archlinux SBS--mail server(2):postfix SMTP server with cyrus SASL2(下)
13:08 , vkill
最后修改20081011 --by:vkill
postfix SMTP server with cyrus SASL2 (下)
环境:
2.6.25-ARCH postfix-2.5.3 cyrus-sasl 2.1.22 mysql 5.0.60 pam_mysql-0.7RC1
验证架构三:外部数据库之mysql数据库
mysql数据库连接信息和数据信息如下:(bbb用户密码为123456,经md5加密)
[root@myhost ~]# mysql -u vmail -ppass123456 vmail
mysql> describe users;
+--------+-----------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+--------+-----------+------+-----+---------+-------+
| userid | char(16) | NO | | NULL | |
| password | char(48) | NO | | NULL | |
| domain | char(255) | NO | | NULL | |
+--------+-----------+------+-----+---------+-------+
mysql> select * from users;
+------+----------------------------------+--------+--------+
| userid | password | domain |
+------+----------------------------------+--------+--------+
| aaa | 123456 | mail.test.net |
| bbb | e10adc3949ba59abbe56e057f20f883e | mail.test.net |
+------+----------------------------------+--------+--------+
####bbb用户 password字段使用了md5()函数,原始密码都是123456
一、使用cyrus SASL自带的sql (smtp-->cyrus SASL)
此方法的不好之处是数据库中密码只能为明文,不可md5 sha1等加密
1、修改smtpd配置文件
[root@myhost ~]# vi /etc/sasl2/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql
sql_engine: mysql
sql_database: vmail
sql_user: vmail
sql_passwd: pass123456
sql_select: select password from users where userid='%u' and domain='%r'
2、测试aaa用户是否可以smtp发信,但此时bbb用户不能发,因为它的密码是经过md5加密的
[root@myhost ~]# /etc/rc.d/postfix restart
[root@myhost ~]# ktelnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mail.test.net ESMTP Postfix
ehlo aaa
250-mail.test.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
YWFhQG1haWwudGVzdC5uZXQ= //用户名aaa@mail.test.net base64编码后
334 UGFzc3dvcmQ6
MTIzNDU2 //密码123456 base64编码后
235 2.7.0 Authentication successful
quit
221 2.0.0 Bye
Connection closed by foreign host.
二、使用pam_mysql (smtp-->cyrus SASL-->pam_mysql)
此方法的好处是数据库中的密码可加密,支持md5 sha1等
1、修改smtpd配置文件
[root@myhost ~]# vi /etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
saslauthd_path:/var/run/saslauthd/mux
2、启动saslauthd,archlinux的启动脚本是#/etc/rc.d/saslauthd start,启动参数在/etc/conf.d/saslauthd中
[root@myhost ~]# /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -r
3、创建smtp pam文件
[root@myhost ~]# vi /etc/pam.d/smtp
#/etc/pam.d/smtp
auth required pam_mysql.so config_file=/etc/security/pam_vmail_mysql.conf
account required pam_mysql.so config_file=/etc/security/pam_vmail_mysql.conf
创建smtp pam_mysql配置文件
[root@myhost ~]# vi /etc/security/pam_vmail_mysql.conf
users.host=localhost
users.database=vmail
users.db_user=vmail
users.db_passwd=pass123456
users.table=users
users.user_column=concat(userid,'@',domain)
users.password_column=password
users.password_crypt=3 //Use plain hex MD5
verbose=1 //记录调试日志
4、测试bbb用户是否可以smtp发信
[root@myhost ~]# /etc/rc.d/postfix restart
[root@myhost ~]# ktelnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mail.test.net ESMTP Postfix
ehlo aaa
250-mail.test.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 OTP PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
YmJiQG1haWwudGVzdC5uZXQ= //用户名bbb@mail.test.net base64编码后
334 UGFzc3dvcmQ6
MTIzNDU2 //密码123456 base64编码后
235 2.7.0 Authentication successful
quit
221 2.0.0 Bye
Connection closed by foreign host.
