Centos 6 安裝 postfix + sasl 流程 (包含 saslauthd relay gmail
PS:適用在google cloud 主機上,原因為google cloud 主機上無法使用一般的smtp server發信怕大家架設mail server狂送垃圾信件拔,故要在google cloud主機上使用自己架設的smtp寄信功能,就要使用relay gmail 設定。
一、安裝Postfix:
1.移除sendmail安裝postfix
#/etc/init.d/sendmail stop //停用sendmail
#yum install postfix //安裝postfix
#rpm -e sendmail //移除sendmail
#service postfix start //啟動postfix服務
#chkconfig postfix on //開機啟動postfix
2. postfix設定:
版本: postfix- 2.6.6-2.1.el6.i686
設定檔位置 /etc/postfix/main.cf
設定 postfix 可接收外部連線
#vi /etc/postfix/main.cf //加入下面設定
==================================================
inet_interfaces = all //這一行#號拿掉
inet_interfaces = localhost //這行前面加上#號註解
mydomain = mail.com
myhostname = mail.test.com
mydestination = $myhostname, localhost.$mydomain, localhost, mydomain
mynetworks = 168.100.189.0/28, 127.0.0.0/8
==================================================
#service postfix restart //重新啟動postfix服務
測試連線:
# telnet 127.0.0.1 25
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
220 pororo.no-ip.org ESMTP Postfix
quit 離開
以上表示postfix成功。
3. 設定postfix SMTP 驗證 (SASL):
安裝 cyrus-sasl-md5 cyrus-sasl-plain cyrus-sasl 套件
#yum -y install cyrus-sasl-md5 cyrus-sasl-plain cyrus-sasl
#vi /etc/postfix/main.cf //加入下面設定
==================================================
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
==================================================
設定 SASL
#vi /etc/sysconfig/saslauthd //加入下面設定
==================================================
MECH=PAM
==================================================
#vim /etc/sasl2/smtpd.conf //加入下面設定
==================================================
log_level: 3
pwcheck_method: saslauthd
mech_list: plain login
==================================================
#chkconfig saslauthd on #設定開機啟動
#service saslauthd restart #啟動saslauthd服務
利用telnet 測式smtp認證功能是否生效(要有出現LOGIN PLAIN才算):
# telnet 127.0.0.1 25
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
220 pororo.no-ip.org ESMTP Postfixehlo localhost
[輸入字串] ehlo localhost,就會出現 plan login字串。
250-mail2.pmail.idv.tw
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
4. 使用 postfix + saslauthd relay gmail方式:
<1># vim /etc/postfix/main.cf
==================================================
myhostname = smtp.mail.com.tw
mydomain = mail.com.tw
myorigin = $myhostname
mynetworks = 10.0.0.0/8 127.0.0.0/8
relay_domains = $mydestination
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost = [smtp.gmail.com]:587
smtp_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
==================================================
<2># vim /etc/postfix/sasl_passwd
==================================================
[smtp.gmail.com]:587 username@gmail.com:password
==================================================
//使用 postmap 產生 sasl_passwd.db 檔, 然後再重新載入 postfix
# postmap /etc/postfix/sasl_passwd
修改權限 (一定要修改不然會有問題)
# chmod 600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
<3># vim /etc/postfix/tls_policy
==================================================
[smtp.gmail.com]:587 encrypt
==================================================
# postmap /etc/postfix/tls_policy
<4># service postfix check --> 檢查postfix
<5># testsaslauthd -s smtp -u linus@mitac.com.tw -p password --> 測試認證。
5. 使用指令測試mail server 是否有正常寄信:
A - telnet command 測試寄信:(由其他主機測試mail Server 功能)
#telnet mailserver_IP 25
<a> MAIL FROM:username@gmail.com
<b> RCPT TO:mail_B@yahoo.com.tw
<c> DATA //輸入以下字串(. 一定要輸入,代表輸入內容已完成的意思)
Subject:test message
This is testing
.
寄信完成。去收信看看有無收到信件。
B - smtp server command 測試寄信:(由本機mail server 測試寄信)
#mail mail_B@yahoo.com.tw
Subject: test-mail server smtp
This is a test mail server email.
bye bye !
.
寄信完成。去收信看看有無收到信件。