三、用户身份验证:需借助于sasl
sasl只是协议
解决:避免未知名用户向某个邮件服务器不断发送垃圾邮件!
1.查询sasl (默认已安装)
[root@mail certs]# cd /mnt/cdrom/Server
[root@mail Server]# ll |grep sasl
-r--r--r-- 103 root root 1251623 Jul 29 2009 cyrus-sasl-2.1.22-5.el5.i386.rpm
-r--r--r-- 99 root root 1418364 Jul 29 2009 cyrus-sasl-devel-2.1.22-5.el5.i386.rpm
-r--r--r-- 103 root root 28967 Jul 29 2009 cyrus-sasl-gssapi-2.1.22-5.el5.i386.rpm
-r--r--r-- 103 root root 24390 Jul 29 2009 cyrus-sasl-ldap-2.1.22-5.el5.i386.rpm
-r--r--r-- 103 root root 129180 Jul 29 2009 cyrus-sasl-lib-2.1.22-5.el5.i386.rpm
-r--r--r-- 103 root root 46415 Jul 29 2009 cyrus-sasl-md5-2.1.22-5.el5.i386.rpm
-r--r--r-- 103 root root 32054 Jul 29 2009 cyrus-sasl-ntlm-2.1.22-5.el5.i386.rpm
-r--r--r-- 103 root root 27027 Jul 29 2009 cyrus-sasl-plain-2.1.22-5.el5.i386.rpm
-r--r--r-- 103 root root 27330 Jul 29 2009 cyrus-sasl-sql-2.1.22-5.el5.i386.rpm
-r--r--r-- 278 root root 39119 Jan 19 2007 gnu-crypto-sasl-jdk1.4-2.1.0-2jpp.1.i386.rpm
[root@mail Server]# rpm -qa |grep sasl //查询已安装的软件
cyrus-sasl-lib-2.1.22-5.el5
cyrus-sasl-plain-2.1.22-5.el5
cyrus-sasl-devel-2.1.22-5.el5
cyrus-sasl-2.1.22-5.el5
2.检测该服务是否被chkconfig加载
[root@mail Server]# chkconfig --list |grep sasl // 查看chkconfig不能检测此服务
saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@mail ~]# chkconfig --add saslauthd //添加该服务
[root@mail ~]# chkconfig --level 2345 saslauthd on //设置2345级别启动
[root@mail ~]# chkconfig --list |grep sasl
saslauthd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
3.配置sendmail的验证功能:
[root@mail ~]# vim /etc/mail/sendmail.mc
4.测试:
4.1 不验证无法 发送邮件
[root@mail ~]# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.163.com ESMTP Sendmail 8.13.8/8.13.8; Mon, 6 Aug 2012 12:54:12 +0800
ehlo 127.0.0.1
250-mail.163.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
4.2 密码必须转换为base64编码
[root@mail ~]# clear
[root@mail ~]# echo -n "user1@163.com" |openssl base64
dXNlcjFAMTYzLmNvbQ==
[root@mail ~]# echo -n "123" |openssl base64
MTIz
4.3 用认证登录测试:
[root@mail ~]# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.163.com ESMTP Sendmail 8.13.8/8.13.8; Mon, 6 Aug 2012 13:51:03 +0800
auth login dXNlcjFAMTYzLmNvbQ== //用户名
334 UGFzc3dvcmQ6
MTIz 密码
235 2.0.0 OK Authenticated
mail from :user1@163.com
250 2.1.0 user1@163.com... Sender ok
rcpt to :user4@sina.com
250 2.1.5 user4@si... Recipient ok (will queue)
250 2.1.5 user4@sina.com... Recipient ok
data
354 Enter mail, end with "." on a line by itself
subject haah
ha come on !
.
250 2.0.0 q765p3oK004322 Message accepted for delivery
quit
221 2.0.0 mail.163.com closing connection
Connection closed by foreign host.
5.用outlook发送邮件测试:
发送不出去,下面设置服务器身份验证就可以发送了!
发送成功 接收也成功!
