代码之家  ›  专栏  ›  技术社区  ›  Index

如何安全地将后缀配置为gmail的smtp中继

  •  0
  • Index  · 技术社区  · 8 年前

    我有一封电子邮件support@mydomain.com其被配置为将所有电子邮件转发到gmail电子邮件地址。从gmail邮箱回复我希望它从support@mydomain.com. 以前,gmail通过简单的设置允许这一点>帐户和导入->添加您拥有的另一个电子邮件地址,然后选择发送带有验证码的电子邮件以验证我拥有它。但现在只有“通过SMTP服务器发送邮件”选项可用

    我已经安装了带有后缀的服务器。现在,后缀仅用于发送来自此服务器的电子邮件。iptables将不允许从不同的PC/服务器连接到后缀,现在它是安全的,因为没有人可以通过我的服务器发送电子邮件。

    我在谷歌上搜索了很多,但发现了很多关于如何配置后缀以通过smtp.gmail.com发送电子邮件的文章。 但我需要反之亦然-gmail应该以安全的方式通过我的后缀smtp服务器发送电子邮件。

    你能帮我找到如何实现这一目标的方法吗?

    1 回复  |  直到 8 年前
        1
  •  0
  •   Index    8 年前

    SASL配置

    https://wiki.debian.org/PostfixAndSASL#Implementation_using_Cyrus_SASL

    sudo apt-get install sasl2-bin
    
    sudo nano /etc/postfix/sasl/smtpd.conf
    pwcheck_method: saslauthd
    auxprop_plugin: sasldb
    mech_list: PLAIN LOGIN
    #-------------
    
    cp /etc/default/saslauthd /etc/default/saslauthd-postfix
    
    sudo nano /etc/default/saslauthd-postfix
    START=yes
    DESC="SASL Auth. Daemon for Postfix"
    NAME="saslauthd-postf"      # max. 15 char.
    # Option -m sets working dir for saslauthd (contains socket)
    OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"        # postfix/smtp in chroot()
    #--------------
    
    sudo dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
    sudo adduser postfix sasl
    
    #sudo saslpasswd2 -c -u mydomain.com support
    

    用户必须指定support@mydomain.com作为登录名,不支持。 不幸的是,无法继续使用此变体,它无法工作 选项没有领域,它将默认为服务器的反向DNS

    sudo saslpasswd2 -c gmail
    
    # list all users
    sudo sasldblistusers2 
    
    # to get password which may be used in telnet
    # echo -ne '\0username\0pswd' | openssl enc -base64
    
    sudo services saslauthd start
    
    #sudo testsaslauthd -u support -p pswd -r mydomain.com
    #sudo testsaslauthd -u support@mydomain.com -p pswd
    

    当您显式声明领域时,第一个变量有效,但第二个变量无效。因此选择了没有领域的变体

    sudo testsaslauthd -u gmail -p pswd
    
    # delete user
    sudo testsaslauthd -d username      
    
    sudo service saslauthd  restart
    

    后置继电器

    http://www.admin-hints.com/2009/04/how-to-limit-amount-of-messages-per.html

    nano /etc/postfix/main.cf
    #Clients that are excluded from connection count (default: $mynetworks)
    smtpd_client_event_limit_exceptions = $mynetworks
    #The time unit over which client connection rates and other rates are calculated. (default: 60s)
    anvil_rate_time_unit = 86400s
    #How frequently the server logs peak usage information. (default: 600s)
    anvil_status_update_time = 120s
    #The maximal number of message delivery requests that any client is allowed to make to this service per time unit. (default: 0) To disable this feature, specify a limit of 0.
    smtpd_client_message_rate_limit = 200
    
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = $myhostname
    smtpd_tls_security_level=may
    smtpd_sasl_security_options = noanonymous
    smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
    
    sudo nano /etc/postfix/master.cf
    # at the line where commented "#submission inet n" starts
    submission inet n       -       -       -       -       smtpd
      -o syslog_name=postfix/submission
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_sasl_security_options=noanonymous
      -o smtpd_reject_unlisted_recipient=no
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    

    检查25个端口(587使用TLS),我的服务器只显示587个端口,25个端口被iptables阻止

    使用telnet测试

    telnet mydomain.com 25
    ehlo dummy
    auth plain ARdtYW4sAGRdY1d4cyM9ZnRn                     # how to get auth plain with your password read above
    MAIL FROM: support@mydomain.com
    RCPT TO: test@test.com
    DATA
    354 End data with <CR><LF>.<CR><LF>
    Subject: test subject
    
    Hello,
    
    This is test message
    .
    # dot at the end
    quit
    

    如果出现意外情况,请在此处查找错误

    tail -f /var/log/mail.log