In the case of Postfix, only the main configuration file,/etc/postfix/main.cf, needs to
be modified. Add or edit the following configuration directives: 1. Enable SMTP Authentication in the Postfix SMTP server: smtpd_sasl_auth_enable = yes 2. Instruct Postfix to use theDovecot SASL implementation for SMTP Authentication: smtpd_sasl_type = dovecot 3. Provide the authentication path relative to the Postfix queue directory (note that the use of a relative path ensures that the configuration works regardless of whether the Postfix server runs in achroot or not): smtpd_sasl_path = private/auth This step assumes that you want to use UNIX-domain sockets for communication between Postfix and Dovecot. To configurePostfix to look forDovecot on a different machine in case you use TCP sockets for communication, use configuration values similar to the following: smtpd_sasl_path = inet:127.0.0.1:12345 In the above example, 127.0.0.1 needs to be substituted by theIP address of the Dovecot machine and 12345 by the port specified inDovecot's /etc/dovecot/conf.d/10-master.conf configuration file. 4. Specify SASL mechanisms that thePostfix SMTP server makes available to clients. Note that different mechanisms can be specified for encrypted and unencrypted sessions. smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous The above example specifies that during unencrypted sessions, no anonymous authentication is allowed and no mechanisms that transmit unencrypted user names or passwords are allowed. For encrypted sessions (using TLS), only non-anonymous authentication mechanisms are allowed. See http://www.postfix.org/SASL_README.html#smtpd_sasl_security_options for a list of all supported policies for limiting allowed SASL mechanisms.