// 설치 //
1. yum install sendmail (centos5 설치시 기본설치되어있음)
2. yum install sendmail-cf ( m4 사용, sasl 설정을 위해 깔아야 함)
3. cyrus-sasl 패키지의 설치 확인. 안되어 있으면 설치
4. yum install dovecot ( pop3 서버 설치)
// 소스 설치 //
# wget http://dovecot.org/releases/1.1/dovecot-1.1.2.tar.gz
# tar xvfz dovecot-1.1.2.tar.gz
# cd dovecot-1.1.2
# ./configure --prefix=/usr --localstatedir=/var --with-pam --with-gssapi --with-mysql
# make
# make install
# cp /usr/etc/dovecot-example.conf /usr/etc/dovecot.conf
# groupadd -g 97 dovecot
# useradd -u 97 -g 97 -d /usr/libexec/dovecot -s /sbin/nologin dovecot
# vi /usr/etc/dovecot.conf
protocols = imap pop3
disable_plaintext_auth = no
ssl_disable = yes
protocol imap {
}
protocol pop3 {
}
auth default {
mechanisms = plain
passdb passwd {
}
passdb shadow {
}
userdb passwd {
}
user = root
}
plugin {
}
mail_privileged_group = mail
// 실행 스크립트 //
# vi /etc/rc.d/init.d/dovecot
#!/bin/bash
#
# /etc/rc.d/init.d/dovecot
#
# Starts the dovecot daemon
#
# chkconfig: - 65 35
# description: Dovecot Imap Server
# processname: dovecot
# Source function library.
. /etc/init.d/functions
test -x /usr/sbin/dovecot || exit 0
RETVAL=0
prog="Dovecot Imap"
start() {
echo -n $"Starting $prog: "
daemon /usr/sbin/dovecot
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/dovecot
echo
}
stop() {
echo -n $"Stopping $prog: "
killproc /usr/sbin/dovecot
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/dovecot
echo
}
#
# See how we were called.
#
case "$1" in
start)
start
;;
stop)
stop
;;
reload|restart)
stop
start
RETVAL=$?
;;
condrestart)
if [ -f /var/lock/subsys/dovecot ]; then
stop
start
fi
;;
status)
status /usr/sbin/dovecot
RETVAL=$?
;;
*)
echo $"Usage: $0 {condrestart|start|stop|restart|reload|status}"
exit 1
esac
exit $RETVAL
# chmod 700 /etc/rc.d/init.d/dovecot
# chkconfig --add dovecot
# chkconfig --level 345 dovecot on
# /etc/init.d/dovecot start|stop|restart
// sendmail 설정 //
1. vi /etc/mail/sendmail.cf
-> #Cwlocalhost (주석처리)
-> DaemonPortOption=port=stmp,Name=MTA
2. vi /etc/mail/local-host-names
-> localhost
-> example.com.kr
-> example.comm 등 메일서버의 도메인명 기록
3. vi /etc/mail/access
-> localhost.localdomain RELAY
-> localhost RELAY
-> example.co.kr RELAY
-> mail.example.co.kr RELAY
-> example.com RELAY
-> mail.example.com RELAY
... 등 메일서버 이용을 허용하는 도메인 또는 IP주소
4. makemap hash /etc/mail/access < /etc/mail/access (access.db 생성)
makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable
makemap hash /etc/mail/domaintable < /etc/mail/domaintable
makemap hash /etc/mail/mailertable < /etc/mail/mailertable
5. service sendmail start
// sasl 설정 //
1. vi /etc/mail/sendmail.mc
-> dnl 주석풀기
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
-> Daemon_Option ('port=smtp,Addr=0.0.0.0,Name=MTA')dnl
2. m4 /etc/mail/sendmail.mc > /etc/sendmail.cf (sendmail.cf 파일 재 생성, sendmail-cf 필요)
3. vi /etc/mail/sendmail.cf
-> #Cwlocalhost (주석처리) -> Cw"도메인이름"
-> /var/spool/mqueue/q* 설정 (/var/spool/mqueue 밑에 q1~q10 멀티큐 폴더 생성)
4. service sendmail restart
5. service saslauthd restart
6. telnet localhost 25
-> ehlo localhost
auth Login Plain 나오면 성공
7. /etc/sysconfig/saslauthd 에서 MECH=pam 으로 설정
// pop3 서버 구축(dovecot 추천) //
환경설정
1. vim /etc/dovecot.conf
-> protocols = imap imaps pop3 pop3s (주석풀고 설정)
-> listen = [::]
서비스추가
2. ntsysv -> dovecot 서비스 체크
서비스 실행
3. service dovecot start
// 서비스 동작 확인 //
1. telnet localhost 110
-> user myid(계정명)
+OK Password required for myid.
