8-)

# saslauthd -v
saslauthd 2.1.22
authentication mechanisms: sasldb getpwent kerberos5 pam rimap
Должен быть pam.

проверка авторизации:

# useradd -s /bin/false test
# passwd test
Changing password for user test.
New UNIX password: *******
Retype new UNIX password: *******
passwd: all authentication tokens updated successfully.
# testsaslauthd -u test -p password -s smtp
0: OK "Success."

Локальные пользователи:

# cat /etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login

# postconf -n
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = server.local
myhostname = mail.server.local
mynetworks = 127.0.0.0/8
myorigin = $mydomain
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes

# perl -MMIME::Base64 -e  'print encode_base64("\0test\0password")'
AHRlc3QAcGFzc3dvcmQ=

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.server.local ESMTP Postfix
EHLO localhost
250-mail.server.local
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN
334
AHRlc3QAcGFzc3dvcmQ=
235 2.0.0 Authentication successful
mail from:<>
250 2.1.0 Ok
rcpt to:<test@server.local>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Hello world!!!
.
250 2.0.0 Ok: queued as 00A3060027
quit
221 2.0.0 Bye
Connection closed by foreign host.

# cat maillog | grep 00A3060027
Jan 17 01:38:55 centos5 postfix/smtpd[5001]: 00A3060027: client=mail.server.local[127.0.0.1], sasl_method=plain, sasl_username=test
Jan 17 01:39:42 centos5 postfix/cleanup[9916]: 00A3060027: message-id=<20080116233855.00A3060027@mail.server.local>
Jan 17 01:39:42 centos5 postfix/qmgr[2813]: 00A3060027: from=<>, size=378, nrcpt=1 (queue active)
Jan 17 01:39:42 centos5 postfix/local[13589]: 00A3060027: to=<test@server.local>, relay=local, delay=73, delays=73/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
Jan 17 01:39:42 centos5 postfix/qmgr[2813]: 00A3060027: removed


Виртуальные пользователи:

Добавляем виртуального пользователя@домен

# saslpasswd2 -c -u domain user
Password: *******
Again (for verification): *******

Просмотр созданных

# sasldblistusers2
user@domain: userPassword

Метод авторизации через sasldb

# cat /etc/sasl2/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: plain login
# chown root:postfix /etc/sasldb2
# ls -la /etc/sasldb2
-rw-r----- 1 root postfix 12288 Jan 17 10:37 /etc/sasldb2
Минимальный конфиг postfix
# postconf -n
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
virtual_alias_maps = hash:/etc/postfix/virtual_alias
virtual_gid_maps = static:1984
virtual_mailbox_base = /var/spool/mail/vbox
virtual_mailbox_domains = server.local
virtual_mailbox_maps = hash:/etc/postfix/virtual_user
virtual_uid_maps = static:1984
Алиасы
# cat virtual_alias
test2@server.local test1@server.local
Где хранить почту (если мы принимаем почту для виртуальных доменов). Лежать будет в $virtual_mailbox_base/domain/user@domain/
# cat virtual_user
test1@server.local server.local/test1@server.local/
Подключаем, добавляем группу.
# postmap virtual_user
# postmap virtual_alias
# groupadd -g 1984 virtual
# useradd virtual -s /bin/false -g virtual -u 1984
# chown virtual:virtual /var/spool/mail/vbox
Бывает включается nis. Выдаст ошибку.
# postconf | grep nis:
alias_maps = hash:/etc/aliases, nis:mail.aliases
# postconf -e alias_maps=hash:/etc/aliases
Тестим телнетом
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.server.local ESMTP Postfix
EHLO localhost
250-mail.server.local
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN
334
AHRlc3QyQHNlcnZlci5sb2NhbAAxMjM0NTY3
235 2.0.0 Authentication successful
MAIL FROM:<>
250 2.1.0 Ok
RCPT TO:<test2@server.local>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Hello
.
250 2.0.0 Ok: queued as 498086003F
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

# cat /var/log/maillog | grep 498086003F
Jan 17 13:16:07 centos5 postfix/smtpd[16254]: 498086003F: client=mail.server.local[127.0.0.1], sasl_method=plain, sasl_username=test1@server.local
Jan 17 13:16:11 centos5 postfix/cleanup[16257]: 498086003F: message-id=<20080117111607.498086003F@mail.server.local>
Jan 17 13:16:11 centos5 postfix/qmgr[16251]: 498086003F: from=<>, size=364, nrcpt=1 (queue active)
Jan 17 13:16:11 centos5 postfix/virtual[16258]: 498086003F: to=<test1@server.local>, orig_to=<test2@sys-adm.local>, relay=virtual, delay=14, delays=14/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Jan 17 13:16:11 centos5 postfix/qmgr[16251]: 498086003F: removed

# perl -MMIME::Base64 -e  'print encode_base64("\0test2\@server\.local\0001234567")'
AHRlc3QyQHNlcnZlci5sb2NhbAAxMjM0NTY3

Смешанный тип

# cat /usr/lib/sasl2/smtpd.conf
pwcheck_method: auxprop saslauthd
auxprop_plugin: sasldb
mech_list: plain login

Troubleshooting

AUTH not available

yum install curys-sasl-plain


Recipient address rejected: User unknown in local recipient table;

# saslpasswd2 -c -u domain user
Password: *******
Again (for verification): *******
# echo "user@domain domain/user@domain/" >> /etc/postfix/virtual_user
# postmap /etc/postfix/virtual_user

Навигация

Navigation

Печать/экспорт