Deploy Postfix mail system (d) Set up SMTP authentication and alias mechanism

The common form of SMTP letter authentication is as follows: When a user sends a message to an external mail domain through the SMTP protocol, the server asks the user to provide a user account and password to authenticate, and only successful authenticated users are allowed to send messages externally, or they will reject the letter request.

In the Postfix messaging system, you can use the Cyrus SASL software to implement the basic SMTP authentication mechanism. Postfix to check the system account and password by calling CYRUSSASL's function library and using the authentication service SASLAUTHD provided by Cyrus SASL.

1, set up Cyrus SASL function library, and start SASLAUTHD service

[Root@localhost/] #vim/usr/lib/sasl2/smtpd.conf

PWCHECK_METHOD:SASLAUTHD//Set up to use SASLAUTHD service as authentication method

[Root@localhost/]#/ETC/INIT.D/SASLAUTHD Start//Open SASLAUTHD Service

[Root@localhost/] #chkconfig--level SASLAUTHD on//set level 35 do not boot

2, modify MAIN.CF configuration file, add SMTP authentication configuration, and overload service

In the above configuration parameters, the following lines of SMTP authentication are defined as follows:

Mynetworks: Used to control the network address or IP address that can be sent out via the server.

Smtpd_recipient_restrictions: Set the recipient address filtering rules, the matching policy is "from top to bottom" order, if there is a meeting policy, and immediately stop. A few common values are described below:

Permit_mynetworks: Allow IP addresses for Mynetworks customers to use this mail system to send mail.

Permit_sasl_authenticated: Allows users who are authenticated by SMTP to send outgoing messages.

Reject_unauth_destination: When the recipient address is not included in the Postfix's authorized network, the message is refused to be sent. (The authorized network includes domains and subdomains specified by configuration parameters such as Inet_interfaces, Mydestination, Relay_domain, and so on)

3. Verify SMTP Letter Authentication

Use the Telnet command to do a letter test, and the test is not an SMTP authentication condition.

To use SMTP letter authentication, you should change to "EHLO" (instead of helo) in the Telnet command to declare the native address, and log on by "Auth login" before you can send the message normally. User name, password string default using Base64 encoding format, using the OpenSSL tool can be generated.