Re: [postfix-users] SMTP AUTH

Wed, 13 May 2009 01:36:04 -0700 

Om Asfik,
Kalo log user SASL auth biar keliatan (baik yang gagal dan yang berhasil) apa yang harus di rubah ya? (tanpa verbos ya :D) 

hasilnya cuma seperti ini saja:


May 13 15:18:24 mail postfix/smtpd[29850]: warning: x.x.x.x[202.x.x.x]: 
SASL LOGIN authentication failed: UGFzc3dvcmQ6


yang saya mau, kelihatan user siapa yang gagal tsb :D

mail# postconf -n | grep sasl
broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = reject_unknown_sender_domain 
check_client_access hash:/usr/local/etc/postfix/client_checks 
check_sender_access regexp:/usr/local/etc/postfix/sender_access 
 permit_mynetworks	permit_sasl_authenticated 
check_recipient_access hash:/usr/local/etc/postfix/recipient_access 
reject_unknown_reverse_client_hostname 
reject_unknown_recipient_domain        reject_unauth_destination 
reject_multi_recipient_bounce        check_recipient_access 
hash:/usr/local/etc/postfix/roleaccount_exceptions 
reject_non_fqdn_sender        reject_non_fqdn_recipient 
reject_non_fqdn_hostname        reject_invalid_hostname 
reject_unauth_pipelining        check_sender_access 
hash:/usr/local/etc/postfix/rhsbl_sender_exceptions 
check_policy_service inet:127.0.0.1:12525         reject_rhsbl_sender 
blackholes.mail-abuse.org        permit

smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated   permit_mynetworks


Thanks,
Angky R

as...@its.ac.id wrote:

----- "Imam Cartealy" <carte...@yahoo.co.id> wrote:



mynetworks = 127.0.0.0/8 10.10.0.0/16
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination


Kalau diartikan secara harfiah, kira-kira restriksinya adalah sebagai berikut 
(orders matter):

- Ijinkan user yang sukses authentikasi SASL (permit_sasl_authenticated)
- Ijinkan user dari network 27.0.0.0/8 10.10.0.0/16 (permit_mynetworks)
- Tolak ke tujuan (domain) yg tidak diijinkan (tidak terdaftar di 
mydestinations, relay_domains dll)

Jadi, kalau mau dipaksa agar yang bisa menggunakan SMTP harus auth dulu ya 
tinggal dihilangkan permit_mynetworks :-).

Kira-kira begitu.

Rgds,
Asfihani























					Reply via email to