{"id":1012,"date":"2021-07-15T20:19:27","date_gmt":"2021-07-15T12:19:27","guid":{"rendered":"http:\/\/www.dxQerp.com\/?p=1012"},"modified":"2021-09-03T08:07:18","modified_gmt":"2021-09-03T00:07:18","slug":"postfix-dovecot-sasl","status":"publish","type":"post","link":"http:\/\/www.dxQerp.com\/?p=1012","title":{"rendered":"Postfix \/ Dovecot SASL"},"content":{"rendered":"<h3 id=\"block-237d952f-09bf-474e-9b0a-f5510b1ec025\"><strong>\u4ec0\u9ebc\u662f SASL(Simple Authentication and Security Layer)\uff0c\u6211\u9700\u8981\u5b83\u55ce\uff1f<\/strong><\/h3>\r\n<h4><!-- \/wp:post-content -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p id=\"block-e9808c21-a264-438d-b09f-2011855c5713\"><strong>\u9ed8\u8a8d<\/strong>\u60c5\u6cc1\u4e0b\uff0c<strong>postfix<\/strong> \u4f7f\u7528 <strong>$mynetworks<\/strong> \u53c3\u6578\u4f86\u63a7\u5236\u8a2a\u554f\uff0c\u5373\u8ab0\u53ef\u4ee5\u901a\u904e\u90f5\u4ef6\u670d\u52d9\u5668<strong>\u767c\u9001<\/strong>\u6216<strong>\u4e2d\u7e7c<\/strong>\u90f5\u4ef6\u3002<\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p id=\"block-237d952f-09bf-474e-9b0a-f5510b1ec025\">\u9664\u4e86\u6aa2\u67e5\u5617\u8a66\u767c\u9001\u90f5\u4ef6\u7684\u7528\u6236\u7684 <strong>IP \u5730\u5740<\/strong>\u662f\u5426\u5c6c\u65bc $mynetworks \u4e2d\u6307\u5b9a\u7684<strong>\u53d7\u4fe1\u4efb\u7db2\u7d61<\/strong>\u7684\u4e00\u90e8\u5206\u4e4b\u5916\uff0c\u6c92\u6709\u57f7\u884c\u5176\u4ed6\u8eab\u4efd\u9a57\u8b49\u3002<\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p id=\"block-237d952f-09bf-474e-9b0a-f5510b1ec025\">\u5982\u679c\u60a8\u53ea\u662f\u5be6\u73fe\u4e00\u500b\u6240\u6709\u7528\u6236\u90fd\u57fa\u65bc<strong>\u540c\u4e00\u7db2\u7d61<\/strong>\u7684\u90f5\u4ef6\u670d\u52d9\u5668\uff0c\u90a3\u9ebc\u60a8\u4e0d\u592a\u53ef\u80fd\u9700\u8981\u4f7f\u7528 SASL \u3002<\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p id=\"block-237d952f-09bf-474e-9b0a-f5510b1ec025\"><strong>\u7136\u800c<\/strong>\uff0c\u5982\u679c\u6709 <strong>\u79fb\u52d5\u7528\u6236<\/strong> \u5e0c\u671b\u5728 <strong>\u9060\u96e2\u57fa\u5730<\/strong> \u6642\u4f7f\u7528\u90f5\u4ef6\u670d\u52d9\u5668\uff0c<strong>\u6211\u5011\u9700\u8981\u4e00\u7a2e\u6a5f\u5236\u4f86\u9a57\u8b49\u4ed6\u5011\u4f5c\u70ba\u53d7\u4fe1\u4efb\u7528\u6236\u7684\u8eab\u4efd<\/strong>\uff0c\u4ee5\u4fbf\u4ed6\u5011\u80fd\u5920\u901a\u904e\u90f5\u4ef6\u670d\u52d9\u5668<strong>\u767c\u9001\u90f5\u4ef6<\/strong>\u3002<\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p id=\"block-237d952f-09bf-474e-9b0a-f5510b1ec025\">\u53ef\u80fd\u6700\u8457\u540d\u7684 SASL \u5be6\u73fe\u662f\u7531 Cyrus SASL \u5eab\u63d0\u4f9b\u7684\uff0c\u4f46\u662f<strong> dovecot \u4e5f\u5167\u7f6e\u4e86\u5b83\u81ea\u5df1\u7684 SASL \u5be6\u73fe<\/strong>\uff0c<strong>\u800c\u4e14\u7531\u65bc\u6211\u5011\u5df2\u7d93\u5728\u904b\u884c dovecot<\/strong>\uff0c\u6211\u5011\u4e0d\u59a8\u5c07\u5b83\u7528\u65bc SASL\uff0c\u800c\u4e0d\u5fc5\u5b89\u88dd\u548c\u914d\u7f6e\u53e6\u4e00\u500b\u5305\u88f9\u3002<\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:heading {\"level\":3} --><\/h4>\r\n<h3 id=\"block-237d952f-09bf-474e-9b0a-f5510b1ec025\"><strong>\u5728 Postfix \u914d\u7f6e SASL<\/strong><\/h3>\r\n<h4><!-- \/wp:heading -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p id=\"block-237d952f-09bf-474e-9b0a-f5510b1ec025\"><strong>\u00a0\/etc\/postfix\/main.cf<\/strong> \u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u5167\u5bb9\uff1a<\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:code --><\/h4>\r\n<pre id=\"block-237d952f-09bf-474e-9b0a-f5510b1ec025\" class=\"wp-block-code\"><code>smtpd_sasl_auth_enable = yes  # \u555f\u7528 SASL \u7684\u5e38\u7528\u8a2d\u7f6e\r\n<strong>smtpd_sasl_type = dovecot<\/strong>  #\u555f\u7528 SASL \u8eab\u4efd\u9a57\u8b49\u548c\u6388\u6b0a, \u9ed8\u8a8d\u60c5\u6cc1\u4e0b\uff0cSMTP \u4f7f\u7528 <strong>Cyrus SASL<\/strong> \u3002\r\nsmtpd_sasl_path = private\/auth\r\nsmtpd_sasl_security_options = noanonymous<\/code><\/pre>\r\n<h4><!-- \/wp:code -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p>\u4ee5\u53ca\u5728 \/etc\/postfix\/main.cf \u5167\u7684 smtpd_relay_restrictions \u90e8\u4efd\u52a0\u5165 permit_sasl_authenticated<\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:code --><\/h4>\r\n<pre id=\"block-237d952f-09bf-474e-9b0a-f5510b1ec025\" class=\"wp-block-code\"><code># \u4f7f\u7528 <strong>2.10 \u4e4b\u5f8c<\/strong>\u7684 Postfix \u7248\u672c\uff0c\u4f7f\u7528 \r\nsmtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination<\/code><\/pre>\r\n<h4><!-- \/wp:code -->\r\n\r\n<!-- wp:heading {\"level\":3} --><\/h4>\r\n<h3 id=\"block-237d952f-09bf-474e-9b0a-f5510b1ec025\"><strong>\u5728 Dovecot \u914d\u7f6e<\/strong> SASL<\/h3>\r\n<h4><!-- \/wp:heading -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p id=\"block-237d952f-09bf-474e-9b0a-f5510b1ec025\">\u5f9e 2.3 \u7248\u958b\u59cb\uff0cPostfix \u901a\u904e <strong>Dovecot\u00a0SASL<\/strong>\u652f\u6301 SMTP AUTH, \u53ef\u4ee5\u901a\u904e\u904b\u884c\u4ee5\u4e0b\u547d\u4ee4\u6aa2\u67e5 Postfix \u662f\u5426\u652f\u6301 <strong>Dovecot SASL<\/strong><\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:code --><\/h4>\r\n<pre class=\"wp-block-code\"><code>postconf -a<\/code><\/pre>\r\n<h4><!-- \/wp:code -->\r\n\r\n<!-- wp:heading {\"level\":4} --><\/h4>\r\n<h4 id=\"block-237d952f-09bf-474e-9b0a-f5510b1ec025\">\u4e00\u65e6\u78ba\u8a8d Postfix \u652f\u6301 Dovecot SASL\uff0c\u914d\u7f6e\u5c31\u975e\u5e38\u7c21\u55ae<\/h4>\r\n<h4><!-- \/wp:heading -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p>\u8acb\u6309\u60c5\u6cc1\u522a\u9664\u8a3b\u91cb\u53ca\uff0f\u6216\u52a0\u5165\u4ee5\u4e0b\u5167\u5bb9\uff08\u8acb\u5c0f\u5fc3\uff0c\u56e0\u70ba\u9019\u90e8\u4efd\u6709\u5927\u91cf\u8a3b\u91cb\uff0c\u67d0\u4e9b\u9805\u76ee\u53ef\u80fd\u5df2\u7d93\u5b58\u5728\uff09<\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p><strong>\/etc\/dovecot\/conf.d\/10-master.conf<\/strong> \u6458\u9304<\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:code --><\/h4>\r\n<pre class=\"wp-block-code\"><code>service auth {\r\n\u2026\r\nunix_listener \/var\/spool\/postfix\/private\/auth {\r\nmode = 0660\r\n    # Assuming the default Postfix user and group\r\nuser = postfix\r\ngroup = postfix\r\n}<\/code><\/pre>\r\n<h4><!-- \/wp:code -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p><strong>\/etc\/dovecot\/conf.d\/10-auth.conf<\/strong> \u6458\u9304<\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:code --><\/h4>\r\n<pre class=\"wp-block-code\"><code># Outlook \u548c Windows Mail \u50c5\u9069\u7528\u65bc LOGIN \u6a5f\u5236\uff0c\u800c\u4e0d\u9069\u7528\u65bc\u6a19\u6e96\u7684 PLAIN\r\nauth_mechanisms = plain login<\/code><\/pre>\r\n<h4><!-- \/wp:code -->\r\n\r\n<!-- wp:heading {\"level\":3} --><\/h4>\r\n<h3>\u6e2c\u8a66 SASL<\/h3>\r\n<h4><!-- \/wp:heading -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p>\u6211\u5011\u53ef\u4ee5 telnet \u9032\u5165\u4f3a\u670d\u5668\u4e26\u5617\u8a66\u4ee5\u76ee\u5df1\u7684\u7528\u6236\u540d\u7a31\u53ca\u5bc6\u78bc\u4f86\u9032\u884c\u9a57\u8b49\u3002\u7136\u800c\u6211\u5011\u7684\u7528\u6236\u540d\u7a31\u53ca\u5bc6\u78bc\u5fc5\u9808\u4ee5 Base64 \u4f86\u7de8\u78bc\uff08\u8a3b\uff1a\u6211\u5011\u7684\u7528\u6236\u540d\u7a31\u53ca\u5bc6\u78bc\u662f\u88ab\u7de8\u78bc\uff0c\u800c\u4e0d\u662f\u52a0\u5bc6\uff0c\u89e3\u8b80\u5b83\u4ea6\u6613\u5982\u53cd\u638c\uff0c\u6240\u4ee5\u6b64\u523b\u5b83\u4e26\u4e0d\u5b89\u5168\uff09\u3002\u5229\u7528 perl\uff0c\u4f60\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u65b9\u5f0f\u7522\u751f\u4e00\u53e5\u4ee5 Bas64 \u7de8\u78bc\u3001\u5305\u542b\u6211\u5011\u7684\u7528\u6236\u540d\u7a31\u548c\u5bc6\u78bc\u7684\u5b57\u4e32\uff08\u5728\u7bc4\u4f8b\u88e1\u6211\u7528\u4e86 test \u9019\u500b\u7528\u6236\u53ca test1234 \u4f5c\u70ba\u5bc6\u78bc\uff09<\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:code --><\/h4>\r\n<pre class=\"wp-block-code\"><code>perl -MMIME::Base64 -e 'print encode_base64(\"\\000qq\\0008879576\");'\r\nAHFxADg4Nzk1NzY=<\/code><\/pre>\r\n<h4><!-- \/wp:code -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p>\u4f5c\u70ba\u53c3\u8003\uff0c\u6211\u5011\u4ee5 Base64 \u7de8\u78bc\u7684\u5b57\u4e32\u53ef\u4ee5\u9019\u6a23\u88ab\u89e3\u8b80\uff1a<\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:code --><\/h4>\r\n<pre class=\"wp-block-code\"><code>perl -MMIME::Base64 -e 'print decode_base64(\"AHFxADg4Nzk1NzY=\");'\r\nqq8879576<\/code><\/pre>\r\n<h4><!-- \/wp:code -->\r\n\r\n<!-- wp:separator --><\/h4>\r\n<hr class=\"wp-block-separator\" \/>\r\n<h4><!-- \/wp:separator -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p>\u5229\u6211\u5011\u7528\u4ee5 Base64 \u7de8\u78bc\u7684\u5b57\u4e32\u4f86\u6e2c\u8a66\u9a57\u8b49\uff1a<\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:code --><\/h4>\r\n<pre class=\"wp-block-code\"><code>telnet localhost 25\r\nTrying 127.0.0.1\u2026\r\nConnected to localhost.localdomain (127.0.0.1).\r\nEscape character is '^]'.\r\n220 mail.dxqerp.com ESMTP Postfix\r\nEHLO dxqerp.com\r\n250-mail.dxqerp.com\r\n250-PIPELINING\r\n250-SIZE 20480000\r\n250-VRFY\r\n250-ETRN\r\n250-AUTH PLAIN LOGIN\r\n250-AUTH=PLAIN LOGIN\r\n250-ENHANCEDSTATUSCODES\r\n250-8BITMIME\r\n250 DSN\r\nAUTH PLAIN AHFxADg4Nzk1NzY=\r\n235 2.0.0 Authentication successful\r\nquit\r\n221 2.0.0 Bye\r\nConnection closed by foreign host.<\/code><\/pre>\r\n<h4><!-- \/wp:code -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p>\u5047\u5982\u4e00\u5207\u6b63\u5e38\u7684\u8a71\uff0c\u6211\u5011\u61c9\u8a72\u6703\u770b\u898b AUTH PLAIN LOGIN\uff08\u53ca AUTH=PLAIN LOGIN\uff09\uff0c\u8868\u793a\u4e86\u90f5\u4ef6\u4f3a\u670d\u5668\u73fe\u6b63\u63d0\u4f9b smtp \u9a57\u8b49\uff0c\u800c\u6211\u5011\u61c9\u8a72\u53ef\u4ee5\u904b\u7528 Base64 \u7de8\u78bc\u7684\u7528\u6236\u540d\u7a31\u53ca\u5bc6\u78bc\u4f86\u6210\u529f\u5730\u9a57\u8b49\u3002<\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p>\u73fe\u5728\u6211\u5011\u53ef\u4ee5\u8a2d\u5b9a\u90f5\u4ef6\u5ba2\u6236\u7aef\u5728\u767c\u653e\u90f5\u4ef6\u6642\u63a1\u7528\u9a57\u8b49\uff08\u7528\u6236\u540d\u7a31\u53ca\u5bc6\u78bc\uff09\u3002<\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p>Ou<strong>tlook <\/strong>\uff1a\u300c\u5de5\u5177\u300d &gt; \u300c\u5e33\u865f\u300d &gt; \u300c\u90f5\u4ef6\u300d\u9801\u7c64 &gt; \u9078\u53d6\u4e00\u500b\u5e33\u6236\u4e26\u9ede\u64ca\u300c\u5167\u5bb9\u300d\u3002\u7136\u5f8c\u5728\u300c\u4f3a\u670d\u5668\u300d\u9801\u7c64\u88e1\uff0c\u65bc\u300c\u5916\u5bc4\u90f5\u4ef6\u4f3a\u670d\u5668\u300d\u4e4b\u4e0b\uff0c\u9078\u53d6\u300c\u6211\u7684\u4f3a\u670d\u5668\u9808\u8981\u9a57\u8b49\u300d\u3002<\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p>\u5982\u679c\u6211\u5011\u767c\u653e\u4e00\u5c01\u6e2c\u8a66\u8a0a\u606f\u4e26\u8ffd\u67e5 maillog\uff0c\u5047\u8a2d\u4e00\u5207\u662f\u6b63\u5e38\u7684\u8a71\uff0c\u4fbf\u61c9\u8a72\u770b\u898b\u6211\u5011\u7684\u90f5\u4ef6\u5ba2\u6236\u7aef\u4ee5 SASL \u9032\u884c\u9a57\u8b49\uff1a<\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:code --><\/h4>\r\n<pre class=\"wp-block-code\"><code>tail -f \/var\/log\/maillog<\/code><\/pre>\r\n<h4><!-- \/wp:code -->\r\n\r\n<!-- wp:heading --><\/h4>\r\n<h2>THE END<\/h2>\r\n<h4><!-- \/wp:heading -->\r\n\r\n<!-- wp:heading {\"level\":3} --><\/h4>\r\n<h3>\u53c3\u8003<\/h3>\r\n<h4><!-- \/wp:heading -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p><a href=\"https:\/\/wiki.centos.org\/HowTos\/postfix_sasl\">Postfix\/dovecot SASL and SSL\/TLS guide<\/a><\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p><a href=\"https:\/\/doc.dovecot.org\/configuration_manual\/howto\/postfix_and_dovecot_sasl\/\">Postfix and Dovecot SASL<\/a><\/p>\r\n<h4><!-- \/wp:paragraph -->\r\n\r\n<!-- wp:paragraph --><\/h4>\r\n<p><a href=\"https:\/\/doc.dovecot.org\/admin_manual\/sasl\/#sasl\">SASL<\/a><\/p>\r\n<pre>\u00a0<\/pre>","protected":false},"excerpt":{"rendered":"<p>\u4ec0\u9ebc\u662f SASL(Simple Authentication and Security Layer)\uff0c\u6211\u9700\u8981\u5b83 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[28,27],"tags":[],"class_list":["post-1012","post","type-post","status-publish","format-standard","hentry","category-dovecot","category-postfix"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"http:\/\/www.dxQerp.com\/index.php?rest_route=\/wp\/v2\/posts\/1012","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.dxQerp.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.dxQerp.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.dxQerp.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.dxQerp.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1012"}],"version-history":[{"count":13,"href":"http:\/\/www.dxQerp.com\/index.php?rest_route=\/wp\/v2\/posts\/1012\/revisions"}],"predecessor-version":[{"id":1122,"href":"http:\/\/www.dxQerp.com\/index.php?rest_route=\/wp\/v2\/posts\/1012\/revisions\/1122"}],"wp:attachment":[{"href":"http:\/\/www.dxQerp.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1012"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.dxQerp.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1012"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.dxQerp.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1012"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}