当前位置: 首页 > 工具软件 > Cyrus SASL > 使用案例 >

RedHat AS 4.1 + Postfix + Dovecot + Cyrus-sasl 安装笔记

訾朗
2023-12-01

RedHat AS 4.1 + Postfix + Dovecot + Cyrus-sasl 安装笔记

作者:fandy
电子邮箱:cbbc@163.com
QQ:332018422
建立日期:2005年10月25日,最后修改日期:2005年10月30日
版权说明:本文章的内容归作者版权所有,同时也接受大家的转贴,但一定要保存作者信息和出处,多谢!

在写以下的文章前,首先我要多谢我的好老婆,因为有她的支持、关心、体谅才能令我坚持下来完这篇文章,真的要好好的多谢我老婆,真的想大呼“老婆我爱您!”;
Red Hat Enterprise Linux Server 4.1 + Postfix-2.2.5-3 + Cyrus-sasl-2.1.19-5来做SMTP认证的文章,在网站的介绍好像不是多!有的都是一些旧到什么时候的文章或者说是使用一些低版本的软件来实现的啊!真的不知道大家是什么样想???在这我也想多谢“Postfix在中国”网站的版主“hzqbbc”大大的帮助!(注在配置以下的信息前,以下的操作请使用root用户来操作)

Step0、实验环境:

网络域名:easy.com
DNS主机名称:pdc.easy.com
DNS主机IP地址:192.168.1.254
      邮件主机名称:mail.easy.com
      邮件主机IP地址:192.168.1.253
      操作系统:RedHat Enterprise Server 4.1中文版

 

 

Step1、SASL所提供的密码认证方式共分为四种:

PAM :使用系统的 pam 模块做为认证,在Redhat上可使用此方式 ;

shadow :利用系统的 /etc/shadow 文件做为其身份认证的方式。但也因此则需要修改 /etc/shadow 档的存取权限,需改为 644,安全性有较大问题;

pwcheck :方式同 shadow 认证,但不须修改 /etc/shadow 档的存取权限,而须在每次开机时执行 pwcheck 。您也可在 /etc/rc.d/rc.local 档中加入执行叙述,适用于FreeBSD;

sasldb :SASL本身自带的认证方法,是使用 sasl 数据库来存放使用者的账号与密码,使用指令 saslpasswd 来新增或修改使用者账号与密码;
saslpasswd -c -u 11way.com dandy      //新增sasl用户
sasldblistusers                   //list sasl用户


Step2、安装所需要的软件清单:

postfix-2.2.5-3.rhel4.rpm 
cyrus-sasl-2.1.19-5.rhel4.i386.rpm 
dovecot-0.99.11-2.rhel4.1.rpm 

--------------------------------------------------------------------------------------------------
说明:本文中的postfix-2.2.5-3.rhel4.rpm是我自己从postfix-2.2.5-3.rhel4.src.r
pm编辑过postfix.spec文件重新编译产生的二制安装文件,postfix-2.2.5-3.rhel4
.src.rpm重新编译产生的过程请继续阅读本文章!cyrus-sasl-2.1.19-5.rhel4.i386
.rpm本处选择安装操作系统时一起安装,请大家注意啊!!!
--------------------------------------------------------------------------------------------------

Step3、编译postfix-2.2.5-3.rhel4.src.rpm的过程:

# rpm –Uvh postfix-2.2.5-3.rhel4.src.rpm
1:postfix        warning: user sjmudd does not exist - using root
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root%)
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root%)
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root%)
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root
warning: group sjmudd does not exist - using root
warning: user sjmudd does not exist - using root%)
warning: group sjmudd does not exist - using root
########################################### [100%]

# cd /usr/src/redhat/SPECS/(进入postfix.spec文件目录)

使用系统的文本编辑器修改/usr/src/redhat/SPECS/postfix.spec文件内容:

%define with_sasl      0
更改为:
%define with_sasl      1

# rpmbuild –bb postfix.spec (开始创建二进制.rpm文件)

…………详细安装过程《略去》…………

Wrote: /usr/src/redhat/RPMS/i386/postfix-2.2.5-3.rhel4.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/postfix-debuginfo-2.2.5-3.rhel4.i386.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.68924
+ umask 022
+ cd /usr/src/redhat/BUILD
+ cd postfix-2.2.5
+ umask 022
+ '[' -n /var/tmp/postfix-2.2.5-buildroot -a /var/tmp/postfix-2.2.5-buildroot '!=' / ']'
+ rm -rf /var/tmp/postfix-2.2.5-buildroot
+ exit 0 (完成编译提示)

# cd /usr/src/redhat/RPMS/i386 (进入存放新编译的二进制文件目录)

# rpm –ivh postfix-2.2.5-3.rhel4.rpm (正式开始安装postfix程序)

Preparing...        ################################# [100%]
  1:postfix        ################################# [100%]

链接 /usr/share/man/man8/sendmail.8.gz 到从 mta-sendmailman (/usr/share
/man /man1/sendmail.1.gz mta-sendmailman)不正确 (出现以上的提示可以不用管它)

Step4、启动postfix + dovecot服务过程:

      # service postfix start

Starting postfix:                            [  确定  ]

# service dovecot start

启动 Dovecot Imap:                         [  确定  ]

Step5、修改/etc/dovecot.conf文件:

#protocols = imap imap3
更改为:
protocols = imap imap3 pop3 pop3s (启动imap imap3 pop3 pop3s功能)

auth_passdb = pam
更改为:
auth_passdb = shadow

# service dovecot restart(重新启动dovecot服务)

停止 Dovecot Imap:                           [  确定  ]
启动 Dovecot Imap:                           [  确定  ]

Step6、修改/etc/postfix/main.cf文件:

     #myhostname = host.domain.tld
更改为:
myhostname = mail.easy.com (指定运行Postfix邮件系统的主机名称)

#mydomain = domain.tld
更改为:
mydomain = easy.com (指定Postfix邮件系统使用的域名比例:easy.com)

#myorigin = $mydomain
更改为:
myorigin = easy.com (指定发件人所在的域名比例:easy.com)

#inet_interfaces = all
更改为:
Inet_interfaces =all (指定Postfix邮件系统监视的网络接口)

#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain
更改为:
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, www.$mydomain,
ftp.$mydomain (指定Postfix接收邮件时收件人的域名)

#mynetworks = host
更改为:
mynetworks = host (指定您所在的网络地址)

     # service postfix restart (重新启动postfix服务)

Shutting down postfix:                         [  确定  ]
Starting postfix:                              [  确定  ]

Step7、端口测试:

# telnet mail.easy.com 25 (测试25端口)
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.easy.com ESMTP Postfix
quit
221 Bye
Connection closed by foreign host.

# telnet mail.easy.com 110 (测试110端口)
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK dovecot ready.
quit
+OK Logging out
Connection closed by foreign host.

Step8、为Postfix系统的STMP增加认证功能:

在/etc/postfix/main.cf文件中增加以下内容:

#SMTP sasl Auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_auth_destination,
permit_mynetworks,
check_relay_domain reject
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_sasl_security_options = noanonymous

--------------------------------------------------------------------------------------------------
说明:注意smtpd_recipient_restrictions =这一项的书写格式,就是它而令我身体死着不知道多少个细胞,它伤害了我。请大家一定要注意书写格式啊!!!
--------------------------------------------------------------------------------------------------

修改/etc/postfix/master.cf文件中的以下内容:

smtp    inet  n     -     n     -     -     smtpd
更改为:
smtp    inet  n     n     n     -     -     smtpd

修改/usr/lib/sasl2/smtpd.conf文件中的以下内容:

pwcheck_method: saslauthd
更改为:
pwcheck_method: PAM (使用PAM的认证方式)

#复制smtpd.conf到sasl目录下:
# cp /usr/lib/sasl2/smtpd.conf /usr/lib/sasl/smtpd.conf

# service dovecot restart(最好是重新启动dovecot服务)

停止 Dovecot Imap:                           [  确定  ]
启动 Dovecot Imap:                           [  确定  ]

# service postfix restart (最好是重新启动postfix服务)

停止 down postfix:                            [  确定  ]
启动 postfix:                                [  确定  ]

# service saslauthd restart (最好是重新启动saslauthd服务)

停止 down postfix:                            [  确定  ]
启动 postfix:                                [  确定  ]

简单测试saslauthd认证:

# telnet mail.easy.com 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.easy.com ESMTP Postfix
ehlo mail.easy.com   (输入ehlo mail.easy.com)
250-mail.easy.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH GSSAPI LOGIN PLAIN
250-AUTH=GSSAPI LOGIN PLAIN
250 8BITMIME

--------------------------------------------------------------------------------------------------
说明:在进行简单测试saslauthd认证过程中出现以下的信息:
250-AUTH GSSAPI LOGIN PLAIN
250-AUTH=GSSAPI LOGIN PLAIN
就代表以cyrus-sasl成功启动了!

用户通过认证发送电子邮件的日志记录:

Oct 30 18:15:33 mail postfix/smtpd[13382]: connect from unknown[192.168.1.2]
Oct 30 18:15:33 mail postfix/smtpd[13382]: AED93B480E: client=unknown[192.168.1.2], sasl_method=LOGIN, sasl_username=fandy
Oct 30 18:15:33 mail postfix/cleanup[13385]: AED93B480E: message-id=<002201c5dd3c$6a097c70$0201a8c0@easy>
Oct 30 18:15:33 mail postfix/qmgr[13334]: AED93B480E: from=<fandy@easy.com>, size=1401, nrcpt=1 (queue active)
Oct 30 18:15:33 mail postfix/smtpd[13382]: disconnect from unknown[192.168.1.2]
Oct 30 18:15:33 mail postfix/local[13386]: AED93B480E: to=<biao@easy.com>, relay=local, delay=0, status=sent (delivered to mailbox)
Oct 30 18:15:33 mail postfix/qmgr[13334]: AED93B480E: removed

 类似资料: