Dies ist eine alte Version des Dokuments!
SASL-Authentifizierung beim Postfix MTA 2.11 unter CentOS 7
https://tools.ietf.org/html/rfc4422
http://de.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer
SASL mit cyrus-sasl
SASL mit Dovecot
Konfigurationsänderungen aktivieren
# systemctl reload postfix
Verbindung testen
# telnet ::1 25
Trying ::1... Connected to ::1. Escape character is '^]'. 220 mx01.nausch.org ESMTP Postfix EHLO foo 250-mx01.nausch.org 250-PIPELINING 250-SIZE 52428800 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 250-ENHANCEDSTATUSCODES 250 8BITMIME quit 221 2.0.0 Bye Connection closed by foreign host.
# swaks --to django@nausch.org --from michael@nausch.org --auth CRAM-MD5 --auth-user michael@nausch.org --header-X-Test "test email" --server 10.0.0.87
Password: DAx1d13g31l354u!
=== Trying 10.0.0.87:25... === Connected to 10.0.0.87. <- 220 mx01.nausch.org ESMTP Postfix -> EHLO vml000087.dmz.nausch.org <- 250-mx01.nausch.org <- 250-PIPELINING <- 250-SIZE 52428800 <- 250-ETRN <- 250-STARTTLS <- 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 <- 250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 <- 250-ENHANCEDSTATUSCODES <- 250-8BITMIME <- 250 DSN -> AUTH CRAM-MD5 <- 334 PDk2Mjk5MjQ4Njc5ODA2FucKMzQuMTQxNxNzE1M0B2bWwMAwNzcuZG16Lm5hdXNjaC5vcmc+ -> bWljaGFlbEBuYXVzY2gub3JnIDg5Y0uOTQzNjAyMmM0NWM2NT0NDc2ZGQMzg0ZmI2WVl <- 235 2.7.0 Authentication successful -> MAIL FROM:<michael@nausch.org> <- 250 2.1.0 Ok -> RCPT TO:<django@nausch.org> <- 250 2.1.5 Ok -> DATA <- 354 End data with <CR><LF>.<CR><LF> -> Date: Mon, 27 Oct 2014 14:39:08 +0100 -> To: django@nausch.org -> From: michael@nausch.org -> Subject: test Mon, 27 Oct 2014 14:39:08 +0100 -> X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/ -> X-Test: test email -> -> This is a test mailing -> -> . <- 250 2.0.0 Ok: queued as 02E93C00088 -> QUIT <- 221 2.0.0 Bye === Connection closed with remote host.
# less /var/log/maillog
Oct 27 14:39:13 vml000087 postfix/smtpd[23030]: connect from vml000087.dmz.nausch.org[10.0.0.87] Oct 27 14:39:14 vml000087 postfix/smtpd[23030]: 02E93C00088: client=vml000087.dmz.nausch.org[10.0.0.87], sasl_method=CRAM-MD5, sasl_username=michael@nausch.org Oct 27 14:39:14 vml000087 postfix/cleanup[23034]: 02E93C00088: message-id=<20141027133914.02E93C00088@mx01.nausch.org> Oct 27 14:39:14 vml000087 postfix/qmgr[22988]: 02E93C00088: from=<michael@nausch.org>, size=502, nrcpt=1 (queue active) Oct 27 14:39:14 vml000087 postfix/smtpd[23030]: disconnect from vml000087.dmz.nausch.org[10.0.0.87] Oct 27 14:39:14 vml000087 postfix/lmtp[23035]: 02E93C00088: to=<django@nausch.org>, relay=10.0.0.77[10.0.0.77]:24, delay=0.27, delays=0.08/0.06/0.04/0.09, dsn=2.0.0, status=sent (250 2.0.0 <django@nausch.org> vCxFCAJLTlTpXAAArK2B9Q Saved) Oct 27 14:39:14 vml000087 postfix/qmgr[22988]: 02E93C00088: removed
Paketfilter
# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="10.0.0.87/32" port protocol="tcp" port="3659" destination address="10.0.0.77/32" accept"
# firewall-cmd --reload
# iptables -nvL IN_public_allow
Chain IN_public_allow (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 10.0.0.87 10.0.0.77 tcp dpt:3659 ctstate NEW
0 0 ACCEPT tcp -- * * 10.0.0.87 10.0.0.77 tcp dpt:24 ctstate NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
django