[Comm] postfix+sasl+cyrus
Salavat Yarmukhametov
=?iso-8859-1?q?salavat_=CE=C1_regiongarant=2Eru?=
Вт Янв 11 17:06:32 MSK 2005
Здраствуйте уважаемые, необходимо настроить smtp с авторизацией
для мобильных пользователей/филиалов конторы. Никак не выходит чаша :(
Помогите люди добрые!
M2.4+Updates
uname -a
Linux test.regiongarant.ru 2.4.26-std-smp-alt8 #1 SMP Wed Dec 15 21:27:21
MSK 2004 i686 unknown unknown GNU/Linux
postfix пересобранный из дедалуса.
[root на test postfix]# rpm -qa |grep postfix
postfix-control-1.2-alt1
postfix-2.0.20-alt2.1
/etc/postfix/main.cf
myhostname = test.regiongarant.ru
mydomain = regiongarant.ru
myorigin = $myhostname
inet_interfaces = all
mydestination = localhost, $myhostname, localhost.$mydomain, $config_directory/mydestination
unknown_local_recipient_reject_code = 550
mynetworks_style = subnet
mailbox_command = /usr/bin/procmail -a $DOMAIN -d $LOGNAME
mailbox_transport = lmtp:unix:/public/lmtp
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_helo_required = yes
readme_directory = /etc/postfix/README_FILES
sample_directory = /etc/postfix/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/share/man
daemon_directory = /usr/lib/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
virtual_maps = hash:/etc/postfix/virtual
# SMTP Auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_auth_only = no
smtpd_sasl_local_domain = $mydomain
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
#smtp_sasl_security_options = noplaintext
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
/etc/postfix/master.cf
smtp inet n - - - - smtpd
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
#qmgr fifo n - - 300 1 nqmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -m ${extension} ${user}
/etc/sasl2/saslpasswd.conf
pwcheck_method: sasldb
mech_list: login plain
[root на test sasl2]# ls -l
total 20
-rw-r----- 1 root root 2519 Jul 19 13:34 saslauthd.conf
-rw-r----- 1 postfix sasl 12288 Dec 30 15:29 sasldb2
-rw-r----- 1 root root 46 Dec 30 10:14 saslpasswd.conf
скопировал все в /var/spool/postfix/etc/sasl2
less /usr/lib/sasl2/smtpd.conf
#pwcheck_method: saslauthd
pwcheck_method: auxprop
mech_list: login plain
Создал пользователей:
[root на test postfix]# sasldblistusers2
test на regiongarant.ru: userPassword
salavat на regiongarant.ru: userPassword
test на regiongarant.ru: cmusaslsecretOTP
salavat на regiongarant.ru: cmusaslsecretOTP
проверяю с другой машины:
[salavat на salavat salavat]$ telnet test 25
Trying 192.168.1.101...
Connected to test.
Escape character is '^]'.
220 test.regiongarant.ru ESMTP Postfix
ehlo test.regiongarant.ru
250-test.regiongarant.ru
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH PLAIN LOGIN
250-XVERP
250 8BITMIME
auth plain
334
dGVzdAB0ZXN0AHRlc3RwYXNz
235 Authentication successful
типа - все работает
[root на test /]# postfix check
postfix/postfix-script: warning: not owned by root:
/var/spool/postfix/etc/sasl2/sasldb2
postfix/postfix-script: warning: /var/spool/postfix/etc/saslpass have no
original source
postfix/postfix-script: warning: /var/spool/postfix/etc/saslpass.db have
no original source
postfix/postfix-script: warning: /var/spool/postfix/etc/virtual have no
original source
postfix/postfix-script: warning: /var/spool/postfix/etc/virtual.db have no
original source
пытаюсь отправить письмо из ms outlook express - в /var/log/maillog
Jan 11 15:20:05 test postfix/smtpd[10364]: connect from
unknown[192.168.1.25]
Jan 11 15:20:05 test postfix/smtpd[10364]: D1F6E1A0002:
client=unknown[192.168.1.25], sasl_method=LOGIN, sasl_username=test на regiongarant.ru
Jan 11 15:20:05 test postfix/cleanup[10366]: D1F6E1A0002:
message-id=<001301c4f7
e5$5f527f30$19901ed4 на salavatw2k>
Jan 11 15:20:05 test postfix/qmgr[10191]: D1F6E1A0002:
from=<salavat на test.region
garant.ru>, size=1309, nrcpt=1 (queue active)
Jan 11 15:20:05 test postfix/smtpd[10364]: disconnect from
unknown[192.168.1.25]
Jan 11 15:20:05 test postfix/lmtp[10369]: D1F6E1A0002:
to=<salavat на test.regionga
rant.ru>, orig_to=<salavat на regiongarant.ru>,
relay=/public/lmtp[/public/lmtp], d
elay=0, status=bounced (host /public/lmtp[/public/lmtp] said: 550-Mailbox
unknow
n. Either there is no mailbox associated with this 550-name or you do not
have
authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO
command))
Jan 11 15:20:05 test postfix/cleanup[10366]: E10211A0003:
message-id=<2005011112
2005.E10211A0003 на test.regiongarant.ru>
Jan 11 15:20:05 test postfix/qmgr[10191]: E10211A0003: from=<>, size=3347,
nrcpt
=1 (queue active)
Jan 11 15:20:05 test postfix/lmtp[10369]: E10211A0003:
to=<salavat на test.regionga
rant.ru>, relay=/public/lmtp[/public/lmtp], delay=0, status=bounced (host
/publi
c/lmtp[/public/lmtp] said: 550-Mailbox unknown. Either there is no
mailbox asso
ciated with this 550-name or you do not have authorization to see it. 550
5.1.1
User unknown (in reply to RCPT TO command))
Что еще крутить надо? У кого-нибудь это работает на ALT? Собирать все из
сорцов как советуют статьи в сети не хотелось бы.
--
Salavat Yarmukhametov
Jabber: salik на jabber.ru
ICQ: 21144441
Подробная информация о списке рассылки community