On Fri, Nov 14, 2003 at 07:39:28PM +0700, Muhammad Reza wrote:
> saya mencoba menggunakan feature smtp authenicated dari postfix-2.0.16
> via cyrus-sasl2 (port instllation) di FreeBSD-4.8
> tapi saya ada masalah dengan Relay Access nya
> 1. output dari postconf -n.
>
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = smtp-amavis:[127.0.0.1]:10024
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> header_checks = regexp:/etc/postfix/header_check
> inet_interfaces = all
> local_destination_concurrency_limit = 10
> mail_owner = postfix
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/local/man
> maximal_queue_lifetime = 2d
> mydomain = mra.co.id
> myhostname = mx3.mra.co.id
> mynetworks = 127.0.0.0/8, 172.16.0.25/32, 172.16.32.25/32,
> 172.16.64.25/32, 172
> .16.128.25/32, 172.16.64.26/32
> mynetworks_style = subnet
> newaliases_path = /usr/bin/newaliases
> queue_directory = /var/spool/postfix
> readme_directory = no
> relay_domains = mra.co.id, beastie.mra.co.id
> sample_directory = /etc/postfix
> sendmail_path = /usr/sbin/sendmail
> setgid_group = postdrop
> smtpd_banner = $myhostname NO UCE ESMTP
> smtpd_helo_required = yes
> smtpd_recipient_limit = 1000
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
> transport_maps = hash:/etc/postfix/transport
> unknown_local_recipient_reject_code = 450
>
> 2. Test
> $perl -MMIME::Base64 -e 'print encode_base64("user\0user\0password");'
> YmVhc3RpZQBiZWFzdGllAHB3cmV6YQ==
> # telnet 172.16.0.229 25 (dari 172.16.0.231)
> Trying 172.16.0.229...
> Connected to 172.16.0.229.
> Escape character is '^]'.
> 220 mx3.mra.co.id NO UCE ESMTP
> ehlo mx3.mra.co.id
> 250-mx3.mra.co.id
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-AUTH LOGIN PLAIN
> 250-AUTH=LOGIN PLAIN
> 250 8BITMIME
> auth plain YmVhc3RpZQBiZWFzdGllAHB3cmV6YQ==
> 235 Authentication successful
> mail from:[EMAIL PROTECTED]
> 250 Ok
> rcpt to:[EMAIL PROTECTED]
> 554 <[EMAIL PROTECTED]>: Relay access denied
> 421 Error: timeout exceeded
> Connection closed by foreign host.
OK
>
> 3. egrep '(reject|error|warning|fatal|panic):' /var/log/maillog | grep
> Nov 14 11:51:48 mx3 postfix/smtpd[33944]: 050FB2E2BA: reject: RCPT from
> unknown[172.16.0.231]: 554 <[EMAIL PROTECTED]>: Relay access denied;
> from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP
> helo=<mx3.mra.co.id>infosaham.com
>
> 4. cuplikan dari main.cf
> smtpd_recepient_restriction =
> permit_sasl_authenticated,
> permit_mynetworks,
> check_relay_domains,
> reject_unknown_recipient_domain,
> reject_non_fqdn_recipient,
> reject_rbl_client relays.ordb.org,
> reject_rbl_client bl.spamcop.net,#sasl config
> #sasl config
> broken_sasl_auth_clients = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
> enable_sasl_authentication = yes
> reject_rhsbl_sender dsn.rfc-ignorant.org,
> permit
Mas Reza, kalau anda memang benar menggunakan postconf -n (-n =
nodefault), maka smtpd_recipient_restrictions maupun
mumble_sasl_mumble akan diprint juga di stdout, tapi dipostconf -n
anda diatas tidak ada dan anda mengutip dari main.cf :-). Dan pada
smtpd_recipient_restrictions tidak bisa digunakan direktif
mumble_sasl_mumble.
Mungkin bisa dicoba begini, di /etc/postfix/main.cf :
# SASL stuff goes here :-)
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
enable_sasl_authentication = yes
# Mumble smtpd goes here :-)
smtpd_recepient_restriction =
permit_sasl_authenticated,
permit_mynetworks,
check_relay_domains,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
reject_rbl_client relays.ordb.org,
reject_rbl_client bl.spamcop.net,
reject_rhsbl_sender dsn.rfc-ignorant.org,
permit
# end
> 5. sasl konfigurasi
>
> $ cat /usr/local/lib/sasl2/smtpd.conf
> pwcheck_method: saslauthd
> mech_list: plain login
> $ ps ax | grep sasl
> 21451 ?? Is 0:00.00 /usr/local/sbin/saslauthd -a getpwent
SASL kelihatannya sudah OK, bisa auth seperti logs diatas.
> Kira kira apa yang salah yah dengan setingan saya, saya sudah coba
> googling dan bertanya ke chanell.
> Mungkin dari postfix-user ada pencerahan. Atau ada cara lain untuk SMTP
> authentikasi via postfix (minus pop before smtp ) ?
>
> O ya kalau saya berhasil saya ingin
> mnerjemahkan.http://yocum.org/faqs/postfix-tls-sasl.html.
Great!.
Asfihani
