Postfix-SASL-HOWTO
Postfix + SASL HOWTO
½ÅÁ¾ÈÆ luna12s (at) pulix.org
v0.1, 2004/01/18
1. ¼¹® ¶IBM Public License¸¦ µû¸£°í, Wietse Venema°¡ °³¹ßÇÑ ¿ÀǼҽº MTA(Mail Transfer Agent) ÇÁ·ÎÁ§Æ®ÀÎ Postfix¸¦ ¼Ò°³ÇÏ°í, SMTP Authentication(ÀÌÇÏ Auth)À» ÀÌ¿ëÇÏ¿© ¸ÞÀÏ ¼ºñ½º¸¦ °¡´ÉÇÏ°Ô ÇÏ´Â °£´ÜÇÑ HOW-TO¸¦ Á¦°øÇÕ´Ï´Ù.
1.1. ¹®¼ÀÇ ÀúÀÛ±Ç ¶Copyright (C) 2003 ½ÅÁ¾ÈÆ
ÀÌ ¹®¼´Â GNU Free Documentation License ¹öÀü 1.2 ȤÀº ÀÌ¿¡ ÁØÇÏ´Â ÀúÀÛ±ÇÀÇ ±ÔÁ¤¿¡ µû¸£¸ç, ÀúÀ۱ǿ¡ ´ëÇÑ º» »çÇ×ÀÌ ¸í½ÃµÇ´Â ÇÑ ¾î¶°ÇÑ Á¤º¸ ¸Åü¿¡ ÀÇÇÑ º»¹®ÀÇ ÀüÀ糪 ¹ßÃéµµ ¹«»óÀ¸·Î Çã¿ëµË´Ï´Ù. ¶ÇÇÑ À§Å°ÀÇ Æ¯¼º»ó, KLDPWiki ³»¿¡¼ À§ ¶óÀ̼¾½º¸¦ À§¹ÝÇÏÁö ¾Ê´Â ¼öÁØ¿¡¼ ÀÚÀ¯·Ó°Ô ¼öÁ¤ÀÌ °¡´ÉÇÕ´Ï´Ù.
1.2. Ã¥ÀÓÀÇ ÇÑ°è ¶º» ÀúÀÚ´Â ¹®¼ÀÇ ³»¿ëÀÌ ¾ß±âÇÒ ¼ö ÀÖ´Â ¾î¶°ÇÑ °á°ú¿¡ ´ëÇؼµµ Ã¥ÀÓÀ» ÁöÁö ¾Ê½À´Ï´Ù. º» ¹®¼¿¡¼ ³»Æ÷ÇÏ°í ÀÖ´Â Á¤º¸µé ¹× ¿¹Á¦µéÀº ¿©·¯ºÐÀÌ ¾Ë¾Æ¼ È°¿ëÇϽʽÿÀ. ºñ·Ï ÃÖ¼±À» ´ÙÇßÀ¸³ª ÀÌ ¹®¼´Â Ʋ¸° Á¡À̳ª ¿À·ù°¡ ÀÖÀ» ¼öµµ ÀÖ½À´Ï´Ù. ¸¸¾à ¿©·¯ºÐÀÌ Æ²¸° Á¡À» ¹ß°ßÇß´Ù¸é ¼öÁ¤ ¶Ç´Â ¸ÞÀÏ·Î ¾Ë·ÁÁÖ½Ã±æ ¹Ù¶ø´Ï´Ù.
1.3. °¨»çÀÇ ±Û ¶ÀÌ ¹®¼¸¦ ÀÛ¼ºÇϴµ¥ µµ¿òÀ» ÁֽŠ¸¹Àº ºÐµé¿¡°Ô °¨»çµå¸³´Ï´Ù.
1.4. Çǵå¹é ¶ÀÌ ¹®¼¿¡ ´ëÇÑ ¹ßÀüÀûÀÎ Á¦¾ÈÀ̳ª ¼öÁ¤»çÇ×, ¹®Á¦Á¡ µî¿¡ ´ëÇÑ Çǵå¹é ¹× ¼öÁ¤Àº ¾ðÁ¦µçÁö ȯ¿µÇÕ´Ï´Ù. KLDPWiki ÀÌ¿ÜÀÇ °÷¿¡¼ ÇØ´ç ¹®¼ÀÇ ¼öÁ¤»çÇ×À» ¹ß°ßÇϰųª ¹Ý¿µÇÏ°í ½ÍÀ¸½Ã´Ù¸é, luna12s (at) pulix.org ·Î º¸³»ÁֽʽÿÀ.
2. Postfix ¼Ò°³ ¶¿¹ÀüÀÇ IBM Secure Mailer¿´´ø, Vmailer MTA(Mail Transfer Agent)ÀÇ ÇöÀç ¸íĪÀÌ´Ù. 1998³â ÀÌÈÄ Postfix·Î ¸íĪÀÌ ¹Ù²î°í,¿ÀǼҽº ¼ÒÇÁÆ®¿þ¾î·Î ÀüÇâÇÏ¿´´Ù. Qmail°ú ÇÔ²² SendmailÀÇ ´ë¾ÈÀ¸·Î »ç¿ëµÇ°í ÀÖ´Ù. Postfix´Â °¡º±°í ºü¸£¸ç, Sendmail¿¡¼ ÀÌÀü(Migration)½Ã ¿¹Àü »ç¿ëÀÚµéÀÌ Å« ÀÌÁú°¨À» ´À³¢Áö ¾Ê´Â´Ù´Â °Á¡ÀÌ ÀÖ´Ù. SASL(Simple Authentication and Security Layer, rfc2222)À» ÀÌ¿ëÇÑ SMTP ÀÎÁõÀ» Áö¿øÇϱ⠶§¹®¿¡, º¹ÀâÇÑ ¸±·¹ÀÌ ¼³Á¤À» ÇÏÁö ¾Ê°íµµ ±¸ÃàÇÑ ¸ÞÀÏ ¼¹ö°¡ Spam Relaying¿¡ ÀÌ¿ëµÉ °¡´É¼ºÀ» ³·Ãâ ¼ö ÀÖ´Ù.
HP-UX, AIX, GNU/Linux, SunOS, IRIX, NeXTSTEP, BSD°è¿, Mac OS X(Darwin)±îÁö *NIX °è¿¿¡¼ µÎ·çµÎ·ç ¼³Ä¡ ¹× ¿î¿µÀÌ °¡´ÉÇÏ´Ù. ¸ÞÀÏ ÇÊÅ͸µÀ» À§ÇØ ÆÞ È£È¯ Á¤±Ô Ç¥Çö½ÄÀ» »ç¿ëÇÒ °æ¿ì PCRE(Perl Compatible Regular Expression library)¸¦ ÇÊ¿ä·ÎÇÏ°í, SMTP Auth¸¦ »ç¿ëÇÒ °æ¿ì SASL Library¿Í SSL Library¸¦ Ãß°¡·Î ¿ä±¸ÇÑ´Ù.
3.1.1. SASL ¼³Ä¡ ¶SMTP Auth¸¦ ÀÌ¿ëÇϱâ À§Çؼ´Â, Cyrus-SASL ¶óÀ̺귯¸®°¡ ÇÊ¿äÇÏ´Ù. Cyrus-SASLÀÇ Á¤º¸¿Í ´Ù¿î·Îµå´Â ¾Æ·¡ÀÇ »çÀÌÆ®¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Ù:
About Project Cyrus-SASL : http://asg.web.cmu.edu/sasl/
Project Cyrus Downloads : http://asg.web.cmu.edu/cyrus/download/
SASL¿¡´Â SASL v1°ú SASL v2°¡ ÀÖ´Ù. Cyrus-SASL ÇÁ·ÎÁ§Æ®ÀÇ »çÀÌÆ®¿¡¼´Â µÎ°¡Áö¸¦ ´Ù ±¸ÇÒ ¼ö Àִµ¥, v1ÀÇ °æ¿ì ¹öÀü 1.5.28À» ±âÁ¡À¸·Î, Ưº°ÇÑ º¸¾È¹ö±×°¡ ¾ø´Ù¸é ¹öÀü ¾÷Àº ÀÌ·ç¾îÁöÁö ¾ÊÀ» °ÍÀÌ´Ù. v2´Â 2.x ȤÀº ±× ÀÌÈÄ ¹öÀüÀ» ¹ÞÀ¸¸é µÈ´Ù.
À̵é SASLÀ» ¼³Ä¡ÇÔÀ¸·Î, ´ÙÀ½°ú °°Àº Æнº¿öµå ÀÎÁõ ü°è¸¦ ¾ò°Ô µÈ´Ù.
3.1.1.1. SASL v1(Cyrus-SASL 1.x) ¼³Ä¡ ¶SASL ¶óÀ̺귯¸®ÀÇ °æ¿ì, ´Ù¸¥ º¸ÅëÀÇ GNU Software¿Í ¸¶Âù°¡Áö·Î Automake¿Í Autoconf¸¦ ÀÌ¿ëÇÑ configure - make - make install ±¸Á¶¸¦ °¡Áö°í ÀÖ´Ù.
À§¿¡¼ ¸»ÇÑ ¸ðµç ÀÎÁõ ½Ã½ºÅÛÀ» »ç¿ë°¡´ÉÇÏ°Ô ÇÏ°í ½Í´Ù¸é, ´ÙÀ½°ú °°ÀÌ ÄÄÆÄÀÏ ÇÏ¸é µÈ´Ù.
