我想使用 sasl 来保护中继。
saslauthd 工作
testsaslauthd -u weberjn -p ***
0: OK "Success."
尝试了 smtpd_relay_restrictionsSMTPD_访问_README:
# Relay control (Postfix 2.10 and later): local clients and
# authenticated clients may specify any destination domain.
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
这是可行的,但不幸的是,即使客户端密码故意错误,邮件也会被接受。
我怎样才能解决这个问题?
我猜,status=0 是失败?因为客户端不在我的网络中
postfix/smtpd[54754]: generic_checks: name=permit_mynetworks status=0
postfix/smtpd[54754]: generic_checks: name=permit_sasl_authenticated
postfix/smtpd[54754]: generic_checks: name=permit_sasl_authenticated status=0
我可以调试 postfix 和 saslauthd 套接字之间的通信吗?
按照要求:
cat smtpd.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
log_level: 7
postconf -n | grep smtpd
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
postconf -d | grep cyr
cyrus_sasl_config_path =
lmtp_sasl_type = cyrus
send_cyrus_sasl_authzid = no
smtp_sasl_type = cyrus
smtpd_sasl_type = cyrus