Problems
follow a practice, two, three, Postfix configuration based on an existing service, basically anyone can connect to the mail server, feel free to submit e-mail. In order to improve the security of the mail system, reduce spam, this case requires open letter SMTP authentication restrictions for the function.
Need to complete the configuration tasks:
1) Enable saslauthd authentication service
2) adjust the postfix service configuration, add the relevant certification set
3) Test the SMTP sender authentication
scheme
RHEL6 system comes with a SASL (Simple Authentication and Security Layer, Simple Authentication Security Layer) assembly, no additional configuration, you can use its service saslauthd to provide authentication support. Of course, also you need to modify the configuration file Postfix and services, to enable authentication, shown in Figure -1.
FIG -1
Step
implement this case the following procedure is required.
Step one: Configure saslauthd authentication service
1) installation, start saslauthd service
[root@mail ~]# yum -y install cyrus-sasl-plain //若已安装,则此步跳过
.. ..
[root@mail ~]# service saslauthd start
[root@mail ~]# chkconfig saslauthd on
2) a simple test certification results
using testsaslauthd tool to check smtp service, if a user name, password is correct, then the test passes, otherwise it will fail:
[root@mail ~]# testsaslauthd -u hunter -p 1234567 -s smtp
0: OK "Success." //认证通过
[root@mail ~]# testsaslauthd -u hunter -p 1234 -s smtp
0: NO "authentication failed" //认证失败(不通过)
Step two: Adjust the postfix configuration, enable SMTP Authentication
1) modify main.cf configuration file and add the authentication configuration
[root@mail ~]# vim /etc/postfix/main.cf
.. ..
mynetworks = 127.0.0.1 //设置本地网络
smtpd_sasl_auth_enable = yes //启用SASL认证
smtpd_sasl_security_options = noanonymous //阻止匿名发信
smtpd_recipient_restrictions = //设置收件人过滤
permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination //拒绝向未授权的目标域发信
2) service postfix reload
[root@mail ~]# service postfix restart
.. ..
Step three: Test SMTP authentication letter
Use mail order or Thunderbird test on the client.
1) previously configured in mail order, for example, when the login authentication has not elapsed, outside the domain will be rejected mail
[root@pc205 ~]# echo "SMTP Test." | mail -s "Test Mail 3." [email protected]
.. ..
smtp-server: 554 5.7.1 <[email protected]>: Relay access denied
"/root/dead.letter" 11/306
. . . message not sent. //被拒绝、邮件提交失败
2) modify mail profiles, add SMTP authentication information
[root@pc205 ~]# vim ~/.mailrc
set smtp=smtp://mail.tedu.cn
set [email protected]
set smtp-auth-user="[email protected]" //指定认证用户
set smtp-auth-password="1234567" //指定认证密码
set folder=imap://[email protected]
set [email protected]="1234567"
3) test sent a letter again, the message was successfully submitted to the server
[root@pc205 ~]# echo "SMTP Test." | mail -s "Test Mail 4." [email protected]
[root@pc205 ~]#
通过上述操作过程可以发现,用户nick经认证登录以后,成功将一封发给外域收件人[email protected]的邮件提交到postfix发信队列。
注意:邮件被成功提交到发信队列不表示发信就一定会成功,还取决于Internet连接、DNS解析、对方的邮件接收策略等一系列因素。