Postfix: Authentikasi SMTP untuk Client dengan DOVECOT: Difference between revisions
From OnnoCenterWiki
Jump to navigationJump to search
Onnowpurbo (talk | contribs) New page: Sumber: http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL Cek apakah postfix mendukung dovecot postconf -a Edit konfigurasi dovecot, conf.d/10-master.conf excerpt service auth { ... |
Onnowpurbo (talk | contribs) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 6: | Line 6: | ||
postconf -a | postconf -a | ||
Edit konfigurasi dovecot | ==Edit konfigurasi dovecot== | ||
vi /etc/dovecot/conf.d/10-master.conf | |||
Pastikan | |||
service auth { | service auth { | ||
... | |||
unix_listener /var/spool/postfix/private/auth { | unix_listener /var/spool/postfix/private/auth { | ||
mode = 0660 | |||
user = postfix | |||
group = postfix | |||
} ##end listener | |||
} | |||
... | ... | ||
} | } | ||
Edit | Edit | ||
vi /etc/dovecot/conf.d/10-auth.conf | |||
Pastikan | |||
auth_mechanisms = plain login | auth_mechanisms = plain login | ||
Edit | |||
vi /etc/dovecot/conf.d/10-ssl.conf | |||
Pastikan | |||
ssl = yes | |||
==Edit Postfix== | |||
Edit | |||
vi /etc/postfix/main.cf | |||
Pastikan | |||
# TLS parameters | |||
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem | |||
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key | |||
smtpd_use_tls=yes | |||
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache | |||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | |||
smtpd_tls_auth_only = no | |||
smtpd_tls_loglevel = 1 | |||
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination | |||
smtp_tls_security_level = may | |||
smtpd_tls_security_level = may | |||
smtp_tls_note_starttls_offer = yes | |||
smtpd_tls_loglevel = 1 | |||
smtpd_tls_received_header = yes | |||
smtpd_sasl_type = dovecot | smtpd_sasl_type = dovecot | ||
smtpd_sasl_path = private/auth | smtpd_sasl_path = private/auth | ||
smtpd_sasl_local_domain = | |||
smtpd_sasl_security_options = noanonymous | |||
broken_sasl_auth_clients = yes | |||
smtpd_sasl_auth_enable = yes | smtpd_sasl_auth_enable = yes | ||
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination | |||
smtpd_relay_restrictions = permit_mynetworks, | |||
permit_sasl_authenticated, | |||
reject_unauth_destination | |||
Edit | |||
vi /etc/postfix/master.cf | |||
Pastikan | |||
submission inet n - | submission inet n - - - - smtpd | ||
-o syslog_name=postfix/submission | |||
-o smtpd_tls_security_level=encrypt | -o smtpd_tls_security_level=encrypt | ||
-o smtpd_sasl_auth_enable=yes | -o smtpd_sasl_auth_enable=yes | ||
-o | -o smtpd_reject_unlisted_recipient=no | ||
# -o smtpd_client_restrictions=$mua_client_restrictions | |||
# -o smtpd_helo_restrictions=$mua_helo_restrictions | |||
# -o smtpd_sender_restrictions=$mua_sender_restrictions | |||
-o | # -o smtpd_recipient_restrictions= | ||
-o | -o smtpd_relay_restrictions=permit_sasl_authenticated,reject | ||
-o smtpd_sender_restrictions= | -o milter_macro_daemon_name=ORIGINATING | ||
-o | smtps inet n - - - - smtpd | ||
-o syslog_name=postfix/smtps | |||
-o smtpd_tls_wrappermode=yes | |||
-o smtpd_sasl_auth_enable=yes | |||
-o smtpd_reject_unlisted_recipient=no | |||
# -o smtpd_client_restrictions=$mua_client_restrictions | |||
# -o smtpd_helo_restrictions=$mua_helo_restrictions | |||
# -o smtpd_sender_restrictions=$mua_sender_restrictions | |||
# -o smtpd_recipient_restrictions= | |||
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject | |||
-o milter_macro_daemon_name=ORIGINATING | |||
==Pastikan semua mail berjalan== | |||
Telnet, ketik | |||
telnet localhost 25 | |||
ehlo test | |||
Akan keluar | |||
250-onnocenter.or.id | |||
250-PIPELINING | |||
250-SIZE 10240000 | |||
250-VRFY | |||
250-ETRN | |||
'''250-STARTTLS''' | |||
'''250-AUTH PLAIN LOGIN''' | |||
'''250-AUTH=PLAIN LOGIN''' | |||
250-ENHANCEDSTATUSCODES | |||
250-8BITMIME | |||
250 DSN | |||
pastikan ada | |||
* STARTTLS | |||
* AUTH | |||
Ketik | |||
netstat -nl4 | |||
Akan keluar | |||
Active Internet connections (only servers) | |||
Proto Recv-Q Send-Q Local Address Foreign Address State | |||
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN | |||
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN | |||
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN | |||
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN | |||
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN | |||
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN | |||
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN | |||
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN | |||
Supaya client android gampang hidup-nya | |||
pastikan mesin kita mempunyai hostname | |||
smtp.domainkita | |||
pop3.domainkita | |||
imap.domainkita | |||
==Setup di Mail Android== | |||
Set SMTP | |||
* login require | |||
* START/TLS | |||
* port 465 | |||
Latest revision as of 01:34, 30 March 2016
Sumber: http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL
Cek apakah postfix mendukung dovecot
postconf -a
Edit konfigurasi dovecot
vi /etc/dovecot/conf.d/10-master.conf
Pastikan
service auth {
...
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
} ##end listener
...
}
Edit
vi /etc/dovecot/conf.d/10-auth.conf
Pastikan
auth_mechanisms = plain login
Edit
vi /etc/dovecot/conf.d/10-ssl.conf
Pastikan
ssl = yes
Edit Postfix
Edit
vi /etc/postfix/main.cf
Pastikan
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_auth_only = no
smtpd_tls_loglevel = 1
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
Edit
vi /etc/postfix/master.cf
Pastikan
submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
Pastikan semua mail berjalan
Telnet, ketik
telnet localhost 25 ehlo test
Akan keluar
250-onnocenter.or.id 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
pastikan ada
- STARTTLS
- AUTH
Ketik
netstat -nl4
Akan keluar
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN
Supaya client android gampang hidup-nya pastikan mesin kita mempunyai hostname
smtp.domainkita pop3.domainkita imap.domainkita
Setup di Mail Android
Set SMTP
- login require
- START/TLS
- port 465
