smtp-auth メモ (telnetでEHLO)

sasl認証(SMTP_AUTH, RFC2554)

ここを参考に

http://centossrv.com/postfix.shtml

あと、今すぐ実践! Linux システム管理 Vol.211 も重要でございます。
SASLについてはこちら
http://d.hatena.ne.jp/toshi_hirasawa/20111107/1320619434

[root@cent5-64b-40 postfix]# diff main.cf.orig main.cf
107c107
< #inet_interfaces = all
---
> inet_interfaces = all
110c110
< inet_interfaces = localhost
---
> #inet_interfaces = localhost
155c155
< mydestination = $myhostname, localhost.$mydomain, localhost
---
> mydestination = $myhostname, localhost.$mydomain, localhost hirasawa.local
255a256
> mynetworks = 168.100.189.0/28, 127.0.0.0/8 192.168.1.0/24
667a669,676
> 
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_recipient_restrictions =
>     permit_mynetworks
>     permit_sasl_authenticated
>     reject_unauth_destination
> 
[root@cent5-64b-40 postfix]#


つづいて

[root@cent5-64b-40 postfix]# /etc/init.d/postfix restart
postfix を停止中:                                          [  OK  ]
postfix を起動中:                                          [  OK  ]
[root@cent5-64b-40 postfix]# 
[root@cent5-64b-40 postfix]# /etc/init.d/saslauthd start
saslauthd を起動中:                                        [  OK  ]
[root@cent5-64b-40 postfix]# 
[root@cent5-64b-40 postfix]# chkconfig saslauthd on
[root@cent5-64b-40 postfix]# chkconfig --list | grep saslauth
saslauthd      	0:off	1:off	2:on	3:on	4:on	5:on	6:off
[root@cent5-64b-40 postfix]#


違うサーバだけど次のような感じで見えるはず

[root@cent6-64-38 ~]# ps -ef | grep sasl
root      1926     1  0 11:52 ?        00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
root      1928  1926  0 11:52 ?        00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
root      1929  1926  0 11:52 ?        00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
root      1930  1926  0 11:52 ?        00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
root      1931  1926  0 11:52 ?        00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
root      2203  2156  0 11:55 pts/0    00:00:00 grep sasl
[root@cent6-64-38 ~]#

ディフォでpamを使うからsaslauthdの設定はいじんなくてもいいんだな、きっと

テストしてみる

[hirasawa@cent5-64b-40 ~]$ telnet 192.168.1.40 25
Trying 192.168.1.40...
Connected to cent5-64b-40 (192.168.1.40).
Escape character is '^]'.
220 cent5-64b-40.localdomain ESMTP Postfix
EHLO localhost
250-cent5-64b-40.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH DIGEST-MD5 PLAIN CRAM-MD5 LOGIN  < こんだけの認証方法をサポート
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN                    < LOGINで認証する。
334 VXNlcm5hbWU6
xxxxxxxxxxxx                  < echo -n yourname | nkf -MB
334 UGFzc3dvcmQ6
xxxxxxxxxxxx                  < echo -n yourpass | nkf -MB
235 2.0.0 Authentication successful

うまく行ったみたいですな
よかったよかった

ちなみに

[root@cent5-64b-40 mail]# echo -n VXNlcm5hbWU6 | base64 -d
Username:

[root@cent5-64b-40 mail]# echo -n UGFzc3dvcmQ6 | base64 -d
Password:

ってことですよ。