Postfix の SMTP 認証の設定(Dovecot認証)
カテゴリ:メールサーバ
Ubuntu 対応
前提条件
Postfix でのメール送受信、Dovecot (IMAP) での取得が可能であることが前提です。
まだの場合は、Postfixの設定やDovecotの設定を参考に構成してください。
また、Postfix はバージョン 2.3 以降が対象となります。
Postfix のバージョンが上記よりも低い場合はsaslauthdによるSMTP認証も可能です。
Postfix 側の設定
以下のパラメータ値を変更または追加します。
/etc/postfix/main.cf
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtp_sasl_security_options =
broken_sasl_auth_clients = yes
Note
・smtp_sasl_security_options の値を空にするのは初期設定では平文 (PLAIN) 認証が許可されないためです。
・Postfix の SMTP 認証 (permit_sasl_authenticated) は初期設定では smtpd_relay_restrictions で行っています。
初期設定値)
/etc/postfix/main.cf
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
もし smtpd_relay_restrictions を変更している場合は、permit_sasl_authenticated が指定されているかを確認してください。
Dovecot 側の設定
10-master.conf で Postfix smtp-auth 設定のコメントを解除して user と group を追加します。
/etc/dovecot/conf.d/10-master.conf
service auth {
# auth_socket_path points to this userdb socket by default. It's typically
# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
# full permissions to this socket are able to get a list of all usernames and
# get the results of everyone's userdb lookups.
#
# The default 0666 mode allows anyone to connect to the socket, but the
# userdb lookups will succeed only if the userdb returns an "uid" field that
# matches the caller process's UID. Also if caller's uid or gid matches the
# socket's uid or gid the lookup succeeds. Anything else causes a failure.
#
# To give the caller full permissions to lookup all users, set the mode to
# something else than 0666 and Dovecot lets the kernel enforce the
# permissions (e.g. 0777 allows everyone full permissions).
unix_listener auth-userdb {
#mode = 0666
#user =
#group =
}
# Postfix smtp-auth
#unix_listener /var/spool/postfix/private/auth {
# mode = 0666
#}
# Auth process is run as this user.
#user = $default_internal_user
}
変更後:
service auth {
# auth_socket_path points to this userdb socket by default. It's typically
# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
# full permissions to this socket are able to get a list of all usernames and
# get the results of everyone's userdb lookups.
#
# The default 0666 mode allows anyone to connect to the socket, but the
# userdb lookups will succeed only if the userdb returns an "uid" field that
# matches the caller process's UID. Also if caller's uid or gid matches the
# socket's uid or gid the lookup succeeds. Anything else causes a failure.
#
# To give the caller full permissions to lookup all users, set the mode to
# something else than 0666 and Dovecot lets the kernel enforce the
# permissions (e.g. 0777 allows everyone full permissions).
unix_listener auth-userdb {
#mode = 0666
#user =
#group =
}
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
# Auth process is run as this user.
#user = $default_internal_user
}
Postfix を再起動
# systemctl restart postfix
Dovecot を再起動
# systemctl restart dovecot
公開日時:2024年03月24日 18:33:06
最終更新日時:2024年03月25日 00:29:58