2008年9月25日 星期四

Debian poxtfix+saslauthd+dovecot

  • 安裝相關套件

    需要的套件:

    apt-get install postfix-tls sasl2-bin libsasl2 libsasl2-modules dovecot-imapd dovecot-pop3d dovecot-common

  • vi /etc/default/saslauthd

    fix

    START=yes
    MECHANISMS="pam"

  • 新增smtpd.conf檔案,

    vi /etc/postfix/sasl/smtpd.conf

    add

    pwcheck_method: saslauthd

  • vi /etc/postfix/main.cf

    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    append_dot_mydomain = no
    myhostname = mail.myurl.org
    mydomain = ns1.myurl.org
    myorigin = $mydomain
    inet_interfaces = all
    mydestination = $mydomain, localhost.$mydomain, localhost
    mynetworks = 127.0.0.0/8

    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    smtpd_sasl_local_domain = $mydomain
    broken_sasl_auth_clients = yes
    smtpd_sender_restrictions = reject_unknown_sender_domain, reject_unverified_sender
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

  • 設定saslauthd

    rm -r /var/run/saslauthd/
    mkdir -p /var/spool/postfix/var/run/saslauthd
    ln -s /var/spool/postfix/var/run/saslauthd /var/run
    chgrp sasl /var/spool/postfix/var/run/saslauthd
    adduser postfix sasl

  • 設定dovecot

    debian:~# vi /etc/dovecot/dovecot.conf

    fix

    protocols = imap pop3
    listen = *
    disable_plaintext_auth = no
    mechanisms = plain login

  • 重新啟動

    debian:~# /etc/init.d/saslauthd restart
    debian:~# /etc/init.d/postfix restart



  • 建立測試帳號,測試完後可以移除

    debian:~# useradd test//密碼設testpass

    debian:~# vi /etc/passwd

    fix

    test:x:1001:1001::/home/test:/bin/false

  • start postfix + saslauthd services
    debian:~# /etc/init.d/postfix reload
    debian:~# /etc/init.d/saslauthd start

  • 測試SASL telnet認證,先用perl取得驗證碼

    perl -MMIME::Base64 -e 'print encode_base64("\0帳號\0密碼");'

    會出現驗證碼,ex:dGVzdAB0ZXN0AHRlc3RwYXNz

  • 對mailserver連線測試,紅色字為要輸入的部份

    telnet 127.0.0.1 25
    ehlo localhost
    you should see something like this:
    250-randallbum.net
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-AUTH LOGIN PLAIN DIGEST-MD5 NTLM CRAM-MD5
    250-AUTH=LOGIN PLAIN DIGEST-MD5 NTLM CRAM-MD5
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    AUTH PLAIN dGVzdAB0ZXN0AHRlc3RwYXNz //打入由perl產生的驗證碼
    235 2.0.0 Authentication successful

    出現驗證成功就代表sasl可以正常運作

  • 在client的帳號設定在外寄伺服器要勾選驗證

  • 檢查/etc/mailname是否為自己的主機名稱

  • dovecot如果無法安裝成功,參考下列網址

    http://ubuntuforums.org/showthread.php?t=736419
poster: thirteen in 凌晨1:01
標籤: ,

1 則留言:

CRACK888WEI 提到...

大哥您好:關於您所寫的"Debian poxtfix+saslauthd+dovecot"對我來說非常的時用非常感謝,但是我現在發生一個問題架設完畢後寄信都沒問題但是我無法回信給我自己也就是說我都不到任何一封來信,帳號設定也按照您的做法去做了是否有修正版還是更新的架設方式可以參考,我會試著重新架設幾次試試看是否我自己哪個環節錯誤感謝

2009年10月27日 上午10:16

張貼留言

訂閱: 張貼留言 (Atom)