Based on FreeBSD 7.0 Release, Postfix+SASL2+POPA3D
时间:2008-07-04 07:36:28 类别:FreeBSD 作者:kaneintku
前言:
玩了整整一個星期了,
終於先把最傳統的走25及110port的mail server架出來了。
等掃毒、擋垃圾信及網路郵局也OK之後,
再好好研究如何加入TLS走465及995port吧!
不過,我猜可能得重灌好幾次FreeBSD吧?!(還不見得試得出來...)
1.安裝postfix:
#cd /usr/ports/mail/postfix
#make install clean
選擇
[x]SASL2 //選此項及會安裝cyrus-sasl2
[x]TLS
[x]BDB
[x]test server
於FreeBSD 5.x 版以前,安裝postfix時選擇SASL2均會跳出一子視窗詢問是否要安裝pwcheck,
但我試過postfix(2.5版)及postfix-current(2.6版)均沒有出現...
安裝postfix一半時均會出現兩訊息:
You need user "postfix" added to group "mail".Would you like me to add it [y]? //選 y
Would you like to activate Postfix in /etc/mail/mailer.conf [n]?//選y
2.安裝SMTP認證軟體cyrus-sasl2-saslauthd:
#cd /usr/ports/security/cyrus-sasl2-saslauthd
#make install clean
選擇
[x]Berkly DB
[x]openLDAP
3.安裝POP3軟體:
#cd /usr/ports/mail/popa3d
#make install clean
4.設定:
1.編輯/etc/rc.conf
sendmail_enable="NONE"
postfix_enable="YES"
saslauthd_enable="YES"
2.檢視/usr/local/etc中sasldb2.db權限
#ll
-rw-r----- 1 cyrus mail 16384 7 4 10:34 sasldb2.db
為了讓postfix有權限使用sasldb2.db以認證,
編輯/etc/group
cyrus:*:60:postfix
3.編輯/usr/local/etc/postfix/mail.cf
myhostname = your server's D.N.
mydomain = your server's domain
myorigin = $myhostname
mydestination = $myhostname
mynetworks_style = host
mynetworks = 127.0.0.0/8, $myhostname
relay_domains = $mydestination
alias_maps = hash:/etc/aliases
#home_mailbox = Mailbox
#home_mailbox = Maildir/ //目前嘗試,若指定於家目錄存放mail,outlook等MUA收不到信,故註解此兩行
mail_spool_directory = /var/mail //因此指定mail存放地點為/var/mail之各使用者名稱檔中
smtpd_banner = $myhostname ESMTP
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable= yes
smtpd_sasl_security_options= noanonymous
smtpd_sasl_local_domain =
smtpd_recipient_restrictions = permit_sasl_authenticated, check_relay_domains
#smtpd_client_restrictions = reject_rbl_client dialup.ecenter.idv.tw, reject_rbl_client relays.ordb.org, reject_rbl_client spam.ecenter.idv.tw, reject_rbl_client or.ecenter.idv.tw
//若本身IP於relays.ordb.org黑名單中,將寄不出mail,故將此行註解。此行為使用 dnsbl (DNS Black-List)機制減少垃圾信。dnsbl(DNS black-list),簡單來說為一份列管垃圾信件 IP 的清單,當這些垃圾信要寄信到你的主機時,若你的主機有設定 dnsbl 功能,則你的 mail 主機會到相關的 dnsbl 主機去查尋寄信來的 ip 是否在其 DNS Black-List 資料庫中,如果檢查後發現在清單中則會將此封信擋下來。
4.編輯master.cf
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
//smtps以465ports提供outlook加密傳輸,待TLS功能works後再嘗試
5.製作aliases.db檔
#postalias /etc/aliases
6.於/usr/local/lib/sasl2目錄新增一名為smtpd.conf檔,內容為:
pwcheck_method: saslauthd
mechlist: plain login crammd5 digestmd5
7.修改saslauthd
saslauthd_flags=${saslauthd_flags:-"-a pam"} //modify this line into
saslauthd_flags=${saslauthd_flags:-"-a getpwent"}
8.重新啟動postfix及saslauthd服務
9.ps -aux | grep saslauthd //檢視saslauthd
452 0.0 0.2 6312 2076 ?? Is 11:03上午 0:00.00 /usr/local/sbin/saslauthd -a getpwent
461 0.0 0.2 6312 2228 ?? I 11:03上午 0:00.00 /usr/local/sbin/saslauthd -a getpwent
462 0.0 0.2 6312 2228 ?? I 11:03上午 0:00.00 /usr/local/sbin/saslauthd -a getpwent
463 0.0 0.2 6312 2228 ?? I 11:03上午 0:00.00 /usr/local/sbin/saslauthd -a getpwent
465 0.0 0.2 6312 2076 ?? I 11:03上午 0:00.00 /usr/local/sbin/saslauthd -a getpwent
10.確認有出現以下紅色兩行
#telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 your server's D.N. ESMTP
ehlo localhost
250-your server's D.N.
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
250-AUTH=NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
11.編輯/etc/inetd.conf
pop3 stream tcp nowait root /usr/local/libexec/popa3d popa3d
12.測試110port
#telnet 127.0.0.1 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK
quit
+OK
Connection closed by foreign host.
最後於outlook"我的伺服器需要驗證"打勾即可寄信及收信了。
P.S.原本想使用postfix+SASL2+TLS+Courier-imap,(465及995port)
但目前卡在openssl於FreeBSD 7.0 Release版的資料太少,
因此先玩玩postfix+SASL2+POPA3D,(傳統25及110走明碼port)
給自己有點信心些。
下一步,
Mailscanner+ClamAV+Spamassassin+Openwebmail,
希望會成功。
等成功後,
就準備一天到晚在重灌FreeBSD了(只為了嘗試出TLS...)。
