El Martes, 1 de marzo de 2016 16:55:53 Arian Molina Aguilera escribió: > El 01/03/16 a las 16:49, Manuel Mely escribió: > > On 03/01/2016 02:28 PM, Rommel Rodriguez Toirac wrote: > >> No me llegó nada :-( Directamente no puedo recibir ni enviar correos > >> a dominios que no sean .cu y no pueden pasar de 1Mb de tamaño Nada > >> que nosotros todavía estamos en otra época. > > > > De todos modos si pueden seguir el hilo o al menos postear la solucion > > al problema por aqui mejor. Y si es posible acortar un poco el cuerpo > > del mensaje (como acabo de hacer en este mensaje) > > Sobre la solucion... te dejo en buenas manos :) > > > > > > ______________________________________________________________________ > > Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba. > > Gutl-l@jovenclub.cu > > https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l > > De la propia wiki de Centos Postfix SASL + Dovecot > > Configuring SASL in postfix > > To configure SASL in postfix, we need to make the following additions to > /etc/postfix/main.cf: > > > smtpd_sasl_auth_enable = yes > broken_sasl_auth_clients = yes > smtpd_sasl_type = dovecot > smtpd_sasl_path = private/auth > smtpd_sasl_security_options = noanonymous > and add permit_sasl_authenticated to our smtpd_recipient_restrictions > section of /etc/postfix/main.cf (if you don't have a > smtpd_recipient_restrictions section, then the following example will > work fine): > > > smtpd_recipient_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > reject_unauth_destination > Next we need to configure auth default in the authentication processes > section of /etc/dovecot.conf. Uncomment and/or add the following lines > as necessary (be careful as this section is heavily commented, some > entries already exist, others are commented out and need uncommenting > such as socket listen): > > > auth default { > mechanisms = plain login > passdb pam { > } > userdb passwd { > } > user = root > socket listen { > client { > path = /var/spool/postfix/private/auth > mode = 0660 > user = postfix > group = postfix > } > } > } > Restart dovecot and reload postfix configuration setting: > > > service dovecot restart > postfix reload > > De la wiki de debian > > PostfixAndSASL > > Translation(s): none > > Simple Authentication and Security Layer (SASL) with Postfix SMTP > > > Tabla de Contenidos > SASL authentication in the Postfix SMTP server > Implementation using Cyrus SASL > Using saslauthd with PAM > Using auxprop with sasldb > Troubleshooting tip > Implementation using Dovecot SASL > SASL authentication in the Postfix SMTP client > Postfix and sbcglobal/yahoo/att > SASL authentication in the Postfix SMTP server > > > Implementation using Cyrus SASL > > Using saslauthd with PAM > Setup Postfix with SMTP-AUTH over SASL2 with authentication against PAM > in a chroot() environment. > > Note: The following steps have been carried out and verified on a Debian > 7.1 system (Jan. 2015). > Note: SASL2 (saslauthd) creates a socket in its working directory. > Postfix (smtpd) needs access to this socket. If smtpd is running > chroot()ed (what is standard on Debian) saslauthd must run within this > chroot() environment also (though not being chrooted itself). While this > is fine for smtpd there are other services (Cyrus imapd for example) > which expect saslauthd 's socket at its "regular" location > (/var/run/saslauthd). > The recommended way to solve this is to run separate saslauthd processes > for Postfix and for others. Debian is prepared for this. Alternatively a > symlink-trick can be used. See below. Or you can disable chroot()ing by > editing the chroot columns in /etc/postfix/master.cf. > > Install libsasl2-modules, postfix, sasl2-bin > Create a file /etc/postfix/sasl/smtpd.conf: > pwcheck_method: saslauthd > mech_list: PLAIN LOGIN > Setup a separate saslauthd process to be used from Postfix: > Create a copy of saslauthd's config file > ~# cp /etc/default/saslauthd /etc/default/saslauthd-postfix > and edit it > START=yes > DESC="SASL Auth. Daemon for Postfix" > NAME="saslauthd-postf" # max. 15 char. > # Option -m sets working dir for saslauthd (contains socket) > OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" # > postfix/smtp in chroot() > (See /usr/share/doc/sasl2-bin/README.Debian.gz) > Alternatively you can replace the directory /run/saslauthd with a > symlink to /var/spool/postfix/var/run/saslauthd > ~# rm -rf /run/saslauthd > ~# ln -s /var/spool/postfix/var/run/saslauthd /run/saslauthd > This is a quick-and-dirty hack, useful only for testing purposes. After > the next reboot the contents of /run will be reset. > Create required subdirectories in postfix chroot directory: > dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd > Add the user "postfix" to the group "sasl": > adduser postfix sasl > Restart saslauthd: > ~# service saslauthd restart > [ ok ] Stopping SASL Auth. Daemon: saslauthd. > [ ok ] Stopping SASL Auth. Daemon for Postfix: saslauthd-postf. > [ ok ] Starting SASL Auth. Daemon: saslauthd. > [ ok ] Starting SASL Auth. Daemon for Postfix: saslauthd-postf. > Edit Postfix configuration: > ~# postconf -e 'smtpd_sasl_local_domain = $myhostname' > ~# postconf -e 'smtpd_sasl_auth_enable = yes' > ~# postconf -e 'broken_sasl_auth_clients = yes' > ~# postconf -e 'smtpd_sasl_security_options = noanonymous' > ~# postconf -e 'smtpd_recipient_restrictions = > permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination' > (Optionally) Create a new PAM fragment and adjust it to your needs: > ~# cd /etc/pam.d > ~# cp other smtp > ~# editor /etc/pam.d/smtp > Restart (reloading is not enough) postfix: > ~# service postfix restart > That's it, you're done, everything should work fine now. > > Using auxprop with sasldb > Setup Postfix with SMTP-AUTH over SASL2 with authentication against > sasldb in a chroot() environment. > > Note: The following steps have been carried out and verified on a Debian > 8.3 system (Feb. 2016). > > Install libsasl2-modules, sasl2-bin > Create a file /etc/postfix/sasl/smtpd.conf: > pwcheck_method: auxprop > auxprop_plugin: sasldb > mech_list: plain login > Add an user to sasldb2 > ~# saslpasswd2 -c -u domain user > ~# sasldblistusers2 > Postfix needs /etc/sasldb2 in his chroot environment. One solution is to > change init script to copy sasldb2 at startup. > In /etc/init.d/postfix, add etc/sasldb2 in the variable FILES : > FILES="etc/localtime etc/services etc/resolv.conf etc/hosts \ > etc/host.conf etc/nsswitch.conf etc/nss_mdns.config > etc/sasldb2" > Edit Postfix configuration: > ~# postconf -e 'smtpd_sasl_local_domain = $myhostname' > ~# postconf -e 'smtpd_sasl_auth_enable = yes' > ~# postconf -e 'smtpd_sasl_security_options = noanonymous' > Restart (reloading is not enough) postfix: > ~# service postfix restart > ~# systemctl daemon-reload > That's it, you're done, everything should work fine now. > > Troubleshooting tip > Check your configuration with saslfinger : > ~# saslfinger -s > If something goes wrong (cannot connect to server, authentification > fails) try to see what is happening behind the scenes. Try to connect to > your mailserver via > ~# telnet server 25 > Can smtpd be connected? If yes, enter the command "ehlo dummy". What > does smtpd respond? For more information see Check for SMTP AUTH support > > > Implementation using Dovecot SASL > > See also: http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL > > > SASL authentication in the Postfix SMTP client > > > Postfix and sbcglobal/yahoo/att > > SBC global block port 25 on its DSL users: > http://help.sbcglobal.net/article.php?item=4640 > We will use sbc smtp server via authentication to send emails. Do this: > > apt-get install libsasl2-modules > ADD to main.cf by using postconf. Just type (smtp.att.yahoo.com requires > the port 587 otherwise you don't need it): > > postconf -e "relayhost = [smtp.sbcglobal.yahoo.com]:587" > postconf -e "smtp_sasl_auth_enable = yes" > postconf -e "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" > postconf -e "smtp_sasl_security_options = noanonymous" > Create a file called sasl_passwd in /etc/postfix/sasl_passwd. Inside type in > > [smtp.sbcglobal.yahoo.com]:587 usern...@sbcglobal.net:mypassword > Now change permissions so others can't read it: > > chmod 600 /etc/postfix/sasl_passwd > Now postmap it. (It creates a database-like file so postfix can read it.) > > postmap /etc/postfix/sasl_passwd > Restart postfix > > postfix reload > > He aquí ambos soluciones para implementación de SASL. Salu2.
Estoy haciendo la de Cyrus (la de dovecot la dejaré para último). Ya creé un nuevo arranque de saslauthd para postfix, en /usr/lib/systemd/system/ cree un nuevo servicio que coge la configuración de /etc/sysconfig/saslauthd-postfix. Mas o menos queda así: ****** en /usr/lib/systemd/system/saslauthd-postfix.service [Unit] Description=SASL authentication daemon para Postfix. After=syslog.target [Service] Type=forking PIDFile=/var/spool/postfix/private/saslauthd-postfix/saslauthd.pid EnvironmentFile=/etc/sysconfig/saslauthd-postfix ExecStart=/usr/sbin/saslauthd -m $SOCKETDIR -a $MECH $FLAGS [Install] WantedBy=multi-user.target en /etc/sysconfig/saslauthd-postfix SOCKETDIR=/var/spool/postfix/private/saslauthd-postfix MECH=pam FLAGS= ****** Y en /etc/postfix/sasl/smtp-postfix adicioné: pwcheck_method: saslauthd mech_list: plain login y además cambié de path en el /etc/postfix/main.cf el parámetro quedó así: smtpd_sasl_path = /etc/postfix/sasl/smtpd-postfix Creé un grupo llamado sasl donde como usuarios miembros puse a postfix y a root. Creé un directorio en /var/spool/postfix/private/saslauthd-postfix/ que es donde el saslauthd creará su socket y su .pid y modifiqué los permisos para que los dueños sean root y el grupo sasl. Hasta ahí todo correcto (según la wiki). Arranco y arranca Ok, pero, postfix no tiene permiso para huzmear en y dentro de /var/spool/postfix/private/saslauthd- postfix/ por que cada vez que levanto el saslathd-postfix se eliminan los permisos del ese directorio. ****** Mar 2 08:54:49 gtmem postfix/postfix-script[5922]: warning: not owned by postfix: /var/spool/postfix/private/saslauthd-postfix Mar 2 08:54:49 gtmem postfix/postfix-script[5923]: warning: not owned by postfix: /var/spool/postfix/private/saslauthd-postfix/mux.accept Mar 2 08:54:49 gtmem postfix/postfix-script[5924]: warning: not owned by postfix: /var/spool/postfix/private/saslauthd-postfix/saslauthd.pid ****** Esa es mi pregunta, como lograr que ese directorio tenga PERMANENTEMENTE permiso para root como dueño y sasl como grupo y así postfix pueda leer dentro. -- Rommel Rodriguez Toirac Administrador de red ONAT Guantánamo Teléfono (pizarra): 327444,326625,326376,327677,326576 Extensión: 120 ______________________________________________________________________ Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba. Gutl-l@jovenclub.cu https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l
