Common Tech Share

使用者工具

網站工具

足跡: postfix-sasl
postfix-sasl
參考 https://blog.tiger-workshop.com/ubuntu-postfix-mail-server-msa-dovecot-smtp-authentication/

================= dovecot =================

vi /etc/dovecot/conf.d/10-master.conf 

  unix_listener auth-userdb {
    #mode = 0666
    #user = 
    #group = 
  }

  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
  #  mode = 0666
  }

systemctl start dovecot.service 

10-09 14:35 [root@kiosk postfix]# netstat -anlpt |grep dov
tcp        0      0 127.0.0.1:995           0.0.0.0:*               LISTEN      2770103/dovecot     
tcp        0      0 127.0.0.1:110           0.0.0.0:*               LISTEN      2770103/dovecot
10-09 14:36 [root@kiosk postfix]# lr /var/spool/postfix/private/
total 0
srw-rw-rw- 1 postfix postfix 0 Oct  8 20:37 virtual=
srw-rw-rw- 1 postfix postfix 0 Oct  8 20:37 verify=
srw-rw-rw- 1 postfix postfix 0 Oct  8 20:37 trace=
srw-rw-rw- 1 postfix postfix 0 Oct  8 20:37 tlsmgr=
srw-rw-rw- 1 postfix postfix 0 Oct  8 20:37 smtp=
srw-rw-rw- 1 postfix postfix 0 Oct  8 20:37 scache=
srw-rw-rw- 1 postfix postfix 0 Oct  8 20:37 rewrite=
srw-rw-rw- 1 postfix postfix 0 Oct  8 20:37 retry=
srw-rw-rw- 1 postfix postfix 0 Oct  8 20:37 relay=
srw-rw-rw- 1 postfix postfix 0 Oct  8 20:37 proxywrite=
srw-rw-rw- 1 postfix postfix 0 Oct  8 20:37 proxymap=
srw-rw-rw- 1 postfix postfix 0 Oct  8 20:37 policyd-spf=
srw-rw-rw- 1 postfix postfix 0 Oct  8 20:37 local=
srw-rw-rw- 1 postfix postfix 0 Oct  8 20:37 lmtp=
srw-rw-rw- 1 postfix postfix 0 Oct  8 20:37 error=
srw-rw-rw- 1 postfix postfix 0 Oct  8 20:37 discard=
srw-rw-rw- 1 postfix postfix 0 Oct  8 20:37 defer=
srw-rw-rw- 1 postfix postfix 0 Oct  8 20:37 bounce=
srw-rw-rw- 1 postfix postfix 0 Oct  8 20:37 anvil=
srw------- 1 root    root    0 Oct  9 14:35 auth=

================= postfix =================

/etc/postfix/master.cf 修改前: 

10-09 14:53 [root@kiosk postfix]# postconf |grep smtpd_sasl
smtpd_sasl_auth_enable = no
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain =
smtpd_sasl_mechanism_filter = !external, static:rest
smtpd_sasl_path = smtpd
smtpd_sasl_response_limit = 12288
smtpd_sasl_security_options = noanonymous
smtpd_sasl_service = smtp
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus
10-09 15:06 [root@kiosk ssh]# postconf |grep sasl_auth_clients
broken_sasl_auth_clients = no
10-09 15:09 [root@kiosk postfix]#

修改 master.cf 的 submission inet 區段: 

submission inet n       -       n       -       -       smtpd
  -o {smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_unknown_recipient_domain,reject_unverified_recipient,reject_authenticated_sender_login_mismatch,check_policy_service unix:private/policyd-spf}
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_local_domain=$myhostname
  -o smtpd_sasl_path=private/auth
  -o smtpd_sasl_type=dovecot
  -o broken_sasl_auth_clients=yes

修改後,systemctl restart postfix.service: 

10-09 15:35 [root@kiosk postfix]# telnet 127.0.0.1 587
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail.feuer.idv.tw ESMTP Gabriel (3.8.1) (Mageia Linux)
quit
221 2.0.0 Bye
Connection closed by foreign host.
postfix-sasl.txt · 上一次變更: 2023/10/09 07:48 由 fire