#!/bin/sh

#
# $Source:$
# $Id:$
#


# ---- install Berkeley DB 4.6 -----------------------------------------

cd /usr/ports/databases/db46/
make install clean


# ---- install cyrus-sasl2-saslauthd -----------------------------------

cd /usr/ports/security/cyrus-sasl2-saslauthd/
make config
# select [X] BDB       Use Berkeley DB
make WITH_BDB_VER=46
make install clean


# ----- configure saslauthd --------------------------------------------

# enable in /etc/rc.conf

        saslauthd_enable="yes"
        saslauthd_flags="-a sasldb"

# start manually
/usr/local/etc/rc.d/saslauthd start


# ---- populate SASL2 db file ------------------------------------------

specify -u `postconf -h smtpd_sasl_local_domain` to saslpasswd2 to use the same
domain as postfix

username=gjvc
password=secretpassword

echo ${password} | /usr/local/sbin/saslpasswd2 -p -c ${username}

# list users (ensure you have permission to read /usr/local/etc/sasldb2)
/usr/local/sbin/sasldblistusers2

# set permissions to be readable by postfix
chown postfix:mail /usr/local/etc/sasldb2
chmod 640 /usr/local/etc/sasldb2        # 600 is probably better/ok


# ---- test saslauthd --------------------------------------------------

# start saslauthd in the foreground on one terminal and watch the output
/usr/local/sbin/saslauthd -d -a sasldb

# in another terminal, submit authentication requests...
/usr/local/sbin/testsaslauthd -f /var/run/saslauthd/mux -u ${username} -p ${password}

# if all ok, start saslauthd

/usr/local/etc/rc.d/saslauthd restart

# just one more check with the live saslauthd...
/usr/local/sbin/testsaslauthd -f /var/run/saslauthd/mux -u ${username} -p ${password}


# ---- feedback --------------------------------------------------------

Please send any and all comments to gjvc at gjvc dot com.  Thank you.