實現 SMTP 發信認證
1、 啓動 saslauthd 認證服務
[root@mail ~]# yum -y install cyrus-sasl //此包默認通常已安裝
[root@mail ~]# systemctl restart saslauthd
[root@mail ~]# systemctl enable saslauthd
[root@mail ~]# testsaslauthd -u user01 -p test1234 -s smtp
0: OK "Success." //檢查saslauthd服務
2、編輯 postfix 配置,啓用SMTP認證
[root@mail ~]# vim /etc/postfix/main.cf
# 設置本地網絡
mynetworks = 127.0.0.1
# 啓用SASL認證
smtpd_sasl_auth_enable = yes
# 阻止匿名發信
smtpd_sasl_security_options = noanonymous
# 拒絕向未授權的目標域發信
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
[root@mail ~]# systemctl restart saslauthd
3、以用戶user01爲例,未經過認證登錄時,向外域發郵件會被拒絕
[root@mail ~]# telnet mail.auto.com 25
Trying 127.0.0.1...
Connected to mail.auto.com (127.0.0.1).
Escape character is '^]'.
220 mail.xxx.com ESMTP Postfix
HELO localhost // 宣告本機地址
250 mail.auto.com
MAIL FROM:[email protected] // 指定發件人地址
250 2.1.0 Ok
RCPT TO:[email protected] // 指定收件人地址
454 4.7.1 <[email protected]>: Relay access denied
// 發送外域的發信請求被拒絕
quit // 斷開telnet連接
221 2.0.0 Bye
Connection closed by foreign host.
- 爲用戶user01爲例,生成用戶名、密碼的加密字串
[root@mail ~]# printf "user01" | openssl base64
bmljaw==
[root@mail ~]# printf "test1234" | openssl base64
MTIzNDU2Nw==
- 認證登錄通過以後,才允許向外域發郵件
[root@mail ~]# telnet mail.auto.com 25
Trying 127.0.0.1...
Connected to mail.xxx.com (127.0.0.1).
Escape character is '^]'.
220 mail.xxx.com ESMTP Postfix
EHLO localhost //加密宣告本機地址
250-mail.xxx.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN //聲明要執行認證登錄
334 VXNlcm5hbWU6
bmljaw== //輸入用戶名xxx的BASE64編碼
334 UGFzc3dvcmQ6
MTIzNDU2Nw== //輸入密碼1234567的BASE64編碼
235 2.7.0 Authentication successful
MAIL FROM:[email protected] //指定發件人地址
250 2.1.0 Ok
RCPT TO:[email protected] //指定收件人地址
250 2.1.5 Ok
DATA //開始編寫郵件內容
354 End data with <CR><LF>.<CR><LF>
Subject:SMTP Auth Test //指定郵件標題
Hello, here is a test mail. //輸入文本郵件內容
. //獨立的 . 表示輸入完畢
250 2.0.0 Ok: queued as 8C48431D8B2
quit //斷開telnet連接
221 2.0.0 Bye
Connection closed by foreign host.