Debian
Postfix smarthost,允許通過動態IP中繼
我有幾台安裝了 postfix 的伺服器(web、mysql、java),它們被設置為中繼到 smarthost postfix 伺服器。
DYNAMIC IP STATIC IP INTERNET [PHP -> sendmail -> 25:postfix:2525] -> [2525:postfix:25] -> [25:external]
問題是第一台伺服器有動態 IP 地址,所以我不能簡單地將它們的 IP 地址添加到中間後綴伺服器的 main.cf 中的 mynetworks 設置中。
我認為解決方案是 SASL,但我不知道如何在第一個上設置使用者名:密碼並在第二個上對其進行身份驗證。
這就是我在繼電器上的東西
apt-get install postfix libsasl2-modules cat > /etc/postfix/main.cf << 'EOF' myhostname = a-eu1-test-http alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases relayhost = [smarthost]:2525 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mydestination = a-eu1-test-http, localhost mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = loopback-only smtpd_banner = $myhostname ESMTP $mail_name biff = no append_dot_mydomain = no readme_directory = no smtp_tls_security_level = encrypt smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/relay_password smtp_sasl_security_options = noanonymous EOF
這是我在 smarthost 上的,但我不知道如何定義 sasl 使用者:
apt-get install postfix libsasl2-modules cat > /etc/postfix/main.cf << 'EOF' myorigin = /etc/mailname myhostname = smarthost alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mydestination = smarthost, localhost mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all smtpd_banner = $myhostname ESMTP $mail_name biff = no append_dot_mydomain = no readme_directory = no smtpd_tls_security_level = encrypt smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache EOF
您基本上錯過了身份驗證後端
在繼電器上:
apt-get install postfix libsasl2-2 libsasl2-modules sasl2-bin adduser postfix sasl mkdir /etc/postfix/sasl cat > /etc/postfix/sasl/smtpd.conf << EOF pwcheck_method: saslauthd mech_list: PLAIN LOGIN EOF cat > /etc/default/saslauthd << EOF START=yes MECHANISMS="sasldb" OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" EOF saslpasswd2 -c -u `postconf -h myhostname` relay-user service saslauthd start
在客戶端:
cat > /etc/postfix/relay_passwords << EOF your-relay:2525 relay-user:password EOF postmap /etc/postfix/relay_passwords