Postfix

Postfix is Wietse Venema's sendmail alternative that attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users.

Postfix:pmm is our shell script to review Postfix maillog. Postfix:main.cf contains additional ideas for your main.cf

FreeBSD and TLS/SASL

Ignore the version numbers, the port names are what is important.

# pkg_info | egrep '(postfix|sasl)'
cyrus-sasl-2.1.21_1 RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-saslauthd-2.1.21 SASL authentication server for cyrus-sasl2
postfix-2.2.6,1     A secure alternative to widely-used Sendmail

postfix:main.cf:

smtpd_use_tls = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes

Anything extra in the directory below I put into the deactivated directory I created.

# ls /usr/local/lib/sasl2/
deactivated             libdigestmd5.so.2       libplain.so.2
libcrammd5.a            liblogin.a              libsasldb.a
libcrammd5.so           liblogin.so             libsasldb.so
libcrammd5.so.2         liblogin.so.2           libsasldb.so.2
libdigestmd5.a          libplain.a              smtpd.conf
libdigestmd5.so         libplain.so

rc.conf:

saslauthd_enable="YES"

In my case, I used the .pem file I had for imapd. You may have to generate on using mkimapdcert if you don't have $file.pem on your server. And finally, start everything up.

#  /usr/local/etc/rc.d/saslauthd.sh start
# postfix reload

Now

# tail -f /var/log/maillog

and try to use TLS & SMTP AUTH with your email client, watching the logs.