[TUTORIAL] StickyProxmox Mail Gateway v8 with Authentication

hoanv9

Active Member
Apr 15, 2020
42
5
28
43
I am going with proxmox as MTA and try to make it authenticate with our Active Directory. Going through many thread and guideline but I can not make it work with saslauthd and ldap.
Is there anyone have the exp on this?


Small write-up on how to do this in Proxmox Mail Gateway 6.x:
  • install packages for saslauthd:
    Code:
    apt-get install sasl2-bin libsasl2-modules
  • modify /etc/default/saslauthd:
    Code:
    START=yes
    DESC="SASL Authentication Daemon"
    NAME="saslauthd"
    MECHANISMS="ldap"
    MECH_OPTIONS=""
    THREADS=5
    OPTIONS="-c -m /var/run/saslauthd"
  • create /etc/saslauthd.conf (use a dedicated service account on ldap/ad for pmg):
    Code:
    ldap_use_sasl: yes
    ldap_servers: ldap://10.1.1.10:389
    ldap_search_base: OU=users,DC=example,DC=com
    ldap_bind_dn: CN=<pmg_service_username>,OU=Service accounts,DC=example,DC=com
    ldap_password: <pmg_service_password>
  • start the saslauthd service:
    Code:
    service saslauthd restart
  • test ldap connection through saslauthd, using a regular ldap/ad user:
    Code:
    testsaslauthd -u <username> -p <password>
  • check the logs for sasslauthd
    Code:
    journalctl -fu saslauthd

Once the 0: OK "Success." is received from testsaslauthd the postfix config can be done.
 
I set the TUTORIAL prefix on the thread (as I think it is quite fitting).

Thanks for sharing your experiences!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!