特殊:Badtitle/NS100:PostfixDovecotSASL:修订间差异

来自Ubuntu中文
跳到导航跳到搜索
Wikibot留言 | 贡献
无编辑摘要
Wikibot留言 | 贡献
无编辑摘要
第12行: 第12行:
<pre><nowiki>
<pre><nowiki>
socket listen {
socket listen {
#master {
    #master {
# Master socket provides access to userdb information. It's typically
      # Master socket provides access to userdb information. It's typically
# used to give Dovecot's local delivery agent access to userdb so it
      # used to give Dovecot's local delivery agent access to userdb so it
# can find mailbox locations.
      # can find mailbox locations.
#path = /var/run/dovecot/auth-master
      #path = /var/run/dovecot/auth-master
#mode = 0600
      #mode = 0600
# Default user/group is the one who started dovecot-auth (root)
      # Default user/group is the one who started dovecot-auth (root)
#user =  
      #user =  
#group =  
      #group =  
#}
    #}
client {
    client {
# The client socket is generally safe to export to everyone. Typical use
      # The client socket is generally safe to export to everyone. Typical use
# is to export it to your SMTP server so it can do SMTP AUTH lookups
      # is to export it to your SMTP server so it can do SMTP AUTH lookups
# using it.
      # using it.
path = /var/spool/postfix/private/auth-client
      path = /var/spool/postfix/private/auth-client
mode = 0660
      mode = 0660
user = postfix
      user = postfix
group = postfix
      group = postfix
}
    }
}
  }
</nowiki></pre>
</nowiki></pre>
The <code><nowiki>/etc/dovecot/dovecot.conf</nowiki></code> file on Ubuntu 6.06 (Dapper) is slightly different:
The <code><nowiki>/etc/dovecot/dovecot.conf</nowiki></code> file on Ubuntu 6.06 (Dapper) is slightly different:
<pre><nowiki>
<pre><nowiki>
auth default_with_listener {
auth default_with_listener {
mechanisms = plain login
  mechanisms = plain login
passdb pam {
  passdb pam {
}
  }
userdb passwd {
  userdb passwd {
}
  }
socket listen {
  socket listen {
#  master {
  #  master {
#path = /var/run/dovecot-auth-master
      #path = /var/run/dovecot-auth-master
# WARNING: Giving untrusted users access to master socket may be a  
      # WARNING: Giving untrusted users access to master socket may be a  
# security risk, don't give too wide permissions to it!
      # security risk, don't give too wide permissions to it!
#mode = 0600
      #mode = 0600
# Default user/group is the one who started dovecot-auth (root)
      # Default user/group is the one who started dovecot-auth (root)
#user =  
      #user =  
#group =  
      #group =  
# }
  # }
client {
    client {
path = /var/spool/postfix/private/auth-client
      path = /var/spool/postfix/private/auth-client
mode = 0660
      mode = 0660
user = postfix
      user = postfix
group = postfix
      group = postfix
}
    }
}
  }
}
}
</nowiki></pre>
</nowiki></pre>

2007年12月6日 (四) 10:50的版本

{{#ifexist: :PostfixDovecotSASL/zh | | {{#ifexist: PostfixDovecotSASL/zh | | {{#ifeq: {{#titleparts:PostfixDovecotSASL|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:PostfixDovecotSASL|1|-1|}} | zh | | }}

Introduction

This guide will guide you through the steps needed to enable Postfix to use the SASL implementation provided by Dovecot. This is an alternative to configuring Postfix to use the Cyrus SASL implementation.

Installation

Everything you need to configure Postfix to use Dovecot SASL is included when you install the dovecot-common and postfix packages from the Main repository. You will probably also want to install dovecot-imapd or dovecot-pop3d which provide IMAP and POP3 services. See the Dovecot guide for more information on setting up Dovecot.

Configuration

Dovecot

First let's configure Dovecot to provide SASL client authentication. To accomplish this edit the Dovecot configuration file /etc/dovecot/dovecot.conf If you're using Ubuntu 7.10 (Gutsy) your configuration should look like this:

socket listen {
    #master {
      # Master socket provides access to userdb information. It's typically
      # used to give Dovecot's local delivery agent access to userdb so it
      # can find mailbox locations.
      #path = /var/run/dovecot/auth-master
      #mode = 0600
      # Default user/group is the one who started dovecot-auth (root)
      #user = 
      #group = 
    #}
    client {
      # The client socket is generally safe to export to everyone. Typical use
      # is to export it to your SMTP server so it can do SMTP AUTH lookups
      # using it.
      path = /var/spool/postfix/private/auth-client
      mode = 0660
      user = postfix
      group = postfix
    }
  }

The /etc/dovecot/dovecot.conf file on Ubuntu 6.06 (Dapper) is slightly different:

auth default_with_listener {
  mechanisms = plain login
  passdb pam {
  }
  userdb passwd {
  }
  socket listen {
  #  master {
       #path = /var/run/dovecot-auth-master
       # WARNING: Giving untrusted users access to master socket may be a 
       # security risk, don't give too wide permissions to it!
       #mode = 0600
       # Default user/group is the one who started dovecot-auth (root)
       #user = 
       #group = 
  # }
    client {
      path = /var/spool/postfix/private/auth-client
      mode = 0660
      user = postfix
      group = postfix
    }
  }
}

Once you've configured Dovecot to provide SASL you'll need to restart it:

sudo /etc/init.d/dovecot restart

Postfix

After you've configured Dovecot to provide SASL authentication it's time to configure Postfix to use it. First edit the /etc/postfix/main.cf configuration file. You can do this with a text editor or by using the postconf -e command:

sudo postconf -e 'smtpd_sasl_type = dovecot'
sudo postconf -e 'smtpd_sasl_path = private/auth-client'
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'

Note: the smtpd_sasl_path configuration needs to be a path relative to the Postfix queue directory. Now restart Postfix to enable the new configurations:

sudo /etc/init.d/postfix restart

Testing

To see if Dovecot SASL is working properly run the following command: telnet localhost 25 After you have established the connection to your postfix mail server type ehlo localhost If you see the lines

250-AUTH PLAIN LOGIN

among others, everything is working. Type quit to return to the system's shell.
Note: this guide has been tested on Ubuntu 6.06 (Dapper Drake) and Ubuntu 7.10 (Gutsy Gibbon).