tachtler:postfix_centos_6
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
tachtler:postfix_centos_6 [2014/04/08 06:32] – [Installation: cyrus-sasl-sql] klaus | tachtler:postfix_centos_6 [2015/08/19 10:49] (aktuell) – [Postfix] klaus | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
- | ====== Postfix ====== | + | ====== Postfix |
[[http:// | [[http:// | ||
Zeile 1450: | Zeile 1450: | ||
check_recipient_access btree:/ | check_recipient_access btree:/ | ||
# White- and Blacklisting | # White- and Blacklisting | ||
- | check_client_access cidr/ | + | check_client_access cidr:/ |
check_helo_access btree:/ | check_helo_access btree:/ | ||
check_sender_access btree:/ | check_sender_access btree:/ | ||
Zeile 1951: | Zeile 1951: | ||
==== SASL-Module: | ==== SASL-Module: | ||
+ | |||
+ | Um **__keine__** Meldungen wie nachfolgend gezeigt bei der **Prüfung** mittels | ||
+ | * ''/ | ||
+ | in der **LOG**-Datei | ||
+ | * ''/ | ||
+ | zu erhalten: | ||
+ | < | ||
+ | Apr 8 06:18:45 rechner60 pluginviewer: | ||
+ | Apr 8 06:18:45 rechner60 pluginviewer: | ||
+ | </ | ||
+ | sollte nachfolgende Konfigurationsdatei - **neu** - angelegt werden und nachfolgenden **DUMMY-Inhalt** enthalten: | ||
+ | * ''/ | ||
+ | |||
+ | :!: **HINWEIS** - **Nur erforderlich bei der Verwendung von '' | ||
+ | |||
+ | (**Komplette Konfigurationsdatei**) | ||
+ | < | ||
+ | sql_select: dummy | ||
+ | </ | ||
Mit nachfolgendem Befehl kann überprüft werden, welche **SASL**-Module installiert sind: | Mit nachfolgendem Befehl kann überprüft werden, welche **SASL**-Module installiert sind: | ||
<code ini> | <code ini> | ||
- | # / | + | # / |
Installed SASL (server side) mechanisms are: | Installed SASL (server side) mechanisms are: | ||
- | DIGEST-MD5 LOGIN ANONYMOUS | + | PLAIN CRAM-MD5 ANONYMOUS |
List of server plugins follows | List of server plugins follows | ||
+ | Plugin " | ||
+ | SASL mechanism: PLAIN, best SSF: 0, supports setpass: no | ||
+ | security flags: NO_ANONYMOUS | ||
+ | features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION | ||
+ | Plugin " | ||
+ | SASL mechanism: CRAM-MD5, best SSF: 0, supports setpass: no | ||
+ | security flags: NO_ANONYMOUS|NO_PLAINTEXT | ||
+ | features: SERVER_FIRST | ||
+ | Plugin " | ||
+ | SASL mechanism: ANONYMOUS, best SSF: 0, supports setpass: no | ||
+ | security flags: NO_PLAINTEXT | ||
+ | features: WANT_CLIENT_FIRST | ||
Plugin " | Plugin " | ||
SASL mechanism: DIGEST-MD5, best SSF: 128, supports setpass: no | SASL mechanism: DIGEST-MD5, best SSF: 128, supports setpass: no | ||
Zeile 1966: | Zeile 1997: | ||
security flags: NO_ANONYMOUS | security flags: NO_ANONYMOUS | ||
features: | features: | ||
- | Plugin " | ||
- | SASL mechanism: ANONYMOUS, best SSF: 0, supports setpass: no | ||
- | security flags: NO_PLAINTEXT | ||
- | features: WANT_CLIENT_FIRST | ||
- | Plugin " | ||
- | SASL mechanism: CRAM-MD5, best SSF: 0, supports setpass: no | ||
- | security flags: NO_ANONYMOUS|NO_PLAINTEXT | ||
- | features: SERVER_FIRST | ||
- | Plugin " | ||
- | SASL mechanism: PLAIN, best SSF: 0, supports setpass: no | ||
- | security flags: NO_ANONYMOUS | ||
- | features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION | ||
Installed auxprop mechanisms are: | Installed auxprop mechanisms are: | ||
- | sasldb | + | sasldb |
List of auxprop plugins follows | List of auxprop plugins follows | ||
Plugin " | Plugin " | ||
+ | supports store: yes | ||
+ | |||
+ | Plugin " | ||
supports store: yes | supports store: yes | ||
Installed SASL (client side) mechanisms are: | Installed SASL (client side) mechanisms are: | ||
- | DIGEST-MD5 LOGIN ANONYMOUS | + | PLAIN CRAM-MD5 ANONYMOUS |
List of client plugins follows | List of client plugins follows | ||
