CentOS 5的sendmail包已支持sasl认证,可用如下命令确认:
[root@yylab3 ~]# sendmail -d0.1 -bv
Version 8.13.8
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS
TCPWRAPPERS USERDB USE_LDAP_INIT
可看到有 SASLv2的输出。
首先编辑 Sendmail 认证配置文件,如下
[root@yylab3 ~]# cat /usr/lib64/sasl2/Sendmail.conf
pwcheck_method:saslauthd
#pwcheck_method:auxprop
32位CentOS该文件的位置是 /usr/lib/sasl2/Sendmail.conf。
编辑 /etc/mail/sendmail.mc,修改相关行如下
define(`confLOG_LEVEL’, `20′)dnl
dnl #DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA’)dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl
define(`confAUTH_MECHANISMS’, `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl
然后 cd /etc/mail && make 可产生 /etc/mail/sendmail.cf文件。
为了方便mc到cf文件的转换,可安装 sendmail-cf 包。
重启 sendmail 服务让修改生效:
/etc/init.d/sendmail restart
接下来配置 saslauthd,修改 /etc/sysconfig/saslauthd 如下
[root@yylab3 ~]# cat /etc/sysconfig/saslauthd
SOCKETDIR=/var/run/saslauthd
MECH=pam
#MECH=shadow
FLAGS=
运行 /etc/init.d/saslauthd restart 使修改生效,可用 testsaslauthd 测试 saslauthd是否生效:
[root@yylab3 ~]# testsaslauthd -s smtp.sendmail -u leo -p leoleo
0: OK "Success."
现在 sendmail 应该支持认证转发邮件了,可以 telnet 服务器的25端口,
[root@yylab3 ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 yylab3.example.com ESMTP Sendmail 8.13.8/8.13.8; Thu, 3 Mar 2011 16:29:55 +0800
ehlo localhost
250-yylab3.example.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
auth login
334 VXNlcm5hbWU6
bGVv
334 UGFzc3dvcmQ6
bGVvbGVv
235 2.0.0 OK Authenticated
参考 http://www.ispexperts.com.np/?page_id=449
没有评论:
发表评论