Anybody config postfix to use auth-smtp
Eduardo P. Román O. wrote:
Hi
I been installed postif on my ubuntu-server 7.10, it's great. Then I put
there a postfix, and I need to use like SMTP server, only to send mail using
and e-mail auth smtp from my ISP.
I try to config postfix with sals, but always I get the same problem , the
from of my email it's the host_machine@mydomain, and not the
user_email@myisp, that's why the ISP say me, can't login, invalid user.
Any Idea ???
Good
luck. This is my company's front mail agent. It filters mails and the
delivers to the internal zimbra box. It also has SMTP Auth.
Utilizar
postfix como SMTP-Auth
(Se
ha “sacado†del artÃ*culo:
http://www.howtoforge.com/virtual_postfix_mysql_quota_courier_ubuntu_edgy)
Comprobar
que existen los paquetes:
apt-get
install postfix postfix-mysql
postfix-doc mysql-client mysql-server courier-authdaemon
courier-authlib-mysql courier-pop courier-pop-ssl courier-imap
courier-imap-ssl postfix-tls
libsasl2
libsasl2-modules
libsasl2-modules-sql
sasl2-bin
libpam-mysql
openssl
phpmyadmin apache2
libapache2-mod-php5 php5 php5-mysql
Creación
de una base de datos con nombre “mailâ€
con permisos para el usuario del correo:
GRANT
SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost'
IDENTIFIED BY 'xxxx';
GRANT SELECT, INSERT, UPDATE, DELETE ON
mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY
'xxxx';
FLUSH PRIVILEGES;
Creación
de las tablas:
USE
mail;
CREATE
TABLE domains (
domain varchar(50) NOT NULL,
PRIMARY KEY
(domain) )
TYPE=innodb;
CREATE
TABLE forwardings (
source varchar(80) NOT NULL,
destination
TEXT NOT NULL,
PRIMARY KEY (source) )
TYPE=innodb;
CREATE
TABLE users (
email varchar(80) NOT NULL,
password varchar(20)
NOT NULL,
quota INT(10) DEFAULT '10485760',
PRIMARY KEY
(email)
) TYPE=innodb;
CREATE
TABLE transport (
domain varchar(128) NOT NULL default
',
transport varchar(128) NOT NULL default ',
UNIQUE KEY
domain (domain)
) TYPE=innodb;
Popular
las tablas:
domain
netplc.com
intransys.com
The users
table stores all virtual users (i.e.
email addresses, because the email address and user name is the same)
and passwords (in encrypted form!)
and a quota value for each mail box (in this example the default
value is 10485760 bytes which means 10MB).
email
password
quota
jferrando@netplc.com
No9.E4skNvGa.
encrypt('secret')
10485760
mysql>
insert
into `users` (`email`,
`password`, `quota`) values ('jferrando@almex.es',
encrypt('Net4724'), 25000000);
Query
OK, 1 row affected (0.05 sec)
mysql>
select * from users;
+-------------------------+---------------+----------+
|
email | password | quota |
+-------------------------+---------------+----------+
|
amarquez@intransys.com | XlK2gQsfS3VCI | 10485760 |
|
amarquez@netplc.com | Rkq9YNL8JbHz6 | 10485760 |
...
|
vrecatala@netplc.com | Hu5d.tx4/cdXk | 10485760 |
+-------------------------+---------------+----------+
22
rows in set (0.00 sec)
Comprovar
configuración del postfix:
/etc/postfix/main.cf
#
See /usr/share/postfix/main.cf.dist for a commented, more complete
version
#
Debian specific: Specifying a file name will cause the first
#
line of that file to be used as the name. The Debian default
#
is /etc/mailname.
#myorigin
= /etc/mailname
smtpd_banner
= $myhostname ESMTP $mail_name (Ubuntu)
biff
= no
#
appending .domain is the MUA's job.
append_dot_mydomain
= no
#
Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time
= 4h
#
TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_use_tls=yes
smtpd_tls_session_cache_database
= btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database
= btree:${queue_directory}/smtp_scache
#
See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package
for
#
information on enabling SSL in the smtp client.
#myhostname
= localhost
myhostname
= pccamara.netplc.com
alias_maps
= hash:/etc/aliases
alias_database
= hash:/etc/aliases
mydestination
= localhost, localhost.localdomain, localhost
relayhost
=
mynetworks
= 127.0.0.0/8
mailbox_size_limit
= 0
recipient_delimiter
= +
#inet_interfaces
= loopback-only
inet_interfaces
= all
#virtual_alias_domains
=
#virtual_alias_maps
= mysql:/etc/postfix/mysql-virtual_forwardings.cf
mysql:/etc/postfix/mysql-virtual_email2email.cf
#virtual_mailbox_domains
= mysql:/etc/postfix/mysql-virtual_domains.cf
#virtual_mailbox_maps
= mysql:/etc/postfix/mysql-virtual_mailboxes.cf
#virtual_mailbox_base
= /home/vmail
#virtual_uid_maps
= static:5000
#virtual_gid_maps
= static:5000
smtpd_sasl_enable
= yes
#Enable
the authenticated SMTP feature.
smtpd_sasl_auth_enable
= yes
broken_sasl_auth_clients
= yes
#smtpd_recipient_restrictions
= permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_use_tls
= yes
smtpd_tls_cert_file
= /etc/postfix/smtpd.cert
smtpd_tls_key_file
= /etc/postfix/smtpd.key
content_filter
= amavis:[127.0.0.1]:10024
#Ojo!
Si no está comentada deshabilita los forwardings!
#receive_override_options
= no_address_mappings
smtpd_sender_restrictions
=
permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions
=
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/maps/friends,
reject_unauth_destination,
reject_rbl_client relays.ordb.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_rbl_client multi.uribl.com,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client combined.rbl.msrbl.net,
reject_rbl_client rabl.nuclearelephant.com,
reject_rhsbl_client blackhole.securitysage.com,
reject_rhsbl_sender blackhole.securitysage.com,
reject_rbl_client zen.spamhaus.org,
check_policy_service inet:127.0.0.1:10031,
check_policy_service inet:127.0.0.1:60000
permit
#relay_domains
= netplc.com, intransys.com, almex.es
relay_domains
= hash:/etc/postfix/maps/relay_domains
transport_maps
= hash:/etc/postfix/maps/transport
relay_recipient_maps
= hash:/etc/postfix/maps/relay_recipients
smtp_sasl_security_options
= noanonymous
Afterwards
we create the SSL certificate that is needed for TLS:
cd
/etc/postfix
openssl req -new -outform PEM -out smtpd.cert -newkey
rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509
<--
Enter your Country Name (e.g., "DE").
<-- Enter your
State or Province Name.
<-- Enter your City.
<-- Enter
your Organization Name (e.g., the name of your company).
<--
Enter your Organizational Unit Name (e.g. "IT Department").
<--
Enter the Fully Qualified Domain Name of the system (e.g.
"server1.example.com").
<-- Enter your Email Address.
Then
change the permissions of the smtpd.key:
chmod
o= /etc/postfix/smtpd.key
/etc/postfix/master.cf
#
#
Postfix master process configuration file. For details on the format
#
of the file, see the Postfix master(5) manual page.
#
#
================================================== ========================
#
service type private unpriv chroot wakeup maxproc command + args
#
(yes) (yes) (yes) (never) (100)
#
================================================== ========================
smtp
inet n - - - - smtpd
#submission
inet n - - - - smtpd
#
-o
smtpd_etrn_restrictions=reject
#
-o
smtpd_client_restrictions=permit_sasl_authenticate d,reject
#smtps
inet n - - - - smtpd
#
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission
inet n - - - - smtpd
#
-o smtpd_etrn_restrictions=reject
#
-o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628
inet n - - - - qmqpd
pickup
fifo n - - 60 1 pickup
cleanup
unix n - - - 0 cleanup
qmgr
fifo n - n 300 1 qmgr
#qmgr
fifo n - - 300 1 oqmgr
tlsmgr
unix - - - 1000? 1 tlsmgr
rewrite
unix - - - - - trivial-rewrite
bounce
unix - - - - 0 bounce
defer
unix - - - - 0 bounce
trace
unix - - - - 0 bounce
verify
unix - - - - 1 verify
flush
unix n - - 1000? 0 flush
proxymap
unix - - n - - proxymap
smtp
unix - - - - - smtp
#
When relaying mail as backup MX, disable fallback_relay to avoid MX
loops
relay
unix - - - - - smtp
-o
fallback_relay=
#
-o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq
unix n - - - - showq
error
unix - - - - - error
discard
unix - - - - - discard
local
unix - n n - - local
virtual
unix - n n - - virtual
lmtp
unix - - - - - lmtp
anvil
unix - - - - 1 anvil
scache
unix - - - - 1 scache
#
#
================================================== ==================
#
Interfaces to non-Postfix software. Be sure to examine the manual
#
pages of the non-Postfix software to find out what options it wants.
#
#
Many of the following services use the Postfix pipe(8) delivery
#
agent. See the pipe(8) man page for information about ${recipient}
#
and other message envelope options.
#
================================================== ==================
#
#
maildrop. See the Postfix MAILDROP_README file for details.
#
Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop
unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
#
See the Postfix UUCP_README file for configuration details.
#
uucp
unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
#
#
Other external delivery methods.
#
ifmail
unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp
unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend
unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman
unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
amavis
unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
127.0.0.1:10025
inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o
receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks
Configure
Saslauthd
First run
mkdir
-p /var/spool/postfix/var/run/saslauthd
Then edit
/etc/default/saslauthd. Remove the # in front of START=yes and add
the lines PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
and PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid".
The file should then look like this:
vim /etc/default/saslauthd
#
This needs to be uncommented before saslauthd will be run
automatically
START=yes
PARAMS="-m
/var/spool/postfix/var/run/saslauthd -r"
PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"
#
You must specify the authentication mechanisms you wish to use.
#
This defaults to "pam" for PAM support, but may also
include
#
"shadow" or "sasldb", like this:
#
MECHANISMS="pam shadow"
MECHANISMS="pam"
Then create the file
/etc/pam.d/smtp. It should contain only the following two lines (go
sure to fill in your correct database details):
vim /etc/pam.d/smtp
auth
required pam_mysql.so user=mail_admin passwd=xxxxx
host=127.0.0.1 db=mail table=users usercolumn=email
passwdcolumn=password crypt=1
account
sufficient pam_mysql.so user=mail_admin passwd=xxxxx host=127.0.0.1
db=mail table=users usercolumn=email passwdcolumn=password crypt=1
Next create the file
/etc/postfix/sasl/smtpd.conf. It should look like this:
vim
/etc/postfix/sasl/smtpd.conf
pwcheck_method:
saslauthd
mech_list:
plain login
allow_plaintext:
true
auxprop_plugin:
mysql
sql_hostnames:
127.0.0.1
sql_user:
mail_admin
sql_passwd:
mail_admin_password
sql_database:
mail
sql_select:
select password from users where email = '%u'
Then restart Postfix and
Saslauthd:
/etc/init.d/postfix
restart
/etc/init.d/saslauthd restart
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
|