-> pass 1234(패스워드)
+OK myid has 0 visible messages (0 hidden) in 0 octets.
-> quit
// 관리자 계정 추가(master@aaa.com, webmaster@aaa.com) //
1. adduser webmaster
2. passwd webmaster
3. vi /etc/aliases
-> 맨아래 # Person who should get root's mail
root: myid,webmaster (주석풀고 계정명 추가, root계정으로 오는메일을 myid,webmaster계정도 받아볼수 있음)
4. cd /etc
5. makemap hash aliases < aliases (aliases.db생성)
6. 확인 : strings /etc/aliases.db | grep 계정명
참고) 디렉토리 생성없이 계정만 추가 : adduser -M 계정명
디렉토리 삭제동반하는 계정삭제 : userdel -r 계정명
출처 : http://blog.naver.com/mirazi9
setting & testing saslauthd
Release Found:Red Hat Enterprise Linux 3
Postfix can be configured to relay mail for users at remote locations with a valid username and password combination. Following this guide will allow Authenticated SMTP and passwords to be sent in plain text. A secure transport layer should be implemented to ensure that usernames and passwords can not be eavesdropped while in transit
Authenticated SMTP requires users who are not in the "mynetwork" directive within /etc/postfix/main.cf to supply a valid username and password before the mail server will forward mail.
This configuration requires Postfix to be installed and be configured to accept incoming mail on an Internet facing interface.
- Open /etc/postfix/main.cf with your editor and add the line smtpd_sasl_auth_enable = yes
smtpd_sasl_auth_enable = yes
This line informs Postfix to enable SMTP AUTH when users not in the mynetwork directive attempt to send mail using this Postfix mail server to users not in the domain which Postfix has been configured to listen on.
- Also in /etc/postfix/main.cf, add smtpd_sasl_security_options=noanonymous
smtpd_sasl_security_options=noanonymous
This disables anonymous style logins for SMTP AUTH. Without this line anyone will be able to use your machine as an open relay.
- Again in /etc/postfix/main.cf, add the smtpd_recipient_restrictions as specified below:
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_relay_domains
This line sets the restrictions for clients attempting to relay mail through your mail server.
- Edit /etc/sysconfig/saslauthd and set the value of MECH (Abbrevition of the word mechanism) to pam:
MECH=pam
Setting this value to pam, sets saslauthd to use the local Plugguable Authentication Modules (PAM) subsystem to validate each username and password.
- Ensure that saslauthd will start on boot by adding it to the third and fifth runlevels.
/sbin/chkconfig --level 35 saslauthd on
- Start or restart the saslauthd service:
/sbin/service saslauthd start
/sbin/service saslauthd restart
- Finally start or restart Postfix:
/sbin/service postfix start
/sbin/service postfix restart
The Postfix server should now be started and allow relaying of mail from authenticated clients. You can confirm this by connecting to the mail server using the telnet application.
Most communication with the mail server can be done in plain text, but the authentication information must be encoded in Base64.
You can generate this information by modifying the line below, replacing the username and password with a valid username and password that can be authenticated by the Postfix server.
perl -MMIME::Base64 -e 'print encode_base64("username\0username\0password");'
|
Do not loose the generated string as it will be used shortly.
Authentication can be tested by connecting to the mail server with telnet and manually entering the SMTP information.
In the example below the section in bold is what should be typed. Replace the string after AUTH PLAIN with the Base64 string created above
|
The line "250-AUTH PLAIN LOGIN GSSAPI DIGEST-MD5 CRAM-MD5" shows that the Postfix server allows users to authenticate.
For more information, visit the Red Hat Postfix HOWTO.
참고 사이트 : http://wiki.dovecot.org/
댓글