SMTP認証
をテンプレートにして作成
[
トップ
] [
新規
|
一覧
|
検索
|
最終更新
|
ヘルプ
|
ログイン
]
開始行:
CONTENTS
#contents
----
Lastmodified &lastmod;
----
*SMTP認証 [#sa8edd4a]
【参考URL】[[FreeBSD 12 で自宅サーバ作成 メールサーバ編:...
【参考URL】[[Postfixのセキュリティ対策:https://www.criter...
【参考URL】[[FreeBSD、Apacheでサーバを構築して公開する:ht...
*cyrus-saslのインストール [#z2a3e92d]
SMTP認証にsasl認証を使用する。
# portinstall security/cyrus-sasl2
# portinstall security/cyrus-sasl2-saslauthd
cyrus-sasl2 インストール時に、オプションで OTP を外して...
postfix/smtpd[27109]: OTP unavailable because can't read...
と言うログが残ります。
[[Postfix logging some OTP related permission denied mess...
#ref(cyrus-sasl2-saslauthd.PNG)
*** Updated user `cyrus'. [#fa9a6d5e]
You can use sasldb2 for authentication, to add users use:
saslpasswd2 -c username
If you want to enable SMTP AUTH with the system Sendmail...
Sendmail.README
NOTE: This port has been compiled with a default pwcheck...
auxprop. If you want to authenticate your user by ...
PAM or LDAP, install ports/security/cyrus-sasl2-sas...
set sasl_pwcheck_method to saslauthd after installi...
Cyrus-IMAPd 2.X port. You should also check the
/usr/local/lib/sasl2/*.conf files for the correct
pwcheck_method.
If you want to use GSSAPI mechanism, install
ports/security/cyrus-sasl2-gssapi.
If you want to use SRP mechanism, install
ports/security/cyrus-sasl2-srp.
If you want to use LDAP auxprop plugin, install
ports/security/cyrus-sasl2-ldapdb.
*** cyrus-sasl2-saslauthd [#oa10f116]
====> Compressing man pages (compress-man)
===> Staging rc.d startup script(s)
===> Installing for cyrus-sasl-saslauthd-2.1.28
===> Checking if cyrus-sasl-saslauthd is already instal...
===> Registering installation for cyrus-sasl-saslauthd...
Installing cyrus-sasl-saslauthd-2.1.28...
To run saslauthd from startup, add saslauthd_enable="YES...
/etc/rc.conf.
===> SECURITY REPORT:
This port has installed the following files which ...
servers and may therefore pose a remote security r...
/usr/local/sbin/saslauthd
If there are vulnerabilities in these programs ther...
risk to the system. FreeBSD makes no guarantee abou...
ports included in the Ports Collection. Please type...
to deinstall the port if this is a concern.
For more information, and contact details about the...
status of this software, see the following webpage:
https://www.cyrusimap.org/sasl/
===> Cleaning for heimdal-7.8.0_6
===> Cleaning for cyrus-sasl-2.1.28
===> Cleaning for cyrus-sasl-saslauthd-2.1.28
**/etc/rc.conf [#p4db3ab2]
saslauthd_enable="YES"
saslauthd_flags="-a sasldb"
**saslauthd起動 [#sba0d34c]
/usr/local/etc/rc.d/saslauthd start
**SMTP AUTH設定 [#va7f222c]
/usr/local/lib/sasl2/smtpd.conf
pwcheck_method: auxprop
元記事はこうなっているが、現状、/usr/local/lib/sasl2/Send...
pwcheck_method: auxprop
となってて、同じ内様。両方設置しておくことにした。
**SMTP AUTHユーザー追加 [#y5e24553]
# saslpasswd2 -c -u Host_name user_name
Password:
Again (for verification):
sasldblistusers2
user_name@hobbit.ddo.jp: userPassword
この操作で /usr/local/etc/sasldb2.db が生成されるが、Hos...
**/usr/local/etc/sasldb2.db所有権変更 [#v492d28e]
/>chown cyrus:mail /usr/local/etc/sasldb2.db
/>chmod 640 /usr/local/etc/sasldb2.db
* Postfix [#i229361a]
BDB BLACKLISTD と SASL にチェック追加 ← とすると、****.d...
#ref(Postfix_show_config.PNG)
今度は、BLACKLISTD と SASL にチェック追加 でやってみる。
#ref(postfix_smtp_auth.PNG)
# portupgrade -rf --batch postfix
If you are using SASL, you need to make sure that postfi...
the sasldb file. This is accomplished by adding postfix...
making the /usr/local/etc/sasldb* file(s) readable by gr...
be the default for new installs).
