一直以來我都讓postfix使用 sasl 方式處裡寄信認證, 但是連結到多網域主控伺服器的時候, 就會出錯, 很麻煩.
經過測試 dovecot 可以使用多組 userdb , 與passdb , 達到一個mail server 支援多個ldap網域主控.
當然也能省下一個sasl的service
- 修改dovecort的 conf.d/10-master.conf
service auth {
...
unix_listener /var/spool/postfix/private/auth {
mode = 0660
# Assuming the default Postfix user and group
user = postfix
group = postfix
}
...
}
#以下設定為了相容outlook系統
auth_mechanisms = plain login
- 修改postfix的main.cf
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
# On Debian Wheezy path must be relative and queue_directory defined
#queue_directory = /var/spool/postfix
# and the common settings to enable SASL:
smtpd_sasl_auth_enable = yes
- 修改postfix的master.cf
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_sender_login_maps=hash:/etc/postfix/virtual
-o smtpd_sender_restrictions=reject_sender_login_mismatch
...
參考:
https://doc.dovecot.org/configuration_manual/howto/postfix_and_dovecot_sasl/