions    = ... permit_sasl_authenticated ...

    smtpd_sasl_auth_enable          = yes
    smtpd_sasl_security_options     = noanonymous
    smtpd_sasl_local_domain         = $myhostname


# ---- launch ----------------------------------------------------------

/usr/local/etc/rc.d/postfix restart
or postfix reload


# ---- feedback --------------------------------------------------------

Please send any and all comments to gjvc at gjvc dot com.  Thank you.