===> SECURITY REPORT:
This port has installed the following binaries whic...
increased privileges.
/usr/local/sbin/postlog
This port has installed the following files which m...
servers and may therefore pose a remote security ri...
/usr/local/lib/postfix/libpostfix-util.so
If there are vulnerabilities in these programs ther...
risk to the system. FreeBSD makes no guarantee abou...
ports included in the Ports Collection. Please type...
to deinstall the port if this is a concern.
For more information, and contact details about the...
status of this software, see the following webpage:
https://www.postfix.org/
この段階で、postconf -a は
# postconf -a
cyrus
dovecot
となります。
***【付記】BDBオプションを追加した場合、Postfixの最初のne...
# newaliases
BDB0210 /etc/mail/aliases.db: metadata page checksum error
BDB1581 File handles still open at environment close
BDB1582 Open file handle: /etc/mail/aliases.db
BDB1582 Open file handle: /etc/mail/aliases.db
BDB1582 Open file handle: /etc/mail/aliases.db
BDB1582 Open file handle: /etc/mail/aliases.db
: : :
BDB1582 Open file handle: /etc/mail/aliases.db
BDB0210 /usr/local/mailman/data/aliases.db: metadata pag...
BDB1581 File handles still open at environment close
BDB1582 Open file handle: /usr/local/mailman/data/aliase...
BDB1582 Open file handle: /usr/local/mailman/data/aliase...
BDB1582 Open file handle: /usr/local/mailman/data/aliase...
: : :
BDB1582 Open file handle: /usr/local/mailman/data/aliase...
BDB1582 Open file handle: /usr/local/mailman/data/aliase...
BDB1582 Open file handle: /usr/local/mailman/data/aliase...
#
のような出力があった。postfix reload して再度 newaliases ...
多分、正常な動作だったのだろうけど、ちと焦った。(^_^;
**main.cf 設定 [#c8f2cc6e]
myhostname = mail.smb.net # コメント解除でホスト名指定
mydomain = smb.net # コメント解除でドメイン名指定
myorigin = $myhostname # コメント解除(送信元メール)
inet_interfaces = all # コメント解除(受信するネッ...
mydestination = $myhostname, localhost.$mydomain, localh...
mynetworks = 192.168.1.0/24, 127.0.0.0/8 # リレーを許可...
relay_domains = $mydestination # コメント解除(リレーを...
alias_maps = hash:/etc/aliases # コメント解除(エイリア...
alias_database = hash:/etc/aliases # コメント解除(エイリ...
# Cyrus-SASL configuration # 下記を追加(SASLによるSMTP...
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks, permit...
broken_sasl_auth_clients = yes
*起動 [#c7766114]
# service saslauthd start
Starting saslauthd.
# service postfix start
postfix/postfix-script: starting the Postfix mail system
*SMTP-AUTH の確認 [#ybe2857a]
【参考URL】[[Postfix で SMTP-AUTH を実現:http://www.milow...
SMTP-AUTH が正常に動作しているかを確認します。
具体的には Telnet で 25 番ポートにアクセスして確認します。
$ telnet localhost 25 <-- 入力し、エンター
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 www.miloweb.net ESMTP Postfix
EHLO localhost <-- EHLO localhostと入力
250-zdnet.hoge.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM...
250-AUTH=SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM...
250 8BITMIME
QUIT <-- 確認できたので、QUITコマンドで切断します
もし「 250-AUTH PLAIN LOGIN 」と表示されていれば、SMTP-AU...
Postfix のインストール手順を見直して、やり直さなければな...
**更に確認を進める [#ta6718c7]
http://linux.kororo.jp/cont/server/smtp_auth.php
# printf 'ユーザー名\0ユーザー名\0パスワード' | mmencode
で得られるBase64を用いてAUTH PLAIN (平文認証)認証出来る...
予め main.cf で
#smtp_sasl_security_options = noplaintext
とコメントアウトしておく。
$ telnet localhost 25 <-- 入力し、エンター
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 www.miloweb.net ESMTP Postfix
EHLO localhost <-- EHLO localhostと入力
250-zdnet.hoge.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM...
250-AUTH=SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM...
250 8BITMIME
AUTH PLAIN a29yb3JvAGtvcm9ybwBrb3JvMTgxNQ== <-- # prin...
235 Authentication successful
QUIT
221 Bye
Connection closed by foreign host.
** /var/log/all.log [#w07e9ccb]
postfix/smtpd[66015]: E4D824E6061: client=gw.kuji-clinic...