+ | Plugin " | ||
+ | SASL mechanism: PLAIN, best SSF: 0 | ||
+ | security flags: NO_ANONYMOUS | ||
+ | features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION | ||
+ | Plugin " | ||
+ | SASL mechanism: CRAM-MD5, best SSF: 0 | ||
+ | security flags: NO_ANONYMOUS|NO_PLAINTEXT | ||
+ | features: SERVER_FIRST | ||
+ | Plugin " | ||
+ | SASL mechanism: ANONYMOUS, best SSF: 0 | ||
+ | security flags: NO_PLAINTEXT | ||
+ | features: WANT_CLIENT_FIRST | ||
Plugin " | Plugin " | ||
SASL mechanism: DIGEST-MD5, best SSF: 128 | SASL mechanism: DIGEST-MD5, best SSF: 128 | ||
Zeile 1995: | Zeile 2029: | ||
security flags: NO_ANONYMOUS | security flags: NO_ANONYMOUS | ||
features: SERVER_FIRST | features: SERVER_FIRST | ||
- | Plugin " | ||
- | SASL mechanism: ANONYMOUS, best SSF: 0 | ||
- | security flags: NO_PLAINTEXT | ||
- | features: WANT_CLIENT_FIRST | ||
- | Plugin " | ||
- | SASL mechanism: CRAM-MD5, best SSF: 0 | ||
- | security flags: NO_ANONYMOUS|NO_PLAINTEXT | ||
- | features: SERVER_FIRST | ||
- | Plugin " | ||
- | SASL mechanism: PLAIN, best SSF: 0 | ||
- | security flags: NO_ANONYMOUS | ||
- | features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION | ||
Plugin " | Plugin " | ||
SASL mechanism: EXTERNAL, best SSF: 0 | SASL mechanism: EXTERNAL, best SSF: 0 | ||
Zeile 2018: | Zeile 2040: | ||
* **''/ | * **''/ | ||
regelt, welches **Modul** und welches **Backend**-System für die Authentifizierung am [[http:// | regelt, welches **Modul** und welches **Backend**-System für die Authentifizierung am [[http:// | ||
+ | |||
+ | :!: **HINWEIS** - **Aufgrund von Compiler-Einstellungen, | ||
+ | * '' | ||
+ | * '' | ||
+ | **__GLEICHZEITIG__ installiert sein !!!** | ||
**__Variante 1:__** Hier ein Beispiel für das | **__Variante 1:__** Hier ein Beispiel für das | ||
Zeile 3255: | Zeile 3282: | ||
-o smtpd_tls_security_level=encrypt | -o smtpd_tls_security_level=encrypt | ||
-o smtpd_sasl_auth_enable=yes | -o smtpd_sasl_auth_enable=yes | ||
- | -o smtpd_client_restrictions=permit_sasl_authenticated, | + | -o smtpd_client_restrictions=permit_mynetworks, |
-o milter_macro_daemon_name=ORIGINATING | -o milter_macro_daemon_name=ORIGINATING | ||
</ | </ | ||
Zeile 3266: | Zeile 3293: | ||
-o smtpd_tls_security_level=encrypt | -o smtpd_tls_security_level=encrypt | ||
-o smtpd_sasl_auth_enable=yes | -o smtpd_sasl_auth_enable=yes | ||
- | -o smtpd_client_restrictions=permit_sasl_authenticated, | + | -o smtpd_client_restrictions=permit_mynetworks, |
-o milter_macro_daemon_name=ORIGINATING | -o milter_macro_daemon_name=ORIGINATING | ||
-o content_filter=lmtp: | -o content_filter=lmtp: | ||
Zeile 3275: | Zeile 3302: | ||
-o smtpd_tls_security_level=encrypt | -o smtpd_tls_security_level=encrypt | ||
-o smtpd_sasl_auth_enable=yes | -o smtpd_sasl_auth_enable=yes | ||
- | -o smtpd_client_restrictions=permit_sasl_authenticated, | + | -o smtpd_client_restrictions=permit_mynetworks, |
-o milter_macro_daemon_name=ORIGINATING | -o milter_macro_daemon_name=ORIGINATING | ||
-o smtpd_proxy_filter=192.168.0.70: | -o smtpd_proxy_filter=192.168.0.70: | ||
-o smtp_send_xforward_command=yes | -o smtp_send_xforward_command=yes | ||
-o content_filter | -o content_filter | ||
+ | </ | ||
+ | |||
+ | :!: **HINWEIS** - Nachfolgende Ergänzung in der Konfigurationszeile ist **__nur__** notwendig, wenn auch Skripte, welche **__keine__** Authentifizierung durchführen können, via **Port submission** einliefern sollen: | ||
+ | |||
+ | (**Nur relevanter Ausschnitt**) | ||
+ | < | ||
+ | ... | ||
+ | -o smtpd_client_restrictions=permit_mynetworks, | ||
+ | ... | ||
</ | </ | ||
tachtler/postfix_centos_6.1396931572.txt.gz · Zuletzt geändert: 2014/04/08 06:32 (Externe Bearbeitung)