$ ./configure --prefix=/usr --with-saslauthd=/sbin --with-pwcheck=/sbin --enable-login
$ make $ make install 3.1.1.2. SASL v2(Cyrus-SASL 2.x) ¼³Ä¡ ¶±âº»ÀûÀ¸·Î v1°ú °°Àº ¿É¼ÇÀ» »ç¿ë°¡´É ÇÏ´Ù. ¿©±â¿¡¼´Â v2¿¡¼ Ãß°¡µÈ ¸î°¡Áö¸¦ ¼Ò°³ÇÑ´Ù:
3.2.1. ±âº» ÄÄÆÄÀÏ ¹æ¹ý ¶±âº»ÀûÀ¸·Î Postfix¸¦ ÄÄÆÄÀÏ Çϴµ¥´Â GCC¸¦ »ç¿ëÇÑ´Ù. ¸¸¾à ´Ù¸¥ C ÄÄÆÄÀÏ·¯¸¦ »ç¿ëÇÏ´Â Ç÷§ÆûÀ» »ç¿ëÇÑ´Ù¸é, ´ÙÀ½°ú °°ÀÌ ÄÄÆÄÀÏ·¯¸¦ ÁöÁ¤ÇÒ ¼ö ÀÖ´Ù.
% make makefiles CC=/opt/SUNWspro/bin/cc (¼Ö¶ó¸®½º C CompilerÀÇ °æ¿ì) % make
% make makefiles CCARGS='--DDEF_CONFIG_DIR="/some/where"' % make DEF_CONFIG_DIR ´ë½Å µé¾î°¥ ¼ö ÀÖ´Â ¸ÅÅ©·Î ¸íµéÀº ´ÙÀ½°ú °°´Ù:
¸¸¾à Postfix¸¦ ´ë ¿ë·® ¸ÞÀϼ¹ö·Î µ¿ÀÛ½ÃÅ°°Ô ÇÒ °æ¿ì(Çѹø¿¡ 1000Åë ÀÌ»óÀÇ ¸ÞÀÏ Àü¼ÛÀ» ó¸® ÇÒ °æ¿ì), FD_SETSIZE(ÆÄÀÏ ±â¼úÀÚ(File Descriptor)»çÀÌÁî)¸¦ Àç¼³Á¤ ÇØÁà¾ß ÇÑ´Ù. CCARGS ¿É¼ÇÀ» »ç¿ëÇÏ¿©, °íÄ¥ ¼ö ÀÖ´Ù: % make makefiles CCARGS=-DFD_SETSIZE=2048 ±âŸ GCC Optimization Flag¸¦ Ãß°¡ÇÏ°í ½Í´Ù¸é, OPT ¿É¼ÇÀ» »ç¿ë, °íÄ¡¸é µÈ´Ù:
% make makefiles OPT="-O2 -march=i686 -mcpu=i686 -ffast-math" ÆÞÀÇ Á¤±Ô Ç¥Çö½ÄÀ» ¸ÞÀÏ ÇÊÅ͸µ¿¡ ÀÌ¿ëÇÏ°í ½ÍÀ» °æ¿ì, PCRE¸¦ ¼³Ä¡Çسõ°í, Postfix ºôµå½Ã ´ÙÀ½ÀÇ CCARGS ¿É¼ÇÀ» Áà¾ß ÇÑ´Ù. (¿©±â¿¡´Â PCRE¸¦ /usr¿¡ ¼³Ä¡ÇßÀ» °æ¿ì¸¦ ¿¹·Î µé¾ú´Ù. Á÷Á¢ ¼³Ä¡ÇÒ °æ¿ì º¸Åë /usr/local¿¡ ¼³Ä¡µÈ´Ù.)
% make -f Makefile.init makefiles \ "CCARGS=-DHAS_PCRE -I/usr/include" \ "AUXLIBS=-L/usr/lib -lpcre" ÄÄÆÄÀÏÀ» À§Çؼ´Â ´ÙÀ½°ú °°ÀÌ make ¸¦ ÇØÁÖ¸é µÈ´Ù.
% make
% make tidy 3.2.2. SMTP ÀÎÁõÀ» À§ÇÑ ÄÄÆÄÀÏ ¼³Á¤ ¶Postfix°¡ SASL ¶óÀ̺귯¸®¸¦ ÀÌ¿ëÇÒ ¼ö ÀÖµµ·Ï ´ÙÀ½°ú °°ÀÌ Makefile ¼³Á¤À» ¼öÁ¤ÇØÁØ´Ù.
(´Ù¸¥ Makefile ¼³Á¤ÀÌ ÀÖ´Ù¸é, CCARGS ¿¡ °°ÀÌ Ãß°¡ÇØÁÖ¸é µÈ´Ù) ´ÙÀ½ÀÇ ¼³Á¤Àº SASLÀ» /usr/local ¿¡ ¼³Ä¡ÇÑ°ÍÀ» ±âÁØÀ¸·Î ÇÑ´Ù.
SASLv1À» À§ÇÑ ÄÄÆÄÀÏ ¼³Á¤:
$ make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include" \ AUXLIBS="-L/usr/local/lib -lsasl" SASLv2¸¦ À§ÇÑ ÄÄÆÄÀÏ ¼³Á¤:
$ make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include/sasl" \ AUXLIBS="-L/usr/local/lib -lsasl2"
3.2.3. ºôµå °úÁ¤¿¡¼ÀÇ ¹®Á¦ ÇØ°á ¶
% make -f Makefile.init makefiles 3.3. ¼³Ä¡ °úÁ¤ ¶¹«»çÈ÷ ÄÄÆÄÀÏÀ» ¿Ï·á Çϸé, Á÷Á¢ ¼³Ä¡¸¦ ÇØÁà¾ß ÇÑ´Ù.