----
Total access &counter(total);:本日 &counter(today);:昨...
#counter([total|today|yesterday]);
終了行:
CONTENTS
#contents
----
Lastmodified &lastmod;
----
*SMTP認証 [#sa8edd4a]
【参考URL】[[FreeBSD 12 で自宅サーバ作成 メールサーバ編:...
【参考URL】[[Postfixのセキュリティ対策:https://www.criter...
【参考URL】[[FreeBSD、Apacheでサーバを構築して公開する:ht...
*cyrus-saslのインストール [#z2a3e92d]
SMTP認証にsasl認証を使用する。
# portinstall security/cyrus-sasl2
# portinstall security/cyrus-sasl2-saslauthd
cyrus-sasl2 インストール時に、オプションで OTP を外して...
postfix/smtpd[27109]: OTP unavailable because can't read...
と言うログが残ります。
[[Postfix logging some OTP related permission denied mess...
#ref(cyrus-sasl2-saslauthd.PNG)
*** Updated user `cyrus'. [#fa9a6d5e]
You can use sasldb2 for authentication, to add users use:
saslpasswd2 -c username
If you want to enable SMTP AUTH with the system Sendmail...
Sendmail.README
NOTE: This port has been compiled with a default pwcheck...
auxprop. If you want to authenticate your user by ...
PAM or LDAP, install ports/security/cyrus-sasl2-sas...
set sasl_pwcheck_method to saslauthd after installi...
Cyrus-IMAPd 2.X port. You should also check the
/usr/local/lib/sasl2/*.conf files for the correct
pwcheck_method.
If you want to use GSSAPI mechanism, install
ports/security/cyrus-sasl2-gssapi.
If you want to use SRP mechanism, install
ports/security/cyrus-sasl2-srp.
If you want to use LDAP auxprop plugin, install
ports/security/cyrus-sasl2-ldapdb.
*** cyrus-sasl2-saslauthd [#oa10f116]
====> Compressing man pages (compress-man)
===> Staging rc.d startup script(s)
===> Installing for cyrus-sasl-saslauthd-2.1.28
===> Checking if cyrus-sasl-saslauthd is already instal...
===> Registering installation for cyrus-sasl-saslauthd...
Installing cyrus-sasl-saslauthd-2.1.28...
To run saslauthd from startup, add saslauthd_enable="YES...
/etc/rc.conf.
===> SECURITY REPORT:
This port has installed the following files which ...
servers and may therefore pose a remote security r...
/usr/local/sbin/saslauthd
If there are vulnerabilities in these programs ther...
risk to the system. FreeBSD makes no guarantee abou...
ports included in the Ports Collection. Please type...
to deinstall the port if this is a concern.
For more information, and contact details about the...
status of this software, see the following webpage:
https://www.cyrusimap.org/sasl/
===> Cleaning for heimdal-7.8.0_6
===> Cleaning for cyrus-sasl-2.1.28
===> Cleaning for cyrus-sasl-saslauthd-2.1.28
**/etc/rc.conf [#p4db3ab2]
saslauthd_enable="YES"
saslauthd_flags="-a sasldb"
**saslauthd起動 [#sba0d34c]
/usr/local/etc/rc.d/saslauthd start
**SMTP AUTH設定 [#va7f222c]
/usr/local/lib/sasl2/smtpd.conf
pwcheck_method: auxprop
元記事はこうなっているが、現状、/usr/local/lib/sasl2/Send...
pwcheck_method: auxprop
となってて、同じ内様。両方設置しておくことにした。
**SMTP AUTHユーザー追加 [#y5e24553]
# saslpasswd2 -c -u Host_name user_name
Password:
Again (for verification):
sasldblistusers2
user_name@hobbit.ddo.jp: userPassword
この操作で /usr/local/etc/sasldb2.db が生成されるが、Hos...
**/usr/local/etc/sasldb2.db所有権変更 [#v492d28e]
/>chown cyrus:mail /usr/local/etc/sasldb2.db
/>chmod 640 /usr/local/etc/sasldb2.db
* Postfix [#i229361a]
BDB BLACKLISTD と SASL にチェック追加 ← とすると、****.d...
#ref(Postfix_show_config.PNG)
今度は、BLACKLISTD と SASL にチェック追加 でやってみる。
#ref(postfix_smtp_auth.PNG)
# portupgrade -rf --batch postfix
If you are using SASL, you need to make sure that postfi...
the sasldb file. This is accomplished by adding postfix...
making the /usr/local/etc/sasldb* file(s) readable by gr...
be the default for new installs).
===> SECURITY REPORT:
This port has installed the following binaries whic...
increased privileges.
/usr/local/sbin/postlog
This port has installed the following files which m...
servers and may therefore pose a remote security ri...
/usr/local/lib/postfix/libpostfix-util.so
If there are vulnerabilities in these programs ther...
risk to the system. FreeBSD makes no guarantee abou...
ports included in the Ports Collection. Please type...
to deinstall the port if this is a concern.
For more information, and contact details about the...
status of this software, see the following webpage:
https://www.postfix.org/
この段階で、postconf -a は
# postconf -a
cyrus
dovecot
となります。
***【付記】BDBオプションを追加した場合、Postfixの最初のne...
# newaliases
BDB0210 /etc/mail/aliases.db: metadata page checksum error
BDB1581 File handles still open at environment close
BDB1582 Open file handle: /etc/mail/aliases.db
BDB1582 Open file handle: /etc/mail/aliases.db
BDB1582 Open file handle: /etc/mail/aliases.db
BDB1582 Open file handle: /etc/mail/aliases.db
: : :
BDB1582 Open file handle: /etc/mail/aliases.db
BDB0210 /usr/local/mailman/data/aliases.db: metadata pag...
BDB1581 File handles still open at environment close
BDB1582 Open file handle: /usr/local/mailman/data/aliase...
BDB1582 Open file handle: /usr/local/mailman/data/aliase...
BDB1582 Open file handle: /usr/local/mailman/data/aliase...
: : :
BDB1582 Open file handle: /usr/local/mailman/data/aliase...
BDB1582 Open file handle: /usr/local/mailman/data/aliase...
BDB1582 Open file handle: /usr/local/mailman/data/aliase...
#
のような出力があった。postfix reload して再度 newaliases ...
多分、正常な動作だったのだろうけど、ちと焦った。(^_^;
**main.cf 設定 [#c8f2cc6e]
myhostname = mail.smb.net # コメント解除でホスト名指定
mydomain = smb.net # コメント解除でドメイン名指定
myorigin = $myhostname # コメント解除(送信元メール)
inet_interfaces = all # コメント解除(受信するネッ...
mydestination = $myhostname, localhost.$mydomain, localh...
mynetworks = 192.168.1.0/24, 127.0.0.0/8 # リレーを許可...
relay_domains = $mydestination # コメント解除(リレーを...
alias_maps = hash:/etc/aliases # コメント解除(エイリア...
alias_database = hash:/etc/aliases # コメント解除(エイリ...
# Cyrus-SASL configuration # 下記を追加(SASLによるSMTP...
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks, permit...
broken_sasl_auth_clients = yes
*起動 [#c7766114]
# service saslauthd start
Starting saslauthd.
# service postfix start
postfix/postfix-script: starting the Postfix mail system
*SMTP-AUTH の確認 [#ybe2857a]
【参考URL】[[Postfix で SMTP-AUTH を実現:http://www.milow...
SMTP-AUTH が正常に動作しているかを確認します。
具体的には Telnet で 25 番ポートにアクセスして確認します。
$ telnet localhost 25 <-- 入力し、エンター
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 www.miloweb.net ESMTP Postfix
EHLO localhost <-- EHLO localhostと入力
250-zdnet.hoge.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM...
250-AUTH=SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM...
250 8BITMIME
QUIT <-- 確認できたので、QUITコマンドで切断します
もし「 250-AUTH PLAIN LOGIN 」と表示されていれば、SMTP-AU...
Postfix のインストール手順を見直して、やり直さなければな...
**更に確認を進める [#ta6718c7]
http://linux.kororo.jp/cont/server/smtp_auth.php
# printf 'ユーザー名\0ユーザー名\0パスワード' | mmencode
で得られるBase64を用いてAUTH PLAIN (平文認証)認証出来る...
予め main.cf で
#smtp_sasl_security_options = noplaintext
とコメントアウトしておく。
$ telnet localhost 25 <-- 入力し、エンター
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 www.miloweb.net ESMTP Postfix
EHLO localhost <-- EHLO localhostと入力
250-zdnet.hoge.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM...
250-AUTH=SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM...
250 8BITMIME
AUTH PLAIN a29yb3JvAGtvcm9ybwBrb3JvMTgxNQ== <-- # prin...
235 Authentication successful
QUIT
221 Bye
Connection closed by foreign host.
** /var/log/all.log [#w07e9ccb]
postfix/smtpd[66015]: E4D824E6061: client=gw.kuji-clinic...
----
Total access &counter(total);:本日 &counter(today);:昨...
#counter([total|today|yesterday]);
ページ名:
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
