Title: archlinux SBS--mail server(2):postfix SMTP server with cyrus SASL2(下) Fromvkill'blog 何永鹏 Time:Fri, 3 Oct 2008 13:08:31 +0000 Author:vkill URL:http://blog.vkill.net/read.php/107.htm Content: 最后修改20081011 --by:vkill postfix SMTP server with cyrus SASL2 (下) 环境: 2.6.25-ARCH postfix-2.5.3 cyrus-sasl 2.1.22 mysql 5.0.60 pam_mysql-0.7RC1 验证架构三:外部数据库之mysql数据库 mysql数据库连接信息和数据信息如下:(bbb用户密码为123456,经md5加密) [root@myhost ~]# mysql -u vmail -ppass123456 vmail mysql> describe users; +--------+-----------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------+-----------+------+-----+---------+-------+ | userid | char(16) | NO | | NULL | | | password | char(48) | NO | | NULL | | | domain | char(255) | NO | | NULL | | +--------+-----------+------+-----+---------+-------+ mysql> select * from users; +------+----------------------------------+--------+--------+ | userid | password | domain | +------+----------------------------------+--------+--------+ | aaa | 123456 | mail.test.net | | bbb | e10adc3949ba59abbe56e057f20f883e | mail.test.net | +------+----------------------------------+--------+--------+ ####bbb用户 password字段使用了md5()函数,原始密码都是123456 一、使用cyrus SASL自带的sql (smtp-->cyrus SASL) 此方法的不好之处是数据库中密码只能为明文,不可md5 sha1等加密 1、修改smtpd配置文件 [root@myhost ~]# vi /etc/sasl2/smtpd.conf pwcheck_method: auxprop auxprop_plugin: sql sql_engine: mysql sql_database: vmail sql_user: vmail sql_passwd: pass123456 sql_select: select password from users where userid='%u' and domain='%r' 2、测试aaa用户是否可以smtp发信,但此时bbb用户不能发,因为它的密码是经过md5加密的 [root@myhost ~]# /etc/rc.d/postfix restart [root@myhost ~]# ktelnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. 220 mail.test.net ESMTP Postfix ehlo aaa 250-mail.test.net 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth login 334 VXNlcm5hbWU6 YWFhQG1haWwudGVzdC5uZXQ= //用户名aaa@mail.test.net base64编码后 334 UGFzc3dvcmQ6 MTIzNDU2 //密码123456 base64编码后 235 2.7.0 Authentication successful quit 221 2.0.0 Bye Connection closed by foreign host. 二、使用pam_mysql (smtp-->cyrus SASL-->pam_mysql) 此方法的好处是数据库中的密码可加密,支持md5 sha1等 1、修改smtpd配置文件 [root@myhost ~]# vi /etc/sasl2/smtpd.conf pwcheck_method: saslauthd saslauthd_path:/var/run/saslauthd/mux 2、启动saslauthd,archlinux的启动脚本是#/etc/rc.d/saslauthd start,启动参数在/etc/conf.d/saslauthd中 [root@myhost ~]# /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -r 3、创建smtp pam文件 [root@myhost ~]# vi /etc/pam.d/smtp #/etc/pam.d/smtp auth required pam_mysql.so config_file=/etc/security/pam_vmail_mysql.conf account required pam_mysql.so config_file=/etc/security/pam_vmail_mysql.conf 创建smtp pam_mysql配置文件 [root@myhost ~]# vi /etc/security/pam_vmail_mysql.conf users.host=localhost users.database=vmail users.db_user=vmail users.db_passwd=pass123456 users.table=users users.user_column=concat(userid,'@',domain) users.password_column=password users.password_crypt=3 //Use plain hex MD5 verbose=1 //记录调试日志 4、测试bbb用户是否可以smtp发信 [root@myhost ~]# /etc/rc.d/postfix restart [root@myhost ~]# ktelnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. 220 mail.test.net ESMTP Postfix ehlo aaa 250-mail.test.net 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 OTP PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth login 334 VXNlcm5hbWU6 YmJiQG1haWwudGVzdC5uZXQ= //用户名bbb@mail.test.net base64编码后 334 UGFzc3dvcmQ6 MTIzNDU2 //密码123456 base64编码后 235 2.7.0 Authentication successful quit 221 2.0.0 Bye Connection closed by foreign host. 相关文章: Postfix SASL Howto : http://www.postfix.com/SASL_README.html Generated by Bo-blog 2.1.1 Release