rhel4 postfix+sasl2構建簡單郵件伺服器 參考http://bbs.chinaunix.net/thread-987344-1-1.html http://linux.vbird.org/linux_server/0390postfix.php rhel4 cyrus-sasl-2.1.22 + postfix-2.4.6 業務需求為通過在線程序和群發軟體用smtp可以給網站的幾十萬會員群發郵件如:節日祝福、站內通知、事件提醒等。 小弟為菜鳥,請問各位大大這樣配置是否正確?能否滿足效率及安全需要? 查看當前sasl版本 #saslauthd -v 關閉當前運行的SENDMAIL: #/etc/rc.d/init.d/sendmail stop 禁止開機運行: #chkconfig -levels 12345 sendmail off 或 #chkconfig sendmail off關閉原有的sendmail: # mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF # mv /usr/bin/newaliases /usr/bin/newaliases.OFF # mv /usr/bin/mailq /usr/bin/mailq.OFF # chmod 755 /usr/sbin/sendmail.OFF /usr/bin/newaliases.OFF /usr/bin/mailq.OFF 關閉原有的sendmail:# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF# mv /usr/bin/newaliases /usr/bin/newaliases.OFF# mv /usr/bin/mailq /usr/bin/mailq.OFF# chmod 755 /usr/sbin/sendmail.OFF /usr/bin/newaliases.OFF /usr/bin/mailq.OFF 安裝sasl #tar zxvf cyrus-sasl-2.1.22.tar.gz #cd cyrus-sasl-2.1.22 #./configure --prefix=/usr/local/sasl2 (注意使用續行符) --disable-gssapi --disable-anon --disable-sample --disable-digest --enable-plain --enable-login authlib/var/spool/authdaemon/socket #make #make install 關閉原有的sendmail: # mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF # mv /usr/bin/newaliases /usr/bin/newaliases.OFF # mv /usr/bin/mailq /usr/bin/mailq.OFF # chmod 755 /usr/sbin/sendmail.OFF /usr/bin/newaliases.OFF /usr/bin/mailq.OFF 安裝sasl #tar zxvf cyrus-sasl-2.1.22.tar.gz #cd cyrus-sasl-2.1.22 #./configure --prefix=/usr/local/sasl2 (注意使用續行符) --disable-gssapi--disable-anon--disable-sample--disable-digest--enable-plain--enable-login #make #make install 關閉原有的sasl: # mv /usr/lib/libsasl2.a /usr/lib/libsasl2.a.OFF # mv /usr/lib/libsasl2.la /usr/lib/libsasl2.la.OFF # mv /usr/lib/libsasl2.so.2.0.19 /usr/lib/libsasl2.so.2.0.19.OFF # mv /usr/lib/sasl2 /usr/lib/sasl2.OFF # rm /usr/lib/libsasl2.so # rm /usr/lib/libsasl2.so.2 # ln -sv /usr/local/sasl2/lib/* /usr/lib postfix 2.3以後的版本會分別在/usr/local/lib和/usr/local/include中搜索sasl庫文件及頭文件,故還須將其鏈接至此目錄中: # ln -sv /usr/local/sasl2/lib/* /usr/local/lib # ln -sv /usr/local/sasl2/include/sasl/* /usr/local/include 創建運行時需要的目錄並調試啟動 # mkdir -pv /var/state/saslauthd # /usr/local/sasl2/sbin/saslauthd -a shadow -d 啟動並測試 # /usr/local/sasl2/sbin/saslauthd -a shadow # /usr/local/sasl2/sbin/testsaslauthd -u root -p root用戶密碼 配置庫文件搜索路徑 # echo "/usr/local/sasl2/lib" >> /etc/ld.so.conf # echo "/usr/local/sasl2/lib/sasl2" >> /etc/ld.so.conf # ldconfig -v 開機自動啟動 # echo "/usr/local/sasl2/sbin/saslauthd -a shadow ">>/etc/rc.local 安裝postfix #tar zxvf postfix-2.4.6.tar.gz #cd postfix-2.4.6 #make tidy #make makefiles CCARGS='-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/sasl2/include/sasl' 'AUXLIBS=-L/usr/local/sasl2/lib -lsasl2' #groupadd -g 2525 postfix #useradd -g postfix -u 2525 -s /sbin/nologin -M postfix #groupadd -g 2526 postdrop #useradd -g postdrop -u 2526 -s /bin/false -M postdrop #make #make install 按照以下的提示輸入相關的路徑([]號中的是預設值,」]」后的是輸入值) install_root: [/] / tempdir: /tmp config_directory: /etc/postfix daemon_directory: /usr/local/postfix/libexec command_directory: /usr/local/postfix/sbin queue_directory: sendmail_path: newaliases_path: mailq_path: mail_owner: setgid_group: html_directory: manpages: /usr/local/postfix/man readme_directory: 這裡的postfix將安裝在獨立的目錄/usr/local/postfix中,目的是為了方便管理;您亦可以採用默認安裝的方式,可能這樣使用起來會更為方便些; 生成別名二進位文件,這個步驟如果忽略,會造成postfix效率極低: # newaliases #vi /etc/postfix/main.cf 修改以下幾項為您需要的配置 myhostname = mail.c1gstudio.com myorigin = c1gstudio.com mydomain = c1gstudio.com mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks = 192.168.1.0/24, 127.0.0.0/8 啟動postfix #/usr/local/postfix/sbin/postfix start # telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mail.c1gstudio.com ESMTP Postfix ehlo mail.c1gstudio.com 250-mail.c1gstudio.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from:root@c1gstudio.com 250 2.1.0 Ok rcpt to:redhat@c1gstudio.com 250 2.1.5 Ok data 354 End data with . subject:Mail test! Mail test!!! . 250 2.0.0 Ok: queued as AB94A1A561 quit 221 2.0.0 Bye Connection closed by foreign host. 使用以下命令驗正postfix是否支持cyrus風格的sasl認證,如果您的輸出為以下結果,則是支持的: # /usr/local/postfix/sbin/postconf -a cyrus dovecot #vi /etc/postfix/main.cf 添加以下內容: ############################CYRUS-SASL############################ broken_sasl_auth_clients = yes smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sasl_application_name = smtpd smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available! #vi /usr/local/lib/sasl2/smtpd.conf 添加如下內容: pwcheck_method: saslauthd mech_list: PLAIN LOGIN 讓postfix重新載入配置文件 #/usr/local/postfix/sbin/postfix reload 添加smtp認證用戶 # groupadd mailuser # adduser -g mailuser -s /sbin/nologin service # passwd john Changing password for user john. New UNIX password: BAD PASSWORD: it is too simplistic/systematic Retype new UNIX password: passwd: all authentication tokens updated successfully. # passwd service Changing password for user service. New UNIX password: BAD PASSWORD: it is too simplistic/systematic Retype new UNIX password: passwd: all authentication tokens updated successfully. # 檢查是否可以通過認證 # /usr/local/sasl2/sbin/testsaslauthd -u john -p 123456 0: OK "Success." # /usr/local/sasl2/sbin/testsaslauthd -u service -p 123456 0: OK "Success." 生成base64備用 # perl -MMIME::Base64 -e 'print encode_base64("service");' c2VydmljZQ== # perl -MMIME::Base64 -e 'print encode_base64("123456");' MTIzNDU2 # telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 Welcome to our devmail.c1gstudio.com ESMTP,Warning: Version not Available! ehlo localhost 250-devmail.c1gstudio.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth login 334 VXNlcm5hbWU6 c2VydmljZQ== 334 UGFzc3dvcmQ6 MTIzNDU2 235 2.0.0 Authentication successful mail from:root@c1gstudio.com 250 2.1.0 Ok rcpt to:admin@c1gstudio.com 250 2.1.5 Ok data 354 End data with . suject:hello 13:08 this is a test . 250 2.0.0 Ok: queued as 0BABAD607EB quit 221 2.0.0 Bye Connection closed by foreign host. 開機運行 #echo "/usr/local/postfix/sbin/postfix start" >> /etc/rc.d/rc.local 列出配置 #/usr/local/postfix/sbin/postconf -n 可以查看郵件隊列 #/usr/local/postfix/sbin/postqueue -p 去郵箱檢查郵件已收到。 dreammail發送也成功。 網站esmtp發送成功。
[火星人
]
rhel4 postfix+sasl2構建簡單郵件伺服器 已經有549 次圍觀
本文地址: http://coctec.com/docs/service/show-post-32112.html