I finally found a good blog post on the subject of getting Postfix to do SMTP-AUTH via SASL.
I went one step further, and instead of moving /var/run/saslauthd/
to the Postfix chroot, I did a bind mount:
/etc/fstab
:
Postfix was announcing methods like CRAM-MD5 which can’t be supported by the PAM backend, so I restricted them down to PLAIN and LOGIN (over TLS only, obviously):
/etc/postfix/sasl/smtpd.conf
:
Now, it’s working nicely, and I can IMAPS and SMTP-AUTH-TLS to my mail server from anywhere.