Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # /etc/postfix/main.cf
- home_mailbox = Maildir/
- alias_database = hash:/etc/postfix/aliases
- alias_maps = hash:/etc/postfix/aliases
- myorigin = /etc/mailname
- mydestination = $myhostname, localhost
- relayhost =
- mynetworks = 127.0.0.0/8 192.168.0.0/16
- mailbox_size_limit = 0
- recipient_delimiter = +
- inet_interfaces = all
- inet_protocols = all
- biff = no
- append_dot_mydomain = no
- delay_warning_time = 4h
- mailbox_size_limit = 0
- # SSL and TLS
- smtpd_tls_cert_file=/etc/postfix/certs/cert.pem
- smtpd_tls_key_file=/etc/postfix/certs/key.pem
- smtpd_use_tls=yes
- smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
- smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
- # SASL
- #smtpd_sasl_path = smtpd
- smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
- smtpd_sasl_auth_enable = yes
- #smtpd_sasl_security_options = noanonymous, nodictionary, noactive
- smtpd_sasl_security_options = noanonymous
- #smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
- smtpd_sasl_local_domain = $myhostname
- smtpd_sasl_application_name = smtpd
- broken_sasl_auth_clients = yes
- smtpd_tls_auth_only = no
- smtp_use_tls = yes
- smtp_tls_note_starttls_offer = yes
- smtpd_tls_loglevel = 1
- smtpd_tls_received_header = yes
- smtpd_tls_session_cache_timeout = 3600s
- tls_random_source = dev:/dev/urandom
- #virtual_maps = hash:/etc/postfix/virtusertable
- #mydestination = /etc/postfix/local-host-names
- smtpd_recipient_restrictions =
- permit_sasl_authenticated,
- permit_mynetworks,
- check_relay_domains #,
- # reject_sender_login_mismatch,
- # reject_unauth_destination,
- # reject_authenticated_sender_login_mismatch,
- # eject_unauthenticated_sender_login_mismatch,
- # reject_unknown_sender_domain
- #############################################################################################
- #/etc/postfix/sasl/smtpd.conf
- pwcheck_method: saslauthd
- mech_list: plain login
- #############################################################################################
- #/etc/postfix/master.conf
- smtp inet n - - - - smtpd
- pickup fifo n - - 60 1 pickup
- cleanup unix n - - - 0 cleanup
- qmgr fifo n - n 300 1 qmgr
- tlsmgr unix - - - 1000? 1 tlsmgr
- rewrite unix - - - - - trivial-rewrite
- bounce unix - - - - 0 bounce
- defer unix - - - - 0 bounce
- trace unix - - - - 0 bounce
- verify unix - - - - 1 verify
- flush unix n - - 1000? 0 flush
- proxymap unix - - n - - proxymap
- proxywrite unix - - n - 1 proxymap
- smtp unix - - - - - smtp
- relay unix - - - - - smtp
- -o smtp_fallback_relay=
- showq unix n - - - - showq
- error unix - - - - - error
- retry unix - - - - - error
- discard unix - - - - - discard
- local unix - n n - - local
- virtual unix - n n - - virtual
- lmtp unix - - - - - lmtp
- anvil unix - - - - 1 anvil
- scache unix - - - - 1 scache
- maildrop unix - n n - - pipe
- flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
- uucp unix - n n - - pipe
- flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
- ifmail unix - n n - - pipe
- flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
- bsmtp unix - n n - - pipe
- flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
- scalemail-backend unix - n n - 2 pipe
- flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
- mailman unix - n n - - pipe
- flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
- ${nexthop} ${user}
- #############################################################################################
- #/etc/postfix/dynamicmaps.cf
- tcp /usr/lib/postfix/dict_tcp.so dict_tcp_open
- mysql /usr/lib/postfix/dict_mysql.so dict_mysql_open
- #############################################################################################
- #/etc/default/saslauthd
- START=yes
- DESC="SASL Authentication Daemon"
- NAME="saslauthd"
- MECHANISMS="pam"
- MECH_OPTIONS=""
- THREADS=0
- OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd "
- #############################################################################################
- #$ swaks -a -tls -q AUTH -s host.hopto.org -au natka
- Password: password
- === Trying host.hopto.org:25...
- === Connected to host.hopto.org.
- <- 220 white.localdomain ESMTP Postfix
- -> EHLO other.host.lt
- <- 250-white.localdomain
- <- 250-PIPELINING
- <- 250-SIZE 10240000
- <- 250-VRFY
- <- 250-ETRN
- <- 250-STARTTLS
- <- 250-AUTH NTLM PLAIN CRAM-MD5 LOGIN DIGEST-MD5
- <- 250-AUTH=NTLM PLAIN CRAM-MD5 LOGIN DIGEST-MD5
- <- 250-ENHANCEDSTATUSCODES
- <- 250-8BITMIME
- <- 250 DSN
- -> STARTTLS
- <- 220 2.0.0 Ready to start TLS
- === TLS started w/ cipher DHE-RSA-AES256-SHA
- === TLS peer subject DN="/C=LT/ST=Vilniaus apskritis/L=Vilnius/O=Home/OU=Husband/CN=host.hopto.org/emailAddress=postmaster@other.host.lt"
- ~> EHLO other.host.lt
- <~ 250-white.localdomain
- <~ 250-PIPELINING
- <~ 250-SIZE 10240000
- <~ 250-VRFY
- <~ 250-ETRN
- <~ 250-AUTH NTLM PLAIN CRAM-MD5 LOGIN DIGEST-MD5
- <~ 250-AUTH=NTLM PLAIN CRAM-MD5 LOGIN DIGEST-MD5
- <~ 250-ENHANCEDSTATUSCODES
- <~ 250-8BITMIME
- <~ 250 DSN
- ~> AUTH CRAM-MD5
- <~ 334 PDE2NzQ5Nzc5MjEuNDg5Nzk3M0B3aGl0ZS5sb2NhbGRvbWFpbj4=
- ~> bmF0a2EgYzFkOWMwY2IzOTcxMzgyYmZhNWI1ZmMwZGJmNGZlMjg=
- <~* 535 5.7.8 Error: authentication failed: authentication failure
- ~> AUTH LOGIN
- <~ 334 VXNlcm5hbWU6
- ~> bmF0a2E=
- <~ 334 UGFzc3dvcmQ6
- ~> cGFwYTEhIQ==
- <~* 535 5.7.8 Error: authentication failed: authentication failure
- ~> AUTH PLAIN AG5hdGthAHBhcGExISE=
- <~* 535 5.7.8 Error: authentication failed: authentication failure
- *** No authentication type succeeded
- ~> QUIT
- <~ 221 2.0.0 Bye
- === Connection closed with remote host.
- #############################################################################################
- #tail -f /var/log/mail.log
- Aug 16 21:55:26 white postfix/smtpd[23957]: connect from unknown[other.host.lt]
- Aug 16 21:55:26 white postfix/smtpd[23957]: setting up TLS connection from unknown[other.host.lt]
- Aug 16 21:55:26 white postfix/smtpd[23957]: Anonymous TLS connection established from unknown[other.host.lt]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
- Aug 16 21:55:26 white postfix/smtpd[23957]: warning: SASL authentication failure: no secret in database
- Aug 16 21:55:26 white postfix/smtpd[23957]: warning: unknown[other.host.lt]: SASL CRAM-MD5 authentication failed: authentication failure
- Aug 16 21:55:26 white postfix/smtpd[23957]: warning: unknown[other.host.lt]: SASL LOGIN authentication failed: authentication failure
- Aug 16 21:55:26 white postfix/smtpd[23957]: warning: SASL authentication failure: Password verification failed
- Aug 16 21:55:26 white postfix/smtpd[23957]: warning: unknown[other.host.lt]: SASL PLAIN authentication failed: authentication failure
- Aug 16 21:55:26 white postfix/smtpd[23957]: disconnect from unknown[other.host.lt]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement