Please take a look at this.
:: Installing Postfix with support TLS/SSL and/or SASL2 on FreeBSD over Port
[ root ]# cd /usr/ports/mail/postfix25/Select TLS/SSL and/or SASL2 on config menu.
[ root ]# make config; make install clean
[ root ]# rehash
and then on Cyrus-SASL2 config menu, disable OTP support.
:: Installing Cyrus-SASL2-Saslauthd over Port
[ root ]# cd /usr/ports/security/cyrus-sasl2-saslauthd/
[ root ]# make install clean
[ root ]# rehash
[ root ]# vi /usr/local/lib/sasl2/smtpd.conf
#
# Add this line:
pwcheck_method: saslauthd
mech_list: plain login
:: Configure Postfix and Cyrus-SASL2-Saslauthd to automatically start on boot up
[ root ]# vi /etc/rc.conf
#
# Add this line:
#
saslauthd_enable="YES"
saslauthd_flags="-a pam"
postfix_enable="YES"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
:: Generate SSL Certificate for Postfix
[ root ]# mkdir /usr/local/etc/postfix/ssl
[ root ]# cd /usr/local/etc/postfix/ssl/
[ root ]# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
:: Configuring Postfix with TLS/SSL and SASL2
+ Configure main.cf file
[ root ]# vi /usr/local/etc/postfix/main.cf
#
# Configure on this options:
#
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
home_mailbox = Mailbox
myhostname = mail.freebsd.org
mydomain = freebsd.org
myorigin = $mydomain
inet_interfaces = all
# SASL2 configure for posfix
#
smtp_sasl_auth_enable = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes
smtp_sasl_password_maps = hash:/usr/local/etc/sasldb2
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
# TLS/SSL config
#
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_recieved_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_key_file = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/ssl/smtpd.pem
+ Configure master.cf file
[ root ]# vi /usr/local/etc/postfix/master.cf
#
# configure/uncomment on this configuration
#
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
:: Starting Saslauthd and Postfix Service
[ root ]# /usr/local/etc/rc.d/saslauthd start
[ root ]# /usr/local/etc/rc.d/postfix start
:: Testink
[ root ]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.freebsd.org ESMTP Postfix
ehlo localhost
250-mail.freebsd.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
250-AUTH=NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
starttls
220 2.0.0 Ready to start TLS
quit
exit
Connection closed by foreign host.
:: Links
+ GoogleBSD
+ YoCum
0 komentar:
Post a Comment