Postfix mit SMTP-Authentifikation
Von
Holger Seitter
Konfiguration
Cyrus-SASL
SASL muß nicht konfiguriert, sondern nur gestartet werden:
[root@mail i386]# cd /etc/init.d/ [root@mail init.d]# ./saslauthd start
Postfix
Postfix wird in der Hauptkonfigurationsdatei /etc/postfix/main.cf konfiguriert. Folgende funktioniert bei mir.
# The queue_directory specifies the location of the Postfix queue. queue_directory = /var/spool/postfix # The command_directory parameter specifies the location of all # postXXX commands. command_directory = /usr/sbin # The daemon_directory parameter specifies the location of all Postfix # daemon programs daemon_directory = /usr/libexec/postfix # The mail_owner parameter specifies the owner of the Postfix queue # and of most Postfix daemon processes. Specify the name of a user # account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS # AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. mail_owner = postfix # The myhostname parameter specifies the internet hostname of this # mail system. myhostname = mail.testdomain.de # The mydomain parameter specifies the local internet domain name. mydomain = testdomain.de # The myorigin parameter specifies the domain that locally-posted # mail appears to come from. myorigin = $mydomain # The inet_interfaces parameter specifies the network interface # addresses that this mail system receives mail on. inet_interfaces = $myhostname # inet_interfaces = all # Wenn der Mailserver für mehrere Domains zuständig sein soll # The mydestination parameter specifies the list of domains that this # machine considers itself the final destination for. mydestination = $myhostname, localhost.$mydomain, $mydomain # The mynetworks parameter specifies the list of "trusted" SMTP # clients that have more privileges than "strangers". # # In particular, "trusted" SMTP clients are allowed to relay mail # through Postfix. # Hier kann man dann auch um das interne Netzwerk erweitern. # So wie es hier ist braucht jeder Client ein Passwort. Ist aber gut zum Testen. # Du kannst auch noch etwas wie 192.168.40.0/24 einfügen. Dann dürfen alle Rechner aus # diesem Netzwerk auch Mails ohne Passwort versenden. mynetworks = 127.0.0.0/8 # The relay_domains parameter restricts what clients this mail system # will relay mail from, or what destinations this system will relay # mail to. relay_domains = $mydomain # Erlaube sasl-authentifizierte Clients, die aus mynetworks und die aus relay_domains smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains # The alias_maps parameter specifies the list of alias databases used # by the local delivery agent. alias_maps = hash:/etc/postfix/aliases debug_peer_level = 2 debugger_command = PATH=/usr/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 # sendmail_path: The full pathname of the Postfix sendmail command. sendmail_path = /usr/sbin/sendmail # newaliases_path: The full pathname of the Postfix newaliases command. newaliases_path = /usr/bin/newaliases # mailq_path: The full pathname of the Postfix mailq command. This # is the Sendmail-compatible mail queue listing command. mailq_path = /usr/bin/mailq # setgid_group: The group for mail submission and queue management # commands. setgid_group = postdrop # manpage_directory: The location of the Postfix on-line manual pages. manpage_directory = /usr/share/man # sample_directory: The location of the Postfix sample configuration files. sample_directory = /etc/postfix/samples # readme_directory: The location of the Postfix README files. readme_directory = /etc/postfix/readme best_mx_transport = local # SASL SUPPORT FOR CLIENT # # The following options set parameters needed by Postfix to enable # Cyrus-SASL support for authentication of mailclients. # smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes
OK. Latürnich sollten Sie Daten wie Domain, IP, Hostname, usw. an die Gegebenheiten bei Ihnen anpassen.
Da Postfix von Haus aus nicht sehr gesprächig ist, können wir ihm das beibringen. Was am Anfang gar nicht so schlecht ist, falls Probleme auftreten. Hierzu die Datei /etc/postfix/master.cf öffnen und an das smtpd in der Zeile:
smtp inet n - n - - smtpd
ein -v anhängen. Also wird die Zeile zu:
smtp inet n - n - - smtpd -v