El Miércoles, 2 de marzo de 2016 13:01:34 Juan Carlos escribió: > El 02/03/2016 a las 08:59 a.m., Rommel Rodriguez Toirac escribió: > > El Martes, 1 de marzo de 2016 16:55:53 Arian Molina Aguilera escribió: > >> El 01/03/16 a las 16:49, Manuel Mely escribió: > >>> On 03/01/2016 02:28 PM, Rommel Rodriguez Toirac wrote: > >>>> No me llegó nada :-( Directamente no puedo recibir ni enviar correos > >>>> a dominios que no sean .cu y no pueden pasar de 1Mb de tamaño Nada > >>>> que nosotros todavía estamos en otra época. > >>> > >>> De todos modos si pueden seguir el hilo o al menos postear la solucion > >>> al problema por aqui mejor. Y si es posible acortar un poco el cuerpo > >>> del mensaje (como acabo de hacer en este mensaje) > >>> Sobre la solucion... te dejo en buenas manos :) > >>> > >>> > >>> ______________________________________________________________________ > >>> Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba. > >>> Gutl-l@jovenclub.cu > >>> https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l > >> > >> De la propia wiki de Centos Postfix SASL + Dovecot > >> > >> Configuring SASL in postfix > >> > >> To configure SASL in postfix, we need to make the following additions to > >> /etc/postfix/main.cf: > >> > >> > >> smtpd_sasl_auth_enable = yes > >> broken_sasl_auth_clients = yes > >> smtpd_sasl_type = dovecot > >> smtpd_sasl_path = private/auth > >> smtpd_sasl_security_options = noanonymous > >> and add permit_sasl_authenticated to our smtpd_recipient_restrictions > >> section of /etc/postfix/main.cf (if you don't have a > >> smtpd_recipient_restrictions section, then the following example will > >> work fine): > >> > >> > >> smtpd_recipient_restrictions = > >> > >> permit_mynetworks, > >> permit_sasl_authenticated, > >> reject_unauth_destination > >> > >> Next we need to configure auth default in the authentication processes > >> section of /etc/dovecot.conf. Uncomment and/or add the following lines > >> as necessary (be careful as this section is heavily commented, some > >> entries already exist, others are commented out and need uncommenting > >> such as socket listen): > >> > >> > >> auth default { > >> > >> mechanisms = plain login > >> passdb pam { > >> } > >> userdb passwd { > >> } > >> user = root > >> socket listen { > >> > >> client { > >> > >> path = /var/spool/postfix/private/auth > >> mode = 0660 > >> user = postfix > >> group = postfix > >> > >> } > >> > >> } > >> > >> } > >> Restart dovecot and reload postfix configuration setting: > >> > >> > >> service dovecot restart > >> postfix reload > >> > >> De la wiki de debian > >> > >> PostfixAndSASL > >> > >> Translation(s): none > >> > >> Simple Authentication and Security Layer (SASL) with Postfix SMTP > >> > >> > >> Tabla de Contenidos > >> SASL authentication in the Postfix SMTP server > >> Implementation using Cyrus SASL > >> Using saslauthd with PAM > >> Using auxprop with sasldb > >> Troubleshooting tip > >> Implementation using Dovecot SASL > >> SASL authentication in the Postfix SMTP client > >> Postfix and sbcglobal/yahoo/att > >> SASL authentication in the Postfix SMTP server > >> > >> > >> Implementation using Cyrus SASL > >> > >> Using saslauthd with PAM > >> Setup Postfix with SMTP-AUTH over SASL2 with authentication against PAM > >> in a chroot() environment. > >> > >> Note: The following steps have been carried out and verified on a Debian > >> 7.1 system (Jan. 2015). > >> Note: SASL2 (saslauthd) creates a socket in its working directory. > >> Postfix (smtpd) needs access to this socket. If smtpd is running > >> chroot()ed (what is standard on Debian) saslauthd must run within this > >> chroot() environment also (though not being chrooted itself). While this > >> is fine for smtpd there are other services (Cyrus imapd for example) > >> which expect saslauthd 's socket at its "regular" location > >> (/var/run/saslauthd). > >> The recommended way to solve this is to run separate saslauthd processes > >> for Postfix and for others. Debian is prepared for this. Alternatively a > >> symlink-trick can be used. See below. Or you can disable chroot()ing by > >> editing the chroot columns in /etc/postfix/master.cf. > >> > >> Install libsasl2-modules, postfix, sasl2-bin > >> Create a file /etc/postfix/sasl/smtpd.conf: > >> pwcheck_method: saslauthd > >> mech_list: PLAIN LOGIN > >> Setup a separate saslauthd process to be used from Postfix: > >> Create a copy of saslauthd's config file > >> ~# cp /etc/default/saslauthd /etc/default/saslauthd-postfix > >> and edit it > >> START=yes > >> DESC="SASL Auth. Daemon for Postfix" > >> NAME="saslauthd-postf" # max. 15 char. > >> # Option -m sets working dir for saslauthd (contains socket) > >> OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" # > >> postfix/smtp in chroot() > >> (See /usr/share/doc/sasl2-bin/README.Debian.gz) > >> Alternatively you can replace the directory /run/saslauthd with a > >> symlink to /var/spool/postfix/var/run/saslauthd > >> ~# rm -rf /run/saslauthd > >> ~# ln -s /var/spool/postfix/var/run/saslauthd /run/saslauthd > >> This is a quick-and-dirty hack, useful only for testing purposes. After > >> the next reboot the contents of /run will be reset. > >> Create required subdirectories in postfix chroot directory: > >> dpkg-statoverride --add root sasl 710 > >> /var/spool/postfix/var/run/saslauthd > >> Add the user "postfix" to the group "sasl": > >> adduser postfix sasl > >> Restart saslauthd: > >> ~# service saslauthd restart > >> [ ok ] Stopping SASL Auth. Daemon: saslauthd. > >> [ ok ] Stopping SASL Auth. Daemon for Postfix: saslauthd-postf. > >> [ ok ] Starting SASL Auth. Daemon: saslauthd. > >> [ ok ] Starting SASL Auth. Daemon for Postfix: saslauthd-postf. > >> Edit Postfix configuration: > >> ~# postconf -e 'smtpd_sasl_local_domain = $myhostname' > >> ~# postconf -e 'smtpd_sasl_auth_enable = yes' > >> ~# postconf -e 'broken_sasl_auth_clients = yes' > >> ~# postconf -e 'smtpd_sasl_security_options = noanonymous' > >> ~# postconf -e 'smtpd_recipient_restrictions = > >> permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination' > >> (Optionally) Create a new PAM fragment and adjust it to your needs: > >> ~# cd /etc/pam.d > >> ~# cp other smtp > >> ~# editor /etc/pam.d/smtp > >> Restart (reloading is not enough) postfix: > >> ~# service postfix restart > >> That's it, you're done, everything should work fine now. > >> > >> Using auxprop with sasldb > >> Setup Postfix with SMTP-AUTH over SASL2 with authentication against > >> sasldb in a chroot() environment. > >> > >> Note: The following steps have been carried out and verified on a Debian > >> 8.3 system (Feb. 2016). > >> > >> Install libsasl2-modules, sasl2-bin > >> Create a file /etc/postfix/sasl/smtpd.conf: > >> pwcheck_method: auxprop > >> auxprop_plugin: sasldb > >> mech_list: plain login > >> Add an user to sasldb2 > >> > >> ~# saslpasswd2 -c -u domain user > >> ~# sasldblistusers2 > >> > >> Postfix needs /etc/sasldb2 in his chroot environment. One solution is to > >> change init script to copy sasldb2 at startup. > >> > >> In /etc/init.d/postfix, add etc/sasldb2 in the variable FILES : > >> FILES="etc/localtime etc/services etc/resolv.conf etc/hosts \ > >> > >> etc/host.conf etc/nsswitch.conf etc/nss_mdns.config > >> > >> etc/sasldb2" > >> Edit Postfix configuration: > >> ~# postconf -e 'smtpd_sasl_local_domain = $myhostname' > >> ~# postconf -e 'smtpd_sasl_auth_enable = yes' > >> ~# postconf -e 'smtpd_sasl_security_options = noanonymous' > >> Restart (reloading is not enough) postfix: > >> ~# service postfix restart > >> ~# systemctl daemon-reload > >> That's it, you're done, everything should work fine now. > >> > >> Troubleshooting tip > >> Check your configuration with saslfinger : > >> ~# saslfinger -s > >> If something goes wrong (cannot connect to server, authentification > >> fails) try to see what is happening behind the scenes. Try to connect to > >> your mailserver via > >> ~# telnet server 25 > >> Can smtpd be connected? If yes, enter the command "ehlo dummy". What > >> does smtpd respond? For more information see Check for SMTP AUTH support > >> > >> > >> Implementation using Dovecot SASL > >> > >> See also: http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL > >> > >> > >> SASL authentication in the Postfix SMTP client > >> > >> > >> Postfix and sbcglobal/yahoo/att > >> > >> SBC global block port 25 on its DSL users: > >> http://help.sbcglobal.net/article.php?item=4640 > >> We will use sbc smtp server via authentication to send emails. Do this: > >> > >> apt-get install libsasl2-modules > >> ADD to main.cf by using postconf. Just type (smtp.att.yahoo.com requires > >> the port 587 otherwise you don't need it): > >> > >> postconf -e "relayhost = [smtp.sbcglobal.yahoo.com]:587" > >> postconf -e "smtp_sasl_auth_enable = yes" > >> postconf -e "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" > >> postconf -e "smtp_sasl_security_options = noanonymous" > >> Create a file called sasl_passwd in /etc/postfix/sasl_passwd. Inside type > >> in > >> > >> [smtp.sbcglobal.yahoo.com]:587 usern...@sbcglobal.net:mypassword > >> Now change permissions so others can't read it: > >> > >> chmod 600 /etc/postfix/sasl_passwd > >> Now postmap it. (It creates a database-like file so postfix can read it.) > >> > >> postmap /etc/postfix/sasl_passwd > >> Restart postfix > >> > >> postfix reload > >> > >> He aquí ambos soluciones para implementación de SASL. Salu2. > >> > > Estoy haciendo la de Cyrus (la de dovecot la dejaré para último). > > > > Ya creé un nuevo arranque de saslauthd para postfix, en > > > > /usr/lib/systemd/system/ cree un nuevo servicio que coge la configuración > > de /etc/sysconfig/saslauthd-postfix. Mas o menos queda así: > > > > ****** > > en /usr/lib/systemd/system/saslauthd-postfix.service > > > > [Unit] > > Description=SASL authentication daemon para Postfix. > > After=syslog.target > > > > [Service] > > Type=forking > > PIDFile=/var/spool/postfix/private/saslauthd-postfix/saslauthd.pid > > EnvironmentFile=/etc/sysconfig/saslauthd-postfix > > ExecStart=/usr/sbin/saslauthd -m $SOCKETDIR -a $MECH $FLAGS > > > > [Install] > > WantedBy=multi-user.target > > > > > > en /etc/sysconfig/saslauthd-postfix > > > > SOCKETDIR=/var/spool/postfix/private/saslauthd-postfix > > MECH=pam > > FLAGS= > > ****** > > > > Y en /etc/postfix/sasl/smtp-postfix adicioné: > > > > pwcheck_method: saslauthd > > mech_list: plain login > > > > y además cambié de path en el /etc/postfix/main.cf el parámetro quedó así: > > smtpd_sasl_path = /etc/postfix/sasl/smtpd-postfix > > > > Creé un grupo llamado sasl donde como usuarios miembros puse a postfix y > > a > > > > root. Creé un directorio en /var/spool/postfix/private/saslauthd-postfix/ > > que es donde el saslauthd creará su socket y su .pid y modifiqué los > > permisos para que los dueños sean root y el grupo sasl. > > > > Hasta ahí todo correcto (según la wiki). Arranco y arranca Ok, pero, > > postfix no tiene permiso para huzmear en y dentro de > > /var/spool/postfix/private/saslauthd- postfix/ por que cada vez que > > levanto el saslathd-postfix se eliminan los permisos del ese directorio. > > > > ****** > > Mar 2 08:54:49 gtmem postfix/postfix-script[5922]: warning: not owned by > > postfix: /var/spool/postfix/private/saslauthd-postfix > > Mar 2 08:54:49 gtmem postfix/postfix-script[5923]: warning: not owned by > > postfix: /var/spool/postfix/private/saslauthd-postfix/mux.accept > > Mar 2 08:54:49 gtmem postfix/postfix-script[5924]: warning: not owned by > > postfix: /var/spool/postfix/private/saslauthd-postfix/saslauthd.pid > > ****** > > > > Esa es mi pregunta, como lograr que ese directorio tenga PERMANENTEMENTE > > > > permiso para root como dueño y sasl como grupo y así postfix pueda leer > > dentro. > Brother ahi algo llamado Iredmail que te monta un server de correo con > todo en minutos buscalo para centos y tendras tu problema resuelto de > una vez..
No, prefiero postfix y dovecot -- Rommel Rodriguez Toirac Administrador de red ONAT Guantánamo Teléfono (pizarra): 327444,326625,326376,327677,326576 Extensión: 120 ______________________________________________________________________ Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba. Gutl-l@jovenclub.cu https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l
