2007年4月23日星期一

Debina/ETCH:Postfix+SMTP-AUTH安装备份

# aptitude install postfix libsasl2 sasl2-bin libsasl2-modules libdb3-util


main.cf
will not be modified by the Postfix install process.
Internet Site
Where should mail for root go NONE
Mail name? mail.mydebian.org

Other destinations to accept mail for? (blank for none)
mail.mydebian.org, localhost.localdomain, localhost.localdomain, localhost


Force synchronous updates on mail queue?


# echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
# echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf


$cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login

$ cat /etc/default/saslauthd
START=yes
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR} -r"
PIDFILE="${PWDIR}/saslauthd.pid"
MECHANISMS="pam"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"


$ cat /etc/postfix/main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache


# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.mydebian.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.mydebian.org, localhost.localdomain, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

#################################################
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination



warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
检查 saslauthd 服务是否运行正常, 比如是否生成了 /var/spool/postfix/var/run/saslauthd/saslauthd.pid






测试
$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mail.mydebian.org ESMTP Postfix (Debian/GNU)
ehlo localhost
250-mail.mydebian.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN


http://wiki.ubuntu.org.cn/Postfix_%E5%BF%AB%E9%80%9F%E6%8C%87%E5%8D%97


Mar 9 21:46:12 main postfix/smtp[4721]: 7A68C492E: to=, relay=gmail-smtp-in.l.google.com[64.233.185.27]:25, delay=2.8, delays=0.07/0/1.2/1.5, dsn=2.0.0, status=sent (250 2.0.0 OK 1173429249 62si542346wri)

/usr/share/doc/sasl2-bin/README.Debian

To place the saslauthd socket inside the Postfix chroot, edit
/etc/default/saslauthd and set OPTIONS like this (you may omit -c):
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

To set the run directory using dpkg-statoverride, run this command as root:
dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd

Finally, to add the postfix user to the sasl group:
adduser postfix sasl

没有评论: