服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 后缀智能主机,允许通过dynamicIP中继
Intereting Posts
与Access失败的Active Directory复制被拒绝 CoreOS的默认SSH凭证? 在两个或更多RAID1磁盘对之上构buildLVM卷是否“安全”? 如何在VMWare ESXi 6.5.0 Web UI中将磁盘从精简转换为精简? Nginx的静态内容服务器最大化? Subversion可以“分组”文件吗? 如何从fail2ban中解除? 达到特定数量/超过配额后,reiserfs上的inode数量会爆炸 根据OID(Oracle Internet Directory)对AIX用户进行身份validation 添加额外的处理器后安装与两个 – 2008 R2上的安装 收集并显示nginx统计信息 Postfix 2.9或sendmail,传出垃圾邮件防范(检查发件人是否存在) 在x3650丢失的分区 跟踪Linux下巨大的缓冲区使用情况 无法在Debian上使用virt-install创build虚拟机

后缀智能主机,允许通过dynamicIP中继

我有几个服务器(networking,MySQL,Java)已安装后缀设置为中继到智能主机后缀服务器。 

DYNAMIC IP STATIC IP INTERNET [PHP -> sendmail -> 25:postfix:2525] -> [2525:postfix:25] -> [25:external]

问题是第一台服务器有dynamicIP地址,所以我不能简单地将他们的IP地址添加到中间postfix服务器的main.cf中的mynetworks设置。

我认为解决scheme是SASL,但我无法弄清楚如何设置用户名:第一个密码,并在第二个validation。

这是我在继电器上的 

 apt-get install postfix libsasl2-modules cat > /etc/postfix/main.cf << 'EOF' myhostname = a-eu1-test-http alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases relayhost = [smarthost]:2525 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mydestination = a-eu1-test-http, localhost mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = loopback-only smtpd_banner = $myhostname ESMTP $mail_name biff = no append_dot_mydomain = no readme_directory = no smtp_tls_security_level = encrypt smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/relay_password smtp_sasl_security_options = noanonymous EOF

这就是我对smarthost的了解,但是我不知道如何定义sasl用户: 

 apt-get install postfix libsasl2-modules cat > /etc/postfix/main.cf << 'EOF' myorigin = /etc/mailname myhostname = smarthost alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mydestination = smarthost, localhost mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all smtpd_banner = $myhostname ESMTP $mail_name biff = no append_dot_mydomain = no readme_directory = no smtpd_tls_security_level = encrypt smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache EOF

您基本上错过authentication后端

在接力赛上: 

 apt-get install postfix libsasl2-2 libsasl2-modules sasl2-bin adduser postfix sasl mkdir /etc/postfix/sasl cat > /etc/postfix/sasl/smtpd.conf << EOF pwcheck_method: saslauthd mech_list: PLAIN LOGIN EOF cat > /etc/default/saslauthd << EOF START=yes MECHANISMS="sasldb" OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" EOF saslpasswd2 -c -u `postconf -h myhostname` relay-user service saslauthd start

在客户端: 

 cat > /etc/postfix/relay_passwords << EOF your-relay:2525 relay-user:password EOF postmap /etc/postfix/relay_passwords