Vorraussetzung: postfix sasl

Empfohlen wird die Verwendung von SSL

• postfix ( SuSE )
• postfix sasl2-bin ( Debian ab 4.0 ):
• cyrus-sasl cyrus-sasl-plain (CentOS ab 7 )

/etc/postfix/main.cf :

smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
broken_sasl_auth_clients = yes

/etc/postfix/sasl/smtpd.conf : Debian (ab 3.1)

/etc/sasl2/smtpd.conf : openSuSE ( ab 11.4 ), CentOS (ab 4):

pwcheck_method: saslauthd
mech_list: plain login

Achtung: Problem mit Postfix-Chroot. Lösungsmöglichkeiten: Postfix smtpd aus Chroot entfernen, oder saslauthd Socket ins Chroot legen

postfix smtpd aus der chroot Umgebung entfernen. Ist bei CentOS und openSuSE ( 11.1 ) per default der Fall

/etc/postfix/master.cf :

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd

testsaslauthd  -s login -u username -p password

postfix smtpd in chroot Umgebung. Ist bei Debian ( 4.0 ) per default der Fall.

/etc/postfix/master.cf:

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd

/etc/default/saslauthd : (Debian 4.0)

OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
rm -r /var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd/ /var/run/saslauthd
adduser postfix sasl
/etc/init.d/saslauthd restart
/etc/init.d/postfix restart

mkdir -p /var/spool/postfix/var/run/
mv /var/run/sasl2 /var/spool/postfix/var/run/
ln -s /var/spool/postfix/var/run/sasl2 /var/run/sasl2

¹⁾

/etc/init.d/saslauthd restart
/etc/init.d/postfix restart

testsaslauthd -u username -p password -f /var/spool/postfix/var/run/saslauthd/mux

testsaslauthd -u username -p password -s login -f /var/spool/postfix/var/run/sasl2/mux

libsasl2-modules

/etc/postfix/main.cf :

smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
broken_sasl_auth_clients = yes

/etc/postfix/sasl/smtpd.conf : Debian (ab 3.1)

/usr/lib/sasl2/smtpd.conf: SuSE, CentOS (ab 4):

pwcheck_method: auxprop
mech_list: plain login cram-md5 digest-md5
auxprop_plugin: sasldb

adduser postfix sasl
saslpasswd2 -c -u $(postconf -h myhostname) kimba

/etc/postfix/main.cf :

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/relay-passwd

/etc/postfix/sasl/relay-passwd :

# postmap hash:/etc/postfix/sasl/relay-passwd
notebook12.linuxhotel.de kimba:uqu3Phoo

postmap hash:/etc/postfix/sasl/relay-passwd

Debian:

swaks oder libmime-perl oder metamail

swaks -f from@example.com -t to@example.com -s localhost -a -au nutzer14 -ap test -apt

Encodiertes Passwort erzeugen:

perl -MMIME::Base64 -e 'print encode_base64("iw\0iw\0passwort")'

oder:

echo -en "iw\0iw\0passwort" | mimencode

Authentifizierung testen:

netcat -v localhost 25
220 notebook12.linuxhotel.de ESMTP Postfix (Debian/GNU)
EHLO localhost
250-localhost
250-AUTH LOGIN PLAIN
AUTH PLAIN aXcAaXcAdGVzdA==
235 Authentication successful

/etc/postfix/main.cf :

smtpd_tls_auth_only = yes

• /usr/share/doc/sasl2-bin/README.Debian