Postfix – Configuration de l’authentification SASL avec mysql
mars 30, 2016 3:45 Laissez vos commentairesBonjour à tous,
Dans ce tutoriel, nous allons apprendre à configurer l’authentification smtp avec SASL sur un serveur Postfix.
SASL : Simple Authentication and Security Layer
Installation des paquets :
apt-get install libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql
On ajoute ensuite l’utilisateur postfix au group sasl :
adduser postfix sasl
Modification des droits et création du lien:
rm -r /var/run/saslauthd/ mkdir -p /var/spool/postfix/var/run/saslauthd chown -R root:sasl /var/spool/postfix/var/run/saslauthd chmod 710 /var/spool/postfix/var/run/saslauthd ln -s /var/spool/postfix/var/run/saslauthd /var/run chgrp sasl /var/spool/postfix/var/run/saslauthd
Création du script de démarrage pour mapper le lien après reboot
nano /etc/init.d/monscript #!/bin/sh ### BEGIN INIT INFO # Provides: monscript # Required-Start: # Required-Stop: # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: chroot postfix sasl # Description: s ### END INIT INFO ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd
Lancement du script au démarrage
update-rc.d monscripts defaults
Désactivation du chroot :
nano /etc/postfix/master.cf smtp inet n - n - - smtpd
Configuration de master.cf :
smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes #smtp inet n - - - 1 postscreen #smtpd pass - - - - - smtpd #dnsblog unix - - - - 0 dnsblog #tlsproxy unix - - - - 0 tlsproxy submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING
Configuration de postfix :
nano /etc/postfix/main.cf
# Support SASL
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unauth_pipelining,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_invalid_hostname
smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
Configuration de SASL :
nano /etc/default/saslauthd START=yes MECHANISMS="pam" OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
nano /etc/pam.d/smtp auth required pam_mysql.so user=root passwd=mot_de_passe host=127.0.0.1 db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1 account sufficient pam_mysql.so user=root passwd=mot_de_passe host=127.0.0.1 db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1
nano /etc/postfix/sasl/smtpd.conf wcheck_method: saslauthd mech_list: CRAM-MD5 PLAIN LOGIN auxprop_plugin: sql saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux sql_engine: mysql sql_hostnames: 127.0.0.1 sql_user: postfix sql_database: postfix sql_passwd: monpass sql_select: select password from mailbox where username = '%u@%r'
service saslauthd restart
Test de l’authentification :
testsaslauthd -u monadresse@mail.tld -p monmotdepasse -s smtp
debug
saslfinger -c saslfinger -s
Voilà pour une installation express de SASL sur postfix
A+!
Classés dans :Debian
Cet article a été écrit par admin