Re: migracia qmail->postfix (bolo: qmail a bordel od spammerov)
to by me zajimalo, s autorizaci mam problem. SASL2 mam nainstalovane, nastavene, demona spustim, ale nikde nic. Postfix je na to nastaven, TLS umi, ale bez funkcni autorizace si muzu hvizdat kulky. konkretne by mne zajimalo, co vse je potreba pro nastaveni samotneho SASL2, sasldb2 jsem mel. HOWTO na to jsem nasel dost, ale proste ...ps aux ani -d sasl nikde v provozu nenaslo...Původně odeslal Marty
Ja jsem dnes stastne rozjel autorizaci na postfixu 2.1.5-9 pod debianem sarge (kernel 2.4.29-bf2.4 SMP pro uplnost) s postfix-tls 2.1.5-9 se sasl2 2.1.19-1.5sarge. Sice zatim jen na sasldb2 bez TLS a na plain hesla only, ale taky dobry.
nemate nekdo nejaky pekny howto nebo tipy ke konfiguraci postfixu aby autorizoval rovnou z /etc/passwd ?
btw Marty (Cyrus SASL):
Rainbow: ja myslim ze v logu je, pro koho ten mail je urceny, i kdyz je odmitnut v sender. ale jistotu ted nemam, mam oci tak na spanek, mrknu zitra - potvrzuju, mam to v logu.Kód:pam: this tells SASL to integrate with your system's PAM libraries and to authenticate against the database specified by pam. This can be used with plaintext protocols such as PLAIN and LOGIN, and should allow you to authenticate against other services such as LDAP and RADIUS. On most systems, pam will be configured to authenticate logins against the system passwd file. Unfortunately, the only way I could make pam authentication work was if the /etc/shadow file was mode 644, which is definately not a good idea. This is only useful if you have pam authenticate against something like LDAP. If you want to authenticate local users, you should use pwcheck or shadow. shadow: this tells SASL to look for the username and password using the system /etc/shadow file. Again, /etc/shadow must be mode 644 in order for this authentication mechanism to work. sasldb: this tells SASL to use the /var/lib/sasl/sasl.db database to check passwords and secrets. This method must be used to allow DIGEST-MD5 or CRAM-MD5 authentication. Users must be added to this database using the saslpasswd utility. You must add at least one user to the database for it to be properly initialized. This file must also be readable by the postfix user; Mandrakelinux installs the file with 0644 permissions. However, this seems to be ok as regular users cannot read information from the sasldb using the sasldblistusers program. pwcheck: this is similar to the shadow method except you do not need to give the postfix user read access to the file (a very good idea). This method interfaces with the pwcheck daemon, which runs as root to read the /etc/shadow file instead of permitting postfix to do it. Using pwcheck is very simple, and if you want to authenticate against local users without using sasldb, you should use pwcheck. It uses the /usr/sbin/pwcheck daemon, which runs as root, to check against your /etc/shadow file. This means you don't have to change the permissions of /etc/shadow to something insecure like mode 644. pwcheck is a daemon that must be started as root and immediately launches itself into the background. Since there is no initscript for pwcheck, you can simple add to the end of your /etc/rc.d/rc.local file the following:
Co se tyce TLS, tam bych s "only" byl opatrny, zatim jsem na dost mistech zahledl upozorneni, ze treba Outlooky na to nejsou vsechny stavene. Ale overit to muzu az budu mit funkcni SASL2.
Jezevec: spravne, akorat netusim pod jakym jmenem to asi budu hledat...ja jen do budoucna
Odpověď s citací