我试图configuration一个辅助后缀来启用SMTP AUTH对我的主要后缀服务器(postfix + ldap auth + cyrus)
我已按照http://www.postfix.org/SASL_README.html#client_sasl添加:
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous relayhost = [192.168.66.98] 辅助后缀的configuration文件是:
# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = localhost, 192.168.66.85 inet_protocols = all local_recipient_maps = mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost mydomain = ddol-test.com mynetworks = 192.168.66.0/24, 127.0.0.0/8 myorigin = $myhostname newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES relay_domains = $mydestination relayhost = [192.168.66.98] sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous transport_maps = unknown_local_recipient_reject_code = 550 # cat /etc/postfix/sasl_passwd [192.168.66.98] [email protected]:1234
当我发送一封邮件时,它被正确地redirect到.66.98,但是它没有对它进行authentication,并且电子邮件的行为就像是一个非authentication的用户。
这是我的主要后缀configuration:
# cat main.cf ... ... smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = smtpd smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch, permit smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_sender, reject_non_fqdn_recipient, check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unverified_recipient, check_policy_service inet:127.0.0.1:10045, reject_rbl_client bl.spamcop.net, reject_rbl_client psbl.surriel.com, reject_rbl_client sbl.spamhaus.org, reject_rbl_client xbl.spamhaus.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client relays.ordb.org, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client dnsbl.njabl.org, permit header_checks = pcre:/etc/postfix/header_checks smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031 soft_bounce = no smtpd_helo_required = yes smtpd_delay_reject = yes disable_vrfy_command = yes smtpd_sender_login_maps = ldap:/etc/postfix/sender_maps amavisd-new_destination_concurrency_limit = 20 virtual_alias_maps = ldap:/etc/postfix/mailRedirect ldap:/etc/postfix/virtual ldap:/etc/postfix/catch-all smtpd_sasl_local_domain = smtp_tls_security_level = may smtpd_tls_security_level = may smtpd_tls_auth_only = no smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/ssl/private/smtpd.key smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom message_size_limit=15728640
现在,从第二后缀发送的任何邮件被中继到主后缀,但它通过所有的检查,因为它是一个非authentication的用户,但我不想这样做。 我希望电子邮件的行为与通过身份validation的用户相同,并在smtpd_recipient_restrictions中的“permit_sasl_authenticated”中停止。
你的问题在这里:
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous relayhost = [192.168.66.98]
请注意,您使用的是“smtpd”而不是“smtp”。 这意味着你正在为聆听的deamon而不是发送代理人设置一个sasl。
这是我在我的使用:
# use authentication relayhost = [mail.messagingengine.com]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/saslpass smtp_sasl_security_options = noanonymous
它工作正常。
哦 – saslpass的内容是:
mail.messagingengine.com [email protected]:mypass
注意冒号和空格。 我猜你需要在那里做IP地址,或者在/ etc / hosts中input一个条目并使用一个名字。 @ my.domain是因为messagingengine使用完全限定的电子邮件地址进行login。 你可能只需要一个用户名。