SASL配置
https://wiki.debian.org/PostfixAndSASL#Implementation_using_Cyrus_SASL
sudo apt-get install sasl2-bin
sudo nano /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN
#-------------
cp /etc/default/saslauthd /etc/default/saslauthd-postfix
sudo nano /etc/default/saslauthd-postfix
START=yes
DESC="SASL Auth. Daemon for Postfix"
NAME="saslauthd-postf" # max. 15 char.
# Option -m sets working dir for saslauthd (contains socket)
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" # postfix/smtp in chroot()
#--------------
sudo dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
sudo adduser postfix sasl
#sudo saslpasswd2 -c -u mydomain.com support
用户必须指定support@mydomain.com作为登录名,不支持。
不幸的是,无法继续使用此变体,它无法工作
选项没有领域,它将默认为服务器的反向DNS
sudo saslpasswd2 -c gmail
# list all users
sudo sasldblistusers2
# to get password which may be used in telnet
# echo -ne '\0username\0pswd' | openssl enc -base64
sudo services saslauthd start
#sudo testsaslauthd -u support -p pswd -r mydomain.com
#sudo testsaslauthd -u support@mydomain.com -p pswd
当您显式声明领域时,第一个变量有效,但第二个变量无效。因此选择了没有领域的变体
sudo testsaslauthd -u gmail -p pswd
# delete user
sudo testsaslauthd -d username
sudo service saslauthd restart
后置继电器
http://www.admin-hints.com/2009/04/how-to-limit-amount-of-messages-per.html
nano /etc/postfix/main.cf
#Clients that are excluded from connection count (default: $mynetworks)
smtpd_client_event_limit_exceptions = $mynetworks
#The time unit over which client connection rates and other rates are calculated. (default: 60s)
anvil_rate_time_unit = 86400s
#How frequently the server logs peak usage information. (default: 600s)
anvil_status_update_time = 120s
#The maximal number of message delivery requests that any client is allowed to make to this service per time unit. (default: 0) To disable this feature, specify a limit of 0.
smtpd_client_message_rate_limit = 200
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_tls_security_level=may
smtpd_sasl_security_options = noanonymous
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
sudo nano /etc/postfix/master.cf
# at the line where commented "#submission inet n" starts
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_security_options=noanonymous
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
检查25个端口(587使用TLS),我的服务器只显示587个端口,25个端口被iptables阻止
使用telnet测试
telnet mydomain.com 25
ehlo dummy
auth plain ARdtYW4sAGRdY1d4cyM9ZnRn # how to get auth plain with your password read above
MAIL FROM: support@mydomain.com
RCPT TO: test@test.com
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: test subject
Hello,
This is test message
.
# dot at the end
quit
如果出现意外情况,请在此处查找错误
tail -f /var/log/mail.log