相关文章:
Postfix SASL Howto : http://www.postfix.com/SASL_README.html
Last modified by vkill on2008/10/11 12:11
postfix SMTP server with cyrus SASL2 (下)
环境:
2.6.25-ARCH postfix-2.5.3 cyrus-sasl 2.1.22 mysql 5.0.60 pam_mysql-0.7RC1
验证架构三:外部数据库之mysql数据库
mysql数据库连接信息和数据信息如下:(bbb用户密码为123456,经md5加密)
[root@myhost ~]# mysql -u vmail -ppass123456 vmail
mysql> describe users;
+--------+-----------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+--------+-----------+------+-----+---------+-------+
| userid | char(16) | NO | | NULL | |
| password | char(48) | NO | | NULL | |
| domain | char(255) | NO | | NULL | |
+--------+-----------+------+-----+---------+-------+
mysql> select * from users;
+------+----------------------------------+--------+--------+
| userid | password | domain |
+------+----------------------------------+--------+--------+
| aaa | 123456 | mail.test.net |
| bbb | e10adc3949ba59abbe56e057f20f883e | mail.test.net |
+------+----------------------------------+--------+--------+
####bbb用户 password字段使用了md5()函数,原始密码都是123456
一、使用cyrus SASL自带的sql (smtp-->cyrus SASL)
此方法的不好之处是数据库中密码只能为明文,不可md5 sha1等加密
1、修改smtpd配置文件
[root@myhost ~]# vi /etc/sasl2/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql
sql_engine: mysql
sql_database: vmail
sql_user: vmail
sql_passwd: pass123456
sql_select: select password from users where userid='%u' and domain='%r'
2、测试aaa用户是否可以smtp发信,但此时bbb用户不能发,因为它的密码是经过md5加密的
[root@myhost ~]# /etc/rc.d/postfix restart
[root@myhost ~]# ktelnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mail.test.net ESMTP Postfix
ehlo aaa
250-mail.test.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
YWFhQG1haWwudGVzdC5uZXQ= //用户名aaa@mail.test.net base64编码后
334 UGFzc3dvcmQ6
MTIzNDU2 //密码123456 base64编码后
235 2.7.0 Authentication successful
quit
221 2.0.0 Bye
Connection closed by foreign host.
二、使用pam_mysql (smtp-->cyrus SASL-->pam_mysql)
此方法的好处是数据库中的密码可加密,支持md5 sha1等
1、修改smtpd配置文件
[root@myhost ~]# vi /etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
saslauthd_path:/var/run/saslauthd/mux
2、启动saslauthd,archlinux的启动脚本是#/etc/rc.d/saslauthd start,启动参数在/etc/conf.d/saslauthd中
[root@myhost ~]# /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -r
3、创建smtp pam文件
[root@myhost ~]# vi /etc/pam.d/smtp
#/etc/pam.d/smtp
auth required pam_mysql.so config_file=/etc/security/pam_vmail_mysql.conf
account required pam_mysql.so config_file=/etc/security/pam_vmail_mysql.conf
创建smtp pam_mysql配置文件
[root@myhost ~]# vi /etc/security/pam_vmail_mysql.conf
users.host=localhost
users.database=vmail
users.db_user=vmail
users.db_passwd=pass123456
users.table=users
users.user_column=concat(userid,'@',domain)
users.password_column=password
users.password_crypt=3 //Use plain hex MD5
verbose=1 //记录调试日志
4、测试bbb用户是否可以smtp发信
[root@myhost ~]# /etc/rc.d/postfix restart
[root@myhost ~]# ktelnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mail.test.net ESMTP Postfix
ehlo aaa
250-mail.test.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 OTP PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
YmJiQG1haWwudGVzdC5uZXQ= //用户名bbb@mail.test.net base64编码后
334 UGFzc3dvcmQ6
MTIzNDU2 //密码123456 base64编码后
235 2.7.0 Authentication successful
quit
221 2.0.0 Bye
Connection closed by foreign host.
相关文章:
Postfix SASL Howto : http://www.postfix.com/SASL_README.html
Last modified by vkill on2008/10/11 12:11
网友评论(0):
