[[postfix:smtp-auth]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
postfix:smtp-auth [2006/03/21 21:34]
a created 		postfix:smtp-auth [2009/05/25 00:35] (current)
Line 2: Line 2:
 **''main.cf''** **''main.cf''**
   smtpd_recipient_restrictions =   smtpd_recipient_restrictions =
-          reject_unauth_pipelining, +  ... 
-          reject_non_fqdn_sender, +     permit_sasl_authenticated 
-          reject_non_fqdn_recipient, +  ... 
-          reject_unknown_sender_domain, +  
-          reject_unknown_recipient_domain, +
-          permit_mynetworks, +
-          permit_sasl_authenticated +
-          reject_unverified_sender +
-          reject_rbl_client relays.ordb.org +
-          reject_rbl_client list.dsbl.org, +
-          reject +
   smtp_use_tls = yes   smtp_use_tls = yes
   smtpd_tls_auth_only = no   smtpd_tls_auth_only = no
 +  
   tls_random_source = dev:/dev/urandom   tls_random_source = dev:/dev/urandom
   tls_daemon_random_source = $tls_random_source   tls_daemon_random_source = $tls_random_source
 +  
 +# [[How to make SSL key]] FIXME
   smtpd_tls_cert_file = /etc/ssl/certs/cert.pem   smtpd_tls_cert_file = /etc/ssl/certs/cert.pem
   smtpd_tls_key_file = /etc/ssl/certs/cert.key   smtpd_tls_key_file = /etc/ssl/certs/cert.key
   smtpd_use_tls = yes   smtpd_use_tls = yes
 +  
   smtpd_sasl_auth_enable = yes   smtpd_sasl_auth_enable = yes
   smtpd_sasl_security_options = noanonymous   smtpd_sasl_security_options = noanonymous
   smtp_sasl_security_options = noanonymous   smtp_sasl_security_options = noanonymous
   smtpd_sasl_local_domain =   smtpd_sasl_local_domain =
- 
  
 ==== sasl + pam-mysql (encrypted passwords in db) ==== ==== sasl + pam-mysql (encrypted passwords in db) ====
-==== the other way  ==== 
  
 +=== Installing the saslauthd and connection with pam.d ===
  
 +  # apt-get install libsasl2 libsasl2-modules libsasl2-modules-sql sasl2-bin
  
 +**''/etc/default/saslauthd''** 
 +   # This needs to be uncommented before saslauthd will be run automatically
 +   START=yes
 +   # You must specify the authentication mechanisms you wish to use.
 +   # This defaults to "pam" for PAM support, but may also include
 +   # "shadow" or "sasldb", like this:
 +   # MECHANISMS="pam shadow"
 +   MECHANISMS="pam"
 +
 +=== Postix-extra configuration ===
 +
 +**''/etc/posfix/sasl/smtpd.conf''**
 +   #minimum_layer: 0
 +   mech_list: plain login
 +   pwcheck_method: saslauthd
 +   #auto_transition: no
 +   saslauthd_path:/var/run/saslauthd/mux
 +
 +in this case you cannot use CRAM-MD5, DIGEST-MD5 password hashes, bause cannot they cannot be generated since the password are already oneway encripted in the database;
 +
 +=== pam.d-mysql ===
 +
 +   # apt-get install libpam-mysql
 +
 +**''/etc/pam.d/smtp''**   
 +   auth required pam_mysql.so host=<hostname> user=<username> passwd=<password> \
 +         db=postfix table=user   usercolumn=User passwdcolumn=Password crypt=1
 +   account required pam_mysql.so host=<hostname> user=<username> passwd=<password> \
 +         db=postfix table=user usercolumn=User passwdcolumn=Password crypt=1
 +
 +
 +==== the other way  ====
postfix/smtp-auth.1142973280.txt.gz · Last modified: 2009/05/25 00:34 (external edit)
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready