Yes, you need to enable to the users SEND mail. But when you send mail
courier-imap nothig have to do.

I have the same situation
Good idea, me too. but use LDAP (was the only tutorial that i can find)
NO!, This method is deprecated, and is a security risk. Today in ALL MUA (OE,
tundebird, kmail) you can find some like "autentication to send".

Generally into the sending mail configuration box exist a checkbox "this
server require autentication"

Here the customer must write their data, for example:
User:***@doe.com
pass:john

Obviously is off topic, but here how i solved this.

into the postfix main.cf you must write some like

smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
......
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
......
smtpd_sasl_auth_enable = yes
#this to force SSL, but you must generate the certificate
# (other long problem)
smtpd_tls_auth_only = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes
sasl_pwcheck_method = saslauthd

So you need
send mail postfix --->cyrusSASL --->userdb
read mail courier-imap --->authdaemon --->userdb
view mail Squirrelmail --->courier

I know has no sense having 2 authentication daemons (authdaemon and
cyrusSASL). But postfix cant talk with autdaemon. And Courier cant talk with
cyrusSASL.

Regards
Christian

Then I think you're a bit confused.

* Sending outbound mail is done using SMTP, not IMAP.

* If you want to allow roaming users (i.e. on arbitary dynamic IP addresses)
to send outbound mail using SMTP via your server, then they need to
authenticate themselves somehow, because you don't want to be an open
relay.

Five years ago, the way you might have implemented this was to check for
a valid POP3 or IMAP login, and then enable relaying from that IP address
for a few minutes. You could implement this by scanning POP3/IMAP logs.

However, today you would not do this. Instead, you configure your SMTP
server to allow SMTP authentication (SMTP AUTH), and your mail client
to authenticate to the SMTP server when sending outbound mail. This
avoids having to frig with POP3/IMAP at all

So I suspect your cookbook is perhaps 5 or more years out of date.

* SASL is an authentication framework (RFC 2222). That is, when a protocol
like IMAP has been extended to support SASL, it's then possible to add
new SASL mechanisms without further modification to the protocol.

Common SASL mechansisms include 'PLAIN' (just send plaintext username
and password), and 'CRAM-MD5' (challenge-response authentication
mechanism; server sends a random challenge, and client responses with
a hash of challenge+password, to prove that they know the password
without sending the password in plaintext across the wire)

* Cyrus-SASL is a piece of software. It has nothing to do with the
courier suite. Courier has it's own implementation of SASL built in
and does not rely on any external software for this.

* The IMAP "AUTHENTICATE" command, and the SMTP "AUTH" command, both
implement SASL.

So essentially: you want your MTA (e.g. postfix) to accept SASL
authentication, authenticate against the same user data as courier-imap is
using, and to permit relaying for authenticated users.
That's fine.

If you want your MTA to authenticate against the same database, then either
you need to configure your MTA to lookup usernames/passwords in courier's
proprietary userdb format, or configure your MTA to send authentication
requests to courier's authdaemond using the authdaemond protocol.

Off-the-shelf solutions: you can configure exim to do either of those
options. You could also use the MTA from the full courier suite.

If you want to use postfix, I suspect you may need to take the userdb file
and reformat into a second file to suit the format which postfix requires
(but that's just a guess as I'm not a postfix user). Read the postfix
documentation for setting up SMTP AUTH.

Brian.