[FUGSPBR] Postfix-auth

Gilliatt Borges Bastos gilliatt em unsigned.eti.br
Qua Ago 13 06:59:34 BRT 2003


Bom dia Alexandre,

Então gostaria de saber como você configurou o smtpd.conf. Você está 
utilizando esses paremetros ?

smtpd.conf--------------------------------
pwcheck_method: saslauthd
mech_list: plain login

E mais uma pergunta !!! Abusando um pouquinho :)
Os seus usuarios são autenticados pelos usuários cadastrados no sistema ? 
Sendo assim seria o mesmo usuário que autentica o pop ?

Se você puder tirar essas dúvidas eu lhe agradeço muito ! 

[]'s

-- 
+-------------------------------+
Admistrador de Sistemas/Rede
Jk Comercio e Serviço Ltda
www.jkexpress.com.br
+-------------------------------+ 
Site: www.unsigned.eti.br
Email unsigned em unsigned.eti.br
Email gborges em jkexpress.com.br
Cel   9593-8333
Res   6605-8195
*-------------------------------+

Em Qua 13 Ago 2003 03:15, Alexandre Luiz escreveu:
> BOA NOITE....
>
> Caro Amigo eu uso algo do tipo que segue abaixo para q os meus usuários
> realizem autenticação no postfix.
>
> Espero ter ajudado,
> []´s
> Alexandre Luiz.
>
>
> #
> # Definicoes para autenticacao do postfix com o sasl
> #
> #smtp_sasl_auth_enable = yes
> smtpd_sasl_auth_enable = yes
> #smtp_sasl_security_options = noanonymous
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_local_domain =
> broken_sasl_auth_clients = yes
> smtpd_recipient_limit = 40
> smtpd_delay_reject = yes
> ################
> #smtpd_sender_restrictions = permit_mynetworks, warn_if_reject,
> check_relay_domains, permit_sasl_authenticated, reject_unauth_destination,
> reject
> #smtpd_client_restrictions = permit_mynetworks, warn_if_reject,
> check_relay_domains, permit_sasl_authenticated, reject_unauth_destination,
> reject
> ################
> smtpd_timeout = 300s
> virtual_maps = hash:/etc/postfix/virtual_maps
> #virtual_alias_maps = hash:/etc/postfix/virtual
>
> # SOFT BOUNCE
> #
> [root em azeitona root]# head -30 /etc/postfix/main.cf
> # Global Postfix configuration file. This file lists only a subset
> # of all 250+ parameters. See the sample-xxx.cf files for a full list.
> #
> # The general format is lines with parameter = value pairs. Lines
> # that begin with whitespace continue the previous line. A value can
> # contain references to other $names or ${name}s.
> #
> # NOTE - CHANGE NO MORE THAN 2-3 PARAMETERS AT A TIME, AND TEST IF
> # POSTFIX STILL WORKS AFTER EVERY CHANGE.
> #
> # Definicoes para autenticacao do postfix com o sasl
> #
> #smtp_sasl_auth_enable = yes
> smtpd_sasl_auth_enable = yes
> #smtp_sasl_security_options = noanonymous
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_local_domain =
> broken_sasl_auth_clients = yes
> smtpd_recipient_limit = 40
> smtpd_delay_reject = yes
> ################
> #smtpd_sender_restrictions = permit_mynetworks, warn_if_reject,
> check_relay_domains, permit_sasl_authenticated, reject_unauth_destination,
> reject
> #smtpd_client_restrictions = permit_mynetworks, warn_if_reject,
> check_relay_domains, permit_sasl_authenticated, reject_unauth_destination,
> reject
> ################
> smtpd_timeout = 300s
> virtual_maps = hash:/etc/postfix/virtual_maps
> #virtual_alias_maps = hash:/etc/postfix/virtual
>
> # SOFT BOUNCE
> #
>
>
> ----- Original Message -----
> From: Gilliatt Borges Bastos <gilliatt em unsigned.eti.br>
> 7To: <fugspbr em fugspbr.org>
> Sent: Tuesday, August 12, 2003 6:48 AM
> Subject: [FUGSPBR] Postfix-auth
>
>
> Bom dia,
>
> Estou implementando autenticação no meu Postfix. Minha duvida é em relação
> a que método de auth utilizar no sasl.
>
> pwcheck_method: pam
> SASL will integrate with your system's PAM libraries, if
> support is compiled in, and authenticate versus the database
> specified by pam.  This is the only way to use services such as
> LDAP and RADIUS, in theory.  This may be used with PLAIN,
> LOGIN, and other plaintext authentication protocols.
>
> pwcheck_method: shadow
> SASL looks for the username and password using /etc/shadow.
> This means that the Postfix user must have read access to
> /etc/shadow.  It is recommended that you create a special group
> to have the group ownership of the shadow file and give the
> Postfix user membership in that group instead of in the regular
> group shadow is owned by.
>
> pwcheck_method: sasldb
> This method uses the /etc/sasldb database to check passwords
> and secrets.  You must use this method to allow DIGEST-MD5 or
> CRAM-MD5 ( or SCRAM-MD5 if you enabled it) authentication.
> Add users to this file using the saslpasswd utility.  If you
> have SASL 1.5.12 or later, you must add at least one set of
> credentials to the file to properly initialize it before it
> will be used.  The Postfix user needs read access to this
> file, and may need write access as well with pre-compiled
> SASL libraries.
>
> pwcheck_method: pwcheck
> This is an alternative to giving the Postfix user read access
> to the /etc/shadow file.  In theory, the pwcheck helper daemon
> runs as root and interfaces with the SASL library.  This is not
> yet adequately documented by Cyrus.
>
> De acordo com o texto ae, seria possivel varios tipos. Eu gostaria de saber
> se
> existe um meio de fazer o sasl fazer a auth do postfix com a base de
> usuário do Free, /etc/master.passwd.
> Será que existe a possibilidade ?
>
> Desde de já muito obrigado
> --
> +-------------------------------+
> Admistrador de Sistemas/Rede
> Jk Comercio e Serviço Ltda
> www.jkexpress.com.br
> +-------------------------------+
> Site: www.unsigned.eti.br
> Email unsigned em unsigned.eti.br
> Email gborges em jkexpress.com.br
> Cel   9593-8333
> Res   6605-8195
> *-------------------------------+
> _______________________________________________________________
> Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr
> Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
>
> _______________________________________________________________
> Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr
> Historico: http://www4.fugspbr.org/lista/html/FUG-BR/

-- 
+-------------------------------+
Admistrador de Sistemas/Rede
Jk Comercio e Serviço Ltda
www.jkexpress.com.br
+-------------------------------+ 
Site: www.unsigned.eti.br
Email unsigned em unsigned.eti.br
Email gborges em jkexpress.com.br
Cel   9593-8333
Res   6605-8195
*-------------------------------+
_______________________________________________________________
Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/



Mais detalhes sobre a lista de discussão freebsd