我有一封电子邮件support@mydomain.com,它被配置为将所有电子邮件转发到gmail电子邮件地址。从gmail邮箱回复我希望它从support@mydomain.com发送电子邮件。 以前gmail通过简单的设置设置允许这一点 - >帐户和导入 - >添加您拥有的另一个电子邮件地址,然后选择发送包含验证码的电子邮件,以验证我拥有它。但现在只有选项"通过SMTP服务器发送邮件"
我有安装了postfix的服务器。现在,postfix仅用于发送源自此服务器的电子邮件。 iptables将不允许从不同的PC /服务器连接到postfix,现在它是安全的,因为没有人能够通过我的服务器发送电子邮件。
我google了很多,但发现了很多文章如何配置postfix通过smtp.gmail.com发送电子邮件。 但我需要反过来 - gmail应该以安全的方式通过我的postfix smtp服务器发送电子邮件。
请你帮我解释如何实现这个目标?
答案 0 :(得分:0)
SASL配置
https://wiki.debian.org/PostfixAndSASL#Implementation_using_Cyrus_SASL
sudo apt-get install sasl2-bin
sudo nano /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN
#-------------
cp /etc/default/saslauthd /etc/default/saslauthd-postfix
sudo nano /etc/default/saslauthd-postfix
START=yes
DESC="SASL Auth. Daemon for Postfix"
NAME="saslauthd-postf" # max. 15 char.
# Option -m sets working dir for saslauthd (contains socket)
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" # postfix/smtp in chroot()
#--------------
sudo dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
sudo adduser postfix sasl
#sudo saslpasswd2 -c -u mydomain.com support
用户必须将support@mydomain.com指定为登录名,而不是支持。 遗憾的是无法继续使用此变体,它不起作用 没有领域的选项,它将默认为服务器的反向DNS
sudo saslpasswd2 -c gmail
# list all users
sudo sasldblistusers2
# to get password which may be used in telnet
# echo -ne '\0username\0pswd' | openssl enc -base64
sudo services saslauthd start
#sudo testsaslauthd -u support -p pswd -r mydomain.com
#sudo testsaslauthd -u support@mydomain.com -p pswd
当您明确声明领域有效时,第一个变体,但第二个不起作用。因此选择没有领域的变体
sudo testsaslauthd -u gmail -p pswd
# delete user
sudo testsaslauthd -d username
sudo service saslauthd restart
POSTFIX RELAY
http://www.admin-hints.com/2009/04/how-to-limit-amount-of-messages-per.html
nano /etc/postfix/main.cf
#Clients that are excluded from connection count (default: $mynetworks)
smtpd_client_event_limit_exceptions = $mynetworks
#The time unit over which client connection rates and other rates are calculated. (default: 60s)
anvil_rate_time_unit = 86400s
#How frequently the server logs peak usage information. (default: 600s)
anvil_status_update_time = 120s
#The maximal number of message delivery requests that any client is allowed to make to this service per time unit. (default: 0) To disable this feature, specify a limit of 0.
smtpd_client_message_rate_limit = 200
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_tls_security_level=may
smtpd_sasl_security_options = noanonymous
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
sudo nano /etc/postfix/master.cf
# at the line where commented "#submission inet n" starts
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_security_options=noanonymous
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
检查25端口(587使用TLS),我的服务器只显示587端口,25被iptables阻止
使用telnet进行测试
telnet mydomain.com 25
ehlo dummy
auth plain ARdtYW4sAGRdY1d4cyM9ZnRn # how to get auth plain with your password read above
MAIL FROM: support@mydomain.com
RCPT TO: test@test.com
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: test subject
Hello,
This is test message
.
# dot at the end
quit
如果出现意外情况,请在此处查找错误
tail -f /var/log/mail.log