Postfix can be configured to relay mail for users at remote locations with a valid username and password combination. Following this guide will allow Authenticated SMTP and passwords to be sent in plain text. A secure transport layer should be implemented to ensure that usernames and passwords can not be eavesdropped while in transit.
Authenticated SMTP requires users who are not in the "mynetwork" directive within /etc/postfix/main.cf to supply a valid username and password before the mail server will forward mail.
This configuration requires Postfix to be installed and be configured to accept incoming mail on an Internet facing interface.
smtpd_sasl_auth_enable = yes |
smtpd_sasl_security_options=noanonymous |
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,reject_unauth_destination, check_relay_domains |
MECH=pam |
/sbin/chkconfig --level 35 saslauthd on |
/sbin/service saslauthd start/sbin/service saslauthd restart |
/sbin/service postfix start/sbin/service postfix restart |
The Postfix server should now be started and allow relaying of mail from authenticated clients. You can confirm this by connecting to the mail server using the telnet application.
Most communication with the mail server can be done in plain text, but the authentication information must be encoded in Base64.
You can generate this information by modifying the line below, replacing the username and password with a valid username and password that can be authenticated by the Postfix server.
perl -MMIME::Base64 -e 'print encode_base64("usernameusernamepassword");'
It should produce a string similar to the format below.
dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ= |
Do not loose the generated string as it will be used shortly.
Authentication can be tested by connecting to the mail server with telnet and manually entering the SMTP information.
In the example below the section in bold is what should be typed. Replace the string after AUTH PLAIN with the Base64 string created above
# telnet mail.example.com 25Trying 127.0.0.1...Connected to mail.example.com (123.123.123.123).Escape character is '^]'.220 mail.example.com ESMTP PostfixEHLO anotherhost.com 250-mail.example.com250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-STARTTLS250-AUTH PLAIN LOGIN GSSAPI DIGEST-MD5 CRAM-MD5250-XVERP250 8BITMIMEAUTH PLAIN dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ= 235 Authentication successfulQUIT 221 Bye |
The line "250-AUTH PLAIN LOGIN GSSAPI DIGEST-MD5 CRAM-MD5" shows that the Postfix server allows users to authenticate.
For more information, visit the Red Hat Postfix HOWTO.
Ý kiến bạn đọc
Những tin mới hơn
Những tin cũ hơn
Sứ mệnh của dự án Fedora là tập hợp, dẫn dắt các tiến bộ của phần mềm và nội dung tự do nguồn mở trong một cộng đồng hợp tác, thông qua việc: Không ngừng phấn đấu để luôn đi đầu Không ngừng tìm tòi, sáng tạo, vươn lên và truyền bá phần mềm và nội dung tự do Chia sẻ thành công với toàn thể cộng...