代码之家 › 专栏 › 技术社区 › Index

如何安全地将后缀配置为gmail的smtp中继

postfix-mta gmail smtp email

Index · 技术社区 · 8 年前

我有一封电子邮件support@mydomain.com其被配置为将所有电子邮件转发到gmail电子邮件地址。从gmail邮箱回复我希望它从support@mydomain.com. 以前,gmail通过简单的设置允许这一点>帐户和导入->添加您拥有的另一个电子邮件地址,然后选择发送带有验证码的电子邮件以验证我拥有它。但现在只有“通过SMTP服务器发送邮件”选项可用

我已经安装了带有后缀的服务器。现在,后缀仅用于发送来自此服务器的电子邮件。iptables将不允许从不同的PC/服务器连接到后缀,现在它是安全的,因为没有人可以通过我的服务器发送电子邮件。

我在谷歌上搜索了很多,但发现了很多关于如何配置后缀以通过smtp.gmail.com发送电子邮件的文章。但我需要反之亦然-gmail应该以安全的方式通过我的后缀smtp服务器发送电子邮件。

你能帮我找到如何实现这一目标的方法吗?

1 回复 | 直到 8 年前

Index 8 年前

SASL配置

https://wiki.debian.org/PostfixAndSASL#Implementation_using_Cyrus_SASL

sudo apt-get install sasl2-bin

sudo nano /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN
#-------------

cp /etc/default/saslauthd /etc/default/saslauthd-postfix

sudo nano /etc/default/saslauthd-postfix
START=yes
DESC="SASL Auth. Daemon for Postfix"
NAME="saslauthd-postf"      # max. 15 char.
# Option -m sets working dir for saslauthd (contains socket)
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"        # postfix/smtp in chroot()
#--------------

sudo dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
sudo adduser postfix sasl

#sudo saslpasswd2 -c -u mydomain.com support

用户必须指定support@mydomain.com作为登录名,不支持。不幸的是,无法继续使用此变体,它无法工作选项没有领域,它将默认为服务器的反向DNS

sudo saslpasswd2 -c gmail

# list all users
sudo sasldblistusers2 

# to get password which may be used in telnet
# echo -ne '\0username\0pswd' | openssl enc -base64

sudo services saslauthd start

#sudo testsaslauthd -u support -p pswd -r mydomain.com
#sudo testsaslauthd -u support@mydomain.com -p pswd

当您显式声明领域时,第一个变量有效,但第二个变量无效。因此选择了没有领域的变体

sudo testsaslauthd -u gmail -p pswd

# delete user
sudo testsaslauthd -d username      

sudo service saslauthd  restart

后置继电器

http://www.admin-hints.com/2009/04/how-to-limit-amount-of-messages-per.html

nano /etc/postfix/main.cf
#Clients that are excluded from connection count (default: $mynetworks)
smtpd_client_event_limit_exceptions = $mynetworks
#The time unit over which client connection rates and other rates are calculated. (default: 60s)
anvil_rate_time_unit = 86400s
#How frequently the server logs peak usage information. (default: 600s)
anvil_status_update_time = 120s
#The maximal number of message delivery requests that any client is allowed to make to this service per time unit. (default: 0) To disable this feature, specify a limit of 0.
smtpd_client_message_rate_limit = 200

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_tls_security_level=may
smtpd_sasl_security_options = noanonymous
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

sudo nano /etc/postfix/master.cf
# at the line where commented "#submission inet n" starts
submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject

检查25个端口(587使用TLS),我的服务器只显示587个端口,25个端口被iptables阻止

使用telnet测试

telnet mydomain.com 25
ehlo dummy
auth plain ARdtYW4sAGRdY1d4cyM9ZnRn                     # how to get auth plain with your password read above
MAIL FROM: support@mydomain.com
RCPT TO: test@test.com
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: test subject

Hello,

This is test message
.
# dot at the end
quit

如果出现意外情况,请在此处查找错误

tail -f /var/log/mail.log