环境:

  • Ubuntu : 12.04.1
  • Postfix : 2.9.3

安装命令:

sudo apt-get install postfix

选择No configuation, 安装完后会自动创建postfix用户和组,

sudo cp /usr/share/postfix/main.cf.debian /etc/postfix/main.cf

让postfix实用SASL (saslauthd)做用户验证

编辑/etc/postfix/sasl/smtpd.conf

pwcheck_method: saslauthd
mech_list: plain login

生成ca key

touch smtpd.key
chmod 600 smtpd.key
openssl genrsa 1024 > smtpd.key
openssl req -new -key smtpd.key -x509 -days 3650 -out smtpd.crt # has prompts
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 # has prompts
sudo mv smtpd.key /etc/ssl/private/
sudo mv smtpd.crt /etc/ssl/certs/
sudo mv cakey.pem /etc/ssl/private/
sudo mv cacert.pem /etc/ssl/certs/

编辑/etc/postfix/main.cf, 修改myhostname

smtpd_banner = $myhostname ESMTP unknown

省略...

inet_interfaces = 127.0.0.1

myhostname = example.com
mynetworks = 127.0.0.0/8
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

安装saslauthd

sudo apt-get install libsasl2-2 sasl2-bin libsasl2-modules

编辑/etc/default/saslauthd,修改START=yes, 加上PWDIR, PARAMS, 和PIDFILE, 修改最后的OPTIONS

START=yes

PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"

MECHANISMS="pam" #这个默认就是,应该不用改

OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

然后我们更新/var/spool/postfix/var/run/saslauthd的state

sudo dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd

会出现以下警告,不用管,因为当启动saslauthd时,这个文件就会创建。

dpkg-statoverride: warning: --update given but /var/spool/postfix/var/run/saslauthd does not exist

启动saslauthd服务

sudo service saslauthd start

重启postfix服务

sudo /etc/init.d/postfix reload

测试

先启动postfix服务,

sudo service postfix start

telnet localhost 25

如果有以下内容,就ok了

250-STARTTLS
250-AUTH

添加email用户noreply

sudo useradd -s /sbin/nologin noreply
sudo passwd noreply

参考:

  • https://help.ubuntu.com/community/Postfix