Postfix: Authentikasi SMTP untuk Client dengan DOVECOT

From OnnoWiki
Revision as of 18:59, 27 March 2016 by Onnowpurbo (talk | contribs) (New page: Sumber: http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL Cek apakah postfix mendukung dovecot postconf -a Edit konfigurasi dovecot, conf.d/10-master.conf excerpt service auth { ...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Sumber: http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL


Cek apakah postfix mendukung dovecot 

postconf -a

Edit konfigurasi dovecot, conf.d/10-master.conf excerpt 

service auth {
...
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    # Assuming the default Postfix user and group
    user = postfix
    group = postfix        
  }
  ...
}

Edit Dovecot 10-auth.conf, pastikan 

auth_mechanisms = plain login

Edit Postfix main.cf 

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

Using SASL with Postfix submission port

When Dovecot is used as the authentication backend for Postfix it is good practice to use a dedicated submission port for the MUAs (TCP 587). Not only can you specify individual parameters in master.cf overriding the global ones but you will not run into internet mail rejection while the Dovecot Auth Mechanism is unavailable. In this example Postfix is configured to accept TLS encrypted sessions only, along with several other sanity checks: 

   Verification of alias ownership via Login Maps
   Domainname and recipient plausibility

Edit master.cf 

submission inet n - n - - smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_sasl_local_domain=$myhostname
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sender_login_maps=hash:/etc/postfix/virtual
  -o smtpd_sender_restrictions=reject_sender_login_mismatch
  -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject

Dovecot authentication via TCP

If Postfix and Dovecot are running on separate servers, you can also authenticate via TCP. For Dovecot set up an inet_listener: 

service auth {
 inet_listener {
   port = 12345
 }
}

And configure Postfix to use it: 

smtpd_sasl_path = inet:dovecot.example.com:12345
smtpd_sasl_type = dovecot


Referensi

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Postfix:_Authentikasi_SMTP_untuk_Client_dengan_DOVECOT&oldid=45886"