基于postfix带身份验证的smtp server安装文档
Jul
24
基于postfix带身份验证的smtp server安装文档
Lijun ZHOU, 2008.07.22
SMTP Server and saslauth for postfix
OS: CentOS-4
Prerequisites : - Bournce-compatible shell(eg. bash)
- gcc/gmake(gmake necessary for FreeBSD)
- perl 5.8 or above
- OpenSSL
- Linux/FreeBSD
Preparation:
rpm -qa|grep cyrus-sasl (the rpm for cyrus-sasl is not include login and plain)
rpm -e cyrus-sasl (maybe you must use –nodeps)
groupadd postfix -g 2000
groupadd postdrop
useradd postfix -u 2000 -g postfix -G postdrop
groupadd vmail -g 2001
useradd vmail -u 2001 -g 2001
mkdir /appstore/mail
chown vmail:vmail /appstore/mail
chmod -R 771 /appstore/mail
mkdir /var/log/postfix
mkdir /var/run/saslauthd
1. download the packages
wget http://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.22.tar.gz
wget http://www.postfix.cn/source/official/postfix-2.5.2.tar.gz
2. install cyrus-sasl
tar zxvf cyrus-sasl-2.1.22.tar.gz
cd cyrus-sasl-2.1.22
./configure \
--disable-aono \
--enable-plain \
--enable-login \
--with-dbpath=/etc/sasldb2 \
--with-saslauthd=/var/run/saslauthd
make
make install
ln -s /usr/local/lib/sasl2 /usr/lib/sasl2
vi /etc/ld.so.conf
## add below
/usr/local/lib
/usr/local/lib/sasl
## or touch a file at /etc/ld.so.conf.d
ldconfig -v | grep sasl
## you can find sasl2
## test the sasl2
/usr/local/sbin/saslauthd -a shadow pam -d
/usr/local/sbin/testsaslauthd -u root -p password
vi /usr/local/lib/sasl2/smtpd.conf
########################
pwcheck_method: auxprop
log_level: 3
mech_list: PLAIN LOGIN
3. install postfix
tar zxvf postfix-2.5.2.tar.gz
cd postfix-2.5.2
## delete and close the sendmail
service sendmail stop
chkconfig –level 0123456 sendmail off
mv /usr/bin/newaliases /usr/bin/newaliases.orig
mv /usr/bin/mailq /usr/bin/mailq.orig
mv /usr/sbin/sendmail /usr/sbin/sendmail.orig
chkconfig –level 3 sendmail off
#### start install ####
make -f Makefile.init makefiles \
CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/include" \
AUXLIBS="-L/usr/local/lib -lsasl2"
make
make install
ln -s /etc/postfix/aliases /etc/aliases
/usr/bin/newaliases
cd /etc/postfix
mv main.cf main.cf.orig
vi main.cf
#===============================================================================
mydomain=notify.sta.zhangben.com
myhostname=smtp.mail.corp.netbig.com
mynetworks=192.168.0.0/24,127.0.0.0/8
myorigin=$mydomain
#smtpd_banner=$myhostname ESMTP postfix
syslog_facility=local1
syslog_name=postfix
inet_interfaces=192.168.0.235
alias_maps=hash:/etc/postfix/aliases
alias_database=hash:/etc/postfix/aliases
#====================SASL========================
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
# smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,check_relay_domains
# check_relay_domains will be instead by reject_unauth_destination
# SMTP AUTH config here
broken_sasl_auth_clients=yes
#smtpd_sasl_path =/etc/postfix/sasl:/usr/lib/sasl2
#smtp_sasl_mechanism_filter=gssapi
smtpd_sasl_path=smtpd
smtpd_sasl_auth_enable=yes
smtpd_sasl_local_domain=
smtpd_sasl_security_options=noanonymous
#===============================================================================
vi /etc/syslog.conf
## add those
local1.* -/var/log/postfix/postfix.log
local1.info -/var/log/postfix/postfix.info
local1.warn -/var/log/postfix/postfix.warn
local1.err /var/log/postfix/postfix.err
service syslog restart
newalises
postfix start
## you can see the postfix log /var/log/postfix/postfix.log
4. test the smtp server
1) add user for sasl, we can use mysql,openldap,sasldb etc. there, we use sasldb
## Notice, if use sasldb, at postfix’s main.cf smtpd_sasl_local_domain= must be empty
## start sasl
/usr/local/sbin/saslauthd -m /var/run/saslauthd -a shadow pam
## add user
/usr/local/sbin/saslpasswd2 -c -u notify.foolpig.com -a smtpauth noreply
## see the users
/usr/local/sbin/sasldblistusers2
noreply@notify.foolpig.com: userPassword
noreply@notify.foolpig.com: cmusaslsecretOTP
## Notice: you must if the file /etc/sasldb2
chmod 777 /etc/sasldb
2) test smtp server
perl -e ‘use MIME::Base64; print encode_base64(”noreply\@foolpig.com”)’
bm9yZXBseUBmb29scGlnLmNvbQ==
perl -e ‘use MIME::Base64; print encode_base64(”test”)’
dGVzdA==
[root@tst ~]# telnet 192.168.0.235 25
Trying 192.168.0.235…
Connected to 192.168.0.235 (192.168.0.235).
Escape character is ‘^]’.
220 smtp.mail.foolpig.com ESMTP Postfix
EHLO notify.foolpig.com
250-smtp.mail.foolpig.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
bm9yZXBseUBmb29scGlnLmNvbQ==
334 UGFzc3dvcmQ6
dGVzdA==
235 2.0.0 Authentication successful
mail from:
250 2.1.0 Ok
rcpt to:
250 2.1.5 Ok
data
354 End data with
to:
Subject: Hello World
Hello World!
.
250 2.0.0 Ok: queued as A4B0D5FD93
quit
221 2.0.0 Bye
Connection closed by foreign host.
## you will config the DNS to add MX record
.text:''):(d.getSelection?d.getSelection():'');void(keyit=window.open('http://my.poco.cn/fav/storeIt.php?t='+escape(d.title)+'&u='+escape(d.location.href)+'&c='+escape(t)+'&img=http://www.h-strong.com/blog/logo.gif','keyit','scrollbars=no,width=475,height=575,status=no,resizable=yes'));keyit.focus(); "添加到POCO网摘"){kind=logo}
Pingback by Recent Links Tagged With "sasl" - JabberTags
[...] on Mon 20-10-2008 Debian Etch - Perfekcyjny serwer cz.4 - LDAP Saved by npost on Mon 20-10-2008 基于postfix带身份验证的smtp server安装文档 Saved by xBang on Mon 20-10-2008 Install ISPConfig Debian 4.0 Saved by micral on Sat 18-10-2008 [...]
Trackback by Soma sen.
Soma….
Soma side effects. Cheap soma watson. Soma plant. Effects of soma. Soma to florida. Ashes of soma lyrics. Soma san diego….
Trackback by Amoxicillin trihydrate.
Amoxicillin….
Bleeding and amoxicillin….
Trackback by Xanax.
Xanax….
Xanax dosage. Can you buy xanax without a prescription. Xanax….