SMTP郵件伺服器認證 – Postfix + SASL + SMTP_Auth

安裝

   apt-get install cyrus-sasl

編譯postfix支援dovecot SASL

   make makefiles CCARGS='-DUSE_SASL_AUTH -DDEF_SASL_SERVER="dovecot"'

編譯postfix支援Cyrus SASL

   make tidy

   make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include" AUXLIBS="-L/usr/lib/sasl2 -lsasl2"

[1.] vi /etc/postfix/main.cf

# 2.xx 版本的 Cyrus SASL
#
smtpd_sasl_auth_enable = yes   # 讓標準的MUA使用smtp sasl驗證
broken_sasl_auth_clients = yes   # 讓非標準的MUA使用smtp sasl驗證
smtpd_sasl_local_domain = ' '
smtpd_recipient_restrictions =      # 核淮授權使用者

   permit_mynetworks

   permit_sasl_authenticated

   reject_unauth_destination

smtpd_client_restrictions = permit_sasl_authenticated
smtpd_sasl_security_options = noanonymous   # 設定驗證機制

# 註：在 smtpd_sasl_local_domain 的部分，也可以修改成：
# smtpd_sasl_local_domain=
# 即可！

[2.] vi /etc/postfix/master.cf

# 找到底下的這一行：

# smtp inet n – y – – smtpd
# 將他改成為：
smtp inet n – n – – smtpd

      (rpm套件安裝時就不用改了)

[3.] /etc/rc.d/init.d/postfix reload
　

[4.] vi /usr/lib/sasl2/smtpd.conf

pwcheck_method: saslauthd   # 密碼驗證服務

log_level: 1

 

#mech_list: PLAIN LOGIN   # smtp auth 機制

      vi /etc/sysconfig/saslauthd

MECH=pam

      service saslauthd restart

      版本

         saslauthd -v

saslauthd 2.1.20
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap

   debug

      saslauth -a pam -d

    testing

      sasl2-sample-server -s rcmd -p 33333

      sasl2-sample-client -s rcmd -p 33333 -m PLAIN 127.0.0.1

[5.] telnet localhost 25

Trying 127.0.0.1…
Connected to localhost (127.0.0.1).
Escape character is '^]'.
220 vbird.adsldns.org ESMTP Postfix (1.1.11) (Mandrake Linux)
ehlo localhost  # <==確認主機狀態
250-vbird.adsldns.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN  # <==出現這個就是成功
250-XVERP
250 8BITMIME
quit   # <==離開
221 Bye
Connection closed by foreign host.

[6.] 確定是否有在進行認證的工作
         printf 'crosscross123456' | mmencode

dGVzdAB0ZXN0AGFiYw==

      telnet localhost 25

Trying 127.0.0.1…
Connected to localhost.
Escape character is '^]'.
220 vbird.adsldns.org ESMTP Postfix
ehlo localhost                        # <==先打招呼
250-vbird.adsldns.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-XVERP
250 8BITMIME
auth plain dGVzdAB0ZXN0AGFiYw==
235 Authentication successful       # <==若出現這一行表示 SMTP 已經運作正常
quit

   或者

      perl -MMIME::Base64 -e 'print encode_base64("crosscross123456");'

[7.] 寄信之前需要於outlook中勾選”我的伺服器需要驗證”