{{|
ÁÖÀÇ: Sendmail·Î ºÎÅÍÀÇ ÀÌÀü(Migration)½Ã, ¸ÞÀÏ Å¥(Queue)¿¡ ½×¿©ÀÖ´ø ¸Þ½ÃÁöµéÀ» º¸³»ÁÖ±â À§ÇØ, ±×¸®°í ÀÌÀü ÈÄ ¹®Á¦ ¹ß»ý½Ã Àӽ÷Π»ç¿ëÇÒ ¼ö ÀÖµµ·Ï Postfix¸¦ ¼³Ä¡Çϱâ Àü¿¡ SendmailÀ» º¸Á¸ÇØ ÁÙ ÇÊ¿ä°¡ ÀÖ´Ù. ½´ÆÛÀ¯Àú ±ÇÇÑ¿¡¼, ´ÙÀ½°ú °°ÀÌ À̸§À» º¯°æÇØÁÖÀÚ:
# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF # mv /usr/bin/newaliases /usr/bin/newaliases.OFF # mv /usr/bin/mailq /usr/bin/mailq.OFF # chmod 755 /usr/sbin/sendmail.OFF /usr/bin/newaliases.OFF /usr/bin/mailq.OFF |}}
¸ÕÀú, postfix¸¦ À§ÇÑ °èÁ¤ÀÌ ÇÊ¿äÇÏ´Ù:
# useradd -M -s /bin/false postfix ±× ´ÙÀ½, /etc/passwd¸¦ ¿¾î, postfixÀÇ ¼ÐÀÌ /bin/false(·Î±×ÀÎÀ» ¸øÇÏ´Â ¼ÐÀÌ¸é ¾î¶²°ÍÀÌ´ø °ü°è¾ø´Ù)ÀÎÁö È®ÀÎÇÏÀÚ. °¡´ÉÇϸé, °ü¸®ÀÇ ±âÁØÀ» ¸ÂÃß±â À§ÇØ postfix °èÁ¤ÀÇ uid¿Í gid¸¦ 500¹ø ÀÌÇÏ·Î ÇØÁÖ´Â °ÍÀÌ ÁÁ´Ù.
ÀÌÁ¦ postdrop ±×·ìÀ» Çϳª »ý¼ºÇÑ´Ù:
# groupadd -g 54321 postdrop
ÀÌÁ¦ Debug SymbolÀÌ Á¦°ÅµÈ Postfix¸¦ »ç¿ëÇϱâ À§ÇØ, ¼³Ä¡ ÀÌÀü¿¡ ´ÙÀ½°ú °°ÀÌ ÇØÁÖÀÚ:
% strip bin/* libexec/* ¸ðµç °ÍÀÌ ´Ù ³¡³ª¸é ÀÌÁ¦ ¼³Ä¡¸¦ ÇØ ÁØ´Ù. ÃÖÃʼ³Ä¡¿Í ¾÷±×·¹ÀÌµå ¼³Ä¡·Î ³ª´©¾î ¼³Ä¡ °¡´ÉÇÏ´Ù:
# make install (ÃÖÃÊ ¼³Ä¡¿ë. InteractiveÇÑ ¼³Ä¡) or # make upgrade (Postfix ¾÷±×·¹À̵å¿ë. Non-Interactive)
mail.* -/var/log/maillog 3.3.1. Interactive ¼³Ä¡ ¶# make install À» ÇÏ¿© ÃÖÃÊ ¼³Ä¡¸¦ ½ÃÀÛÇÏ°Ô µÇ¸é, »ç¿ëÀÚ¿¡°Ô prefix¸¦ ¹¯°Ô µÈ´Ù. »óȲ¿¡ ÀûÀýÇÏ°Ô ³Ö¾îÁ൵ µÇ°í, ½Å°æ¾²°í ½ÍÁö ¾Ê´Ù¸é ±×³É ¿£Å͸¦ ÃÄÁÖ°Ô µÇ¸é ±âº»ÀûÀ¸·Î ¼³Ä¡µÇ°Ô µÈ´Ù.
óÀ½ Áú¹®Àº ¼³Ä¡ÇÒ °÷ÀÇ ·çÆ®¸¦ ¹¯´Â°ÍÀÌ´Ù. RPM°ú °°Àº ÆÐŰ¡ ¼ÒÇÁÆ®¿þ¾î¸¦ À§ÇÑ °ÍÀ̹ǷÎ, ±×³É ¿£Å͸¦ ÃÄÁÖ¸é µÈ´Ù.
install_root: [/] ´ÙÀ½¿¡´Â ½ºÅ©·¡Ä¡(Scratches)ÆÄÀÏÀ» ´ãÀ» Àӽà µð·ºÅ丮ÀÇ À§Ä¡¸¦ ¹°¾îº»´Ù. ¹Ýµå½Ã ¾²±â Æ۹̼Ç(Write Permission)ÀÌ ±× µð·ºÅ丮¿¡ ÀÖ¾î¾ß ÇÑ´Ù. /tmp ·Î Á¤ÇØÁÖÀÚ.
tempdir: [/foobar/postfix-VERSION] /tmp ´ÙÀ½Àº ¼³Á¤À» ÀúÀåÇÒ µð·ºÅ丮¸¦ Á¤ÇØÁØ´Ù. ±×³É ¿£Å͸¦ ÃÄÁÖ´Â ÂÊÀÌ °¡Àå ¹«³ÇÏ´Ù.
config_directory: [/etc/postfix] ±× ´ÙÀ½Àº postfix µ¥¸óÀ» ¼³Ä¡ÇÒ µð·ºÅ丮¸¦ ¹°¾îº»´Ù. ±âº»Àº /usr/libexec/postfix À̸ç, ÀÌ À§Ä¡´Â ´Ù¸¥ À¯ÀúÀÇ Command Path(¸í·É¾î °æ·Î)¿¡ Æ÷ÇԵǾ ¾ÈµÈ´Ù´Â °Í¿¡ ÁÖÀÇ.
daemon_directory: [/usr/libexec/postfix] ´ÙÀ½Àº postfix °ü¸® ÇÁ·Î±×·¥À» ¼³Ä¡ÇÒ µð·ºÅ丮¸¦ ÁöÁ¤ÇÑ´Ù. ±âº»Àº /usr/sbin À̸ç, °ü¸®ÀÚ(½´ÆÛÀ¯Àú)ÀÇ ¸í·É¾î °æ·Î¿¡ Æ÷ÇԵǾî ÀÖ¾î¾ß ÇÑ´Ù.
command_directory: [/usr/sbin] ±× ´ÙÀ½, ¸ÞÀÏÀÇ Å¥(Queue)¸¦ ÀúÀåÇÒ °÷À» ÁöÁ¤ÇÑ´Ù. ±âº»Àº /var/spool/postfix À̸ç, sendmailÀ» ´ëüÇÏ°íÀÚ ÇÒ¶§´Â, /var/spool/mqueue ·Î ÁöÁ¤Çصµ µÈ´Ù. ¿©±â¼´Â, /var/spool/mqueue¿¡ ÁöÁ¤ÇÑ´Ù.
queue_directory: [/var/spool/postfix] /var/spool/mqueue ´ÙÀ½Àº postfixÀÇ sendmail ¸í·É¾î¸¦ ¼öÇàÇÒ ÇÁ·Î±×·¥À» ¼³Ä¡ÇÒ °÷À» "Àüü °æ·Î¸í(Full Pathname: µð·ºÅ丮¸¦ Æ÷ÇÔ, ÆÄÀϸí±îÁö ±â·ÏÇØÁִ°Í)"À¸·Î ±âÀÔÇÏ¿©¾ß ÇÑ´Ù. ±âÁ¸ÀÇ sendmail¿¡¼ÀÇ ÀÌÀü(Migration)À̶ó¸é /usr/sbin/sendmail ·Î ÇØÁØ´Ù.
sendmail_path: [/usr/sbin/sendmail] ±× ´ÙÀ½Àº postfixÀÇ newaliases ¸í·É¾î¸¦ ¾îµð¿¡ ¼³Ä¡ÇÒ°ÍÀÎÁö °áÁ¤ÇÑ´Ù. ¿ª½Ã Àüü °æ·Î¸íÀ» ÀÔ·ÂÇÏ¿©¾ß ÇÏ°í, sendmail¿¡¼ÀÇ ÀÌÀüÀ̶ó¸é /usr/bin/newaliases ·Î ÇØÁÖ¸é µÈ´Ù.
newaliases_path: [/usr/bin/newaliases] ´ÙÀ½Àº mailq ¸í·É¾î¸¦ ¾îµð¿¡ ¼³Ä¡ÇÒ °ÍÀÎÁö °áÁ¤ÇÑ´Ù. À§¿Í µ¿ÀÏÇÏ´Ù.
mailq_path: [/usr/bin/mailq] ±× ´ÙÀ½, postfixÀÇ Å¥(Queue)ÀÇ ¼ÒÀ¯±ÇÀÚ(Owner)¸¦ °áÁ¤ÇØÁà¾ß ÇÑ´Ù. ¾Õ¿¡¼ À¯Àú¸¦ »ý¼ºÇÑ ´ë·Î, postfix·Î ÇØÁÖ¸é µÈ´Ù.
mail_owner: [postfix] ´ÙÀ½Àº Mail Submission°ú Queue Management ¸í·ÉÀ» ¼öÇàÇÒ »ç¿ëÀÚ ±×·ìÀ» ¼±ÅÃÇÑ´Ù. ¿©±â¼ Á¤ÇØÁÖ´Â ±×·ìÀº postfix ¹× ±âŸÀÇ ±× ¾î¶² ID¿Íµµ ¿¬°áµÇ¾î¼´Â ¾ÈµÈ´Ù´Â °Í¿¡ ÁÖÀÇ.
setgid_group: [postdrop] ÀÌÁ¦ ¸Ç(man)ÆäÀÌÁöÀÇ À§Ä¡¸¦ °áÁ¤ÇÑ´Ù. ±âº»°ªÀ¸·Î /usr/local/man À̸ç, sendmail¿¡¼ ÀÌÀü½Ã /usr/share/man À¸·Î ÁöÁ¤ÇØÁ൵ µÈ´Ù. ¿©±â¼´Â, /usr/share/man À¸·Î ÁöÁ¤ÇÑ´Ù.
manpage_directory: [/usr/local/man] /usr/share/man ±× ´ÙÀ½Àº postfixÀÇ ¼³Á¤ ¿¹Á¦¸¦ ³ÖÀ» °÷À» °áÁ¤ÇÑ´Ù. À§ÀÇ ¼³Á¤ ÀúÀå À§Ä¡¿Í µ¿ÀÏÇÏ°Ô ÇØÁÖ¸é OK.
sample_directory: [/etc/postfix] ´ÙÀ½Àº README¸¦ ¼³Ä¡ÇÒ µð·ºÅ丮. ±âº»°ªÀº no À̸ç, no¶ó°í ÁöÁ¤½Ã ¼³Ä¡ÇÏÁö ¾Ê´Â´Ù.
readme_directory: [no] ¸ðµç ÁúÀÇ°¡ ³¡³ª¸é ÀÌÁ¦ °¢ ÆÄÀϵéÀ» ¾Õ¿¡¼ ÁöÁ¤ÇÑ prefix¿¡ ¼³Ä¡ÇÏ°Ô µÈ´Ù.
¸ðµç ¼³Ä¡°¡ ³¡³ª¸é, /etc/aliases ÆÄÀÏÀ» üũÇÏ¿© ¸ÞÀÏ alias ¼³Á¤À» È®ÀÎÇÏ°í, newaliases ¸í·ÉÀ» ½ÇÇàÇÏ¿© db ÆÄÀÏÀ» »ý¼ºÇÏ¸é ´ë·«ÀûÀÎ ¼³Ä¡°úÁ¤ÀÌ ³¡³´Ù.
4.1. SMTP(Port 25)¸¸ »ç¿ë ¶¼Û½Å Àü¿ëÀ¸·Î »ç¿ëÇϴµ¥¿¡´Â, ´õ ÀÌ»ó º° ´Ù¸¥ ¼¼Æà ¾øÀÌ »ç¿ë ÇÒ ¼ö ÀÖ´Ù.
¼Ð¿¡¼ ´ÙÀ½À» ÃÄÁÖ¸é OK.
# postfix start 4.2. SMTP / POP3 (Port 25/110) »ç¿ë ¶¼Û¼ö½ÅÀ» ¸ðµÎ °¡´ÉÇÏ°Ô Çϱâ À§Çؼ´Â, ÀÏ´Ü MX ·¹Äڵ尡 ¼³Á¤µÇ¾î ÀÖ´Â µµ¸ÞÀÎÀ» ¼ÒÀ¯Çϴ°ÍÀÌ °¡Àå Áß¿äÇÏ´Ù.
ÀÏ´Ü, /etc/postfix/main.cf ¿¡¼,
myhostname = linux.org mydomain = linux.org°¡ ÀÖ´Â Ç׸ñÀ» ã¾Æ À§ÀÇ ¿¹ ó·³ µµ¸ÞÀÎ / È£½ºÆ® ³×ÀÓ ¼³Á¤À» ÇØÁØ´Ù. Virtual Hosting ¿É¼ÇÀº ´Ù¸¥°÷¿¡¼ ¼³Á¤ÇϹǷÎ, ¿©±â¼ ´Ù¸¥ µµ¸ÞÀÎ ³×ÀÓ±îÁö °°ÀÌ ±â·ÏÇÏ´Â ¼ö°í´Â ÇÏÁö ¾Ê±æ ¹Ù¶õ´Ù. ¾Æ·¡¿¡, ÃÖÁ¾ µµÂøÁö(¼ö½ÅÁö)¸¦ ¼¼ÆÃÇÏ´Â Ç׸ñÀÌ ÀÖ´Ù. ´ÙÀ½°ú °°ÀÌ, mydomain, myhostname¿¡ ¼ÓÇÏ´Â °ÍÀ» ¹Þµµ·Ï ¼³Á¤ÇÑ´Ù. ÀÌ´Â ¼¹ö°¡ Open Relay°¡ °¡´ÉÇÏ°Ô ÇÏ´Â °ÍÀ» ¸·´Â´Ù. (±âº» ¼³Á¤À¸·Îµµ Postfix´Â Relay¸¦ °ÅºÎÇÑ´Ù)
mydestination = $mydomain, $myhostname
4.2.1. °¡»ó µµ¸ÞÀÎ ¹× Aliases ¼³Á¤ ¶Virtual DomainÀ» »ç¿ëÇϱâ À§Çؼ´Â, main.cf¿¡¼ virtual alias mapping fileÀ» »ç¿ëÇÑ´Ù°í ¾Ë·ÁÁà¾ß ÇÑ´Ù.
/etc/postfix/main.cf ¼³Á¤
# For Virtual Alias domain setting virtual_alias_maps = hash:/etc/postfix/virtual virtual_alias_domains = $virtual_alias_maps /etc/postfix/virtual ÆÄÀÏ ¼³Á¤ - ÀÌ ÆÄÀÏ¿¡¼´Â ½ÇÁ¦ Virtual Domain ¼³Á¤ÀÌ µé¾î°£´Ù.
# Virtual Domain ¼³Á¤. ´ÙÀ½°ú °°ÀÌ, µµ¸ÞÀÎ ³×ÀÓÀ» ½áÁÖ°í µÚ¿¡ anythingÀ» ½áÁÖ¸é µÈ´Ù. domainname.org anything domain.co.kr anything domain.com anything domain2.org anything domain3.ac.kr anything # °èÁ¤º° Virtual Aliasing. ¿ÜºÎ¿¡¼ ¹ÞÀ» ¸ÞÀÏ ÁÖ¼Ò¿Í, ½Ç °èÁ¤ ¼ö½ÅÀÚÀÇ ID¸¦ ´ëÀÀ½ÃÄÑÁÖ¸é µÈ´Ù. # ¿©±â´Â ¸ÞÀÏÁÖ¼Ò ¿©±â´Â °èÁ¤ID linux@domain.com linux sarang@domain2.org sarang user3@domain.co.kr user3 sample@domain.org sample /etc/postfix/virtual ÀÛ¼ºÀÌ ³¡³ª¸é, ´ÙÀ½ÀÇ ¸í·ÉÀ» ÅëÇØ Çؽà Å×À̺íÀÎ /etc/postfix/virtual.db ¸¦ »ý¼ºÇÑ´Ù. ¿©±â¼ ½Ã°£ÀÌ ²Ï ¸¹ÀÌ °É¸®±â ¶§¹®¿¡, 30ÃÊ~1ºÐ¿¡ ´ÞÇÏ´Â Àγ»½ÉÀ» ¿ä±¸ÇÑ´Ù.
# postmap /etc/postfix/virtual 4.3.1. pwcheck¸¦ »ç¿ëÇÒ °æ¿ì ¶pwcheck¸¦ ÀÌ¿ëÇÏ¿© SMTP ÀÎÁõÀ» ÇÒ °æ¿ì, pwcheck µ¥¸óÀ» Ç×»ó ¶ç¿öÁà¾ß ÇÑ´Ù. chkconfig µî µ¥¸ó °ü¸®ÀÚ¸¦ »ç¿ëÇϰųª rc.local ÆÄÀÏÀ» ¼öÁ¤ÇÏ¿©, ºÎÆýà Ç×»ó ¶ç¿ìµµ·Ï ÇÑ´Ù.
/usr/lib/sasl/smtpd.conf ¿¹Á¦ (SASLv2ÀÇ °æ¿ì /usr/lib/sasl2/smtpd.conf, ¶Ç´Â /usr/local/lib/sasl2/smtpd.conf)
pwcheck_method: pwcheck ÀÌ·¸°Ô Çϸé smtpd°¡ SASL pwcheck¸¦ »ç¿ëÇÏ°Ô µÈ´Ù. Postfix¸¦ Àç ½ÃÀÛÇϱâÀü¿¡, pwcheck°¡ ¶ç¿öÁ® ÀÖ´ÂÁö È®ÀÎÇÏÀÚ.
4.3.2. saslauthd¸¦ »ç¿ëÇÒ °æ¿ì ¶pwcheck ´ë½Å saslauthd¸¦ ¾²¸é ´õ¿í Æí¸®ÇÏ´Ù. saslauthd ´Â
Cyrus-SASL 1.5.x, 2.x ¹öÀü ¸ðµÎ¿¡ ÀÖÀ¸¸ç, RPMÀ¸·Î ¼³Ä¡ÇÑ »ç¶÷Àº saslauthd ÆÐÅ°Áö¸¦ Ãß°¡·Î ¼³Ä¡ÇØ¾ß ÇÒ °ÍÀÌ´Ù. smtpd.conf¿¡, pwcheck ´ë½Å
pwcheck_method: saslauthd¶ó°í ÇÏ¸é µÈ´Ù. ¿ª½Ã saslauthd ¸¦ ¹Ì¸® ¶ç¿ö¾ß Çϴµ¥, ´ÙÀ½°ú °°ÀÌ ¼ºñ½º ÇÒ ¼ö ÀÖ´Ù. $ saslauthd -a shadowÀÌ´Â shadow ÆÄÀÏÀ» ÀÌ¿ëÇÑ °ÍÀε¥, ÀÌ ¹Û¿¡µµ PAM, sasldb µîÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù. ÀÚ¼¼ÇÑ°Ç man saslauthd ¸¦ Âü°í. main.cf ÆÄÀÏ ¼³Á¤ ¿¹Á¦
# ¿©±â¼ ºÎÅÍ´Â SMTP ÀÎÁõ ¼¼Æà smtpd_sasl_auth_enable = yes # À͸í Á¢¼Ó ºÒ°¡ smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname # MS Internet Explorer 5 ¹öÀüÀÇ ºñ Ç¥ÁØ SASL ÀÎÁõ ȣȯ broken_sasl_auth_clients = yes # smtpd_recipient_restrictions ¿¡¼ check_relay_domains Ç׸ñ # 2.0 Ãʱâ¹öÀü ÀÌÈÄ deprecated µÇ¾úÀ½. ´ë½Å reject_unauth_destination »ç¿ë smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination # root ÂÊ¿¡ ±â·Ï ¸ÞÀÏÀ» º¸³¾ Ç׸ñ notify_classes = delay, policy, protocol, resource, software 4.4. Header ¹× Body °Ë»ç·Î ½ºÆÔ ¹× ¹ÙÀÌ·¯½º ¸ÞÀÏ °É·¯³»±â ¶´ëºÎºÐÀÇ ½ºÆÔ¸ÞÀÏÀº ¹ß¼ÛÀÚÀÇ À̸§À» ·£´ýÇÏ°Ô »ý¼ºÇϰųª, ¾ø´Â »ç¿ëÀÚÀÇ À̸§À» »ç¿ëÇÑ´Ù. °Ô´Ù°¡ ¾ø´Â È£½ºÆ®³×ÀÓ/µµ¸ÞÀγ×ÀÓÀ» ºÙ¿©¼ ¹ß¼ÛÇÏ´Â °æ¿ìµµ »ó´çÈ÷ ¸¹ÀÌ ÀÖ´Ù. ±×¸®°í ´ëºÎºÐÀÇ Á¤»óÀûÀÎ ¸ÞÀÏ ¼¹ö´Â ¹ß¼Û½Ã HELO³ª EHLO¿¡¼ È£½ºÆ®³×ÀÓ/µµ¸ÞÀγ×ÀÓÀ» ºÙÀδÙ. ÀÌ 3°¡Áö¸¦ üũÇÏ¸é »ó´çÈ÷ ¸¹Àº ¼ýÀÚÀÇ ½ºÆÔÀ» È¿°úÀûÀ¸·Î Â÷´ÜÇÒ ¼ö ÀÖ´Ù. ¾îÂ÷ÇÇ °³ÀÎ SMTP ¼¹ö·Î ¸ÞÀÏÀ» º¸³»´Â »ç¶÷Àº ±ØÈ÷ µå¹°´Ù.
main.cf ¼³Á¤ ºÎºÐ ¿¹Á¦.
# For SPAM Control - HELO, Domain üũ # vrfy ¸í·É¾î·Î »ç¿ëÀÚ ID¸¦ ±Ü¾î³»´Â º¿ ¹æÁö disable_vrfy_command = yes # Á¢¼ÓÈÄ HELO, EHLO ¸í·ÉÀ» »ç¿ëÇÏ´ÂÁö üũÇÏ·Á¸é ÁÖ¼®À» Á¦°ÅÇÑ´Ù. # smtpd_helo_required = yes # HELO³ª EHLO½Ã¿¡ À߸øµÈ hostname syntax¸¦ ¾²´Â Ä¿³Ø¼ÇÀº ¹ß¼ÛÀ» ±ÝÁöÇÑ´Ù. Á» ´õ ¾ö°ÝÇÏ°Ô Ã¼Å©¸¦ ÇÑ´Ù¸é, # reject_unknown_hostname (A ·¹Äڵ峪 MX ·¹Äڵ尡 Á¸ÀçÇÏ´Â µµ¸ÞÀÎÀ» °¡Áö°í ÀÖ´ÂÁö üũ) # ȤÀº reject_non_fqdn_hostname (ÀÔ·ÂÇÑ µµ¸ÞÀÎÀÌ FQDNÀ» ¸¸Á·ÇÏ´ÂÁö üũ) ¿É¼ÇÀ» Ãß°¡ÇÏ¸é µÈ´Ù. (ÄÞ¸¶(,)·Î ±¸ºÐ) smtpd_helo_restrictions = reject_invalid_hostname # A ·¹Äڵ峪 MX ·¹Äڵ尡 ¾ø´Â µµ¸ÞÀο¡¼ ¹ß¼ÛµÈ °æ¿ì reject ½ÃÅ´. # ´õ ÀÚ¼¼ÇÑ ¼¼ÆÃÀº http://www.postfix.org/uce.html#smtpd_sender_restrictions ¸¦ ÂüÁ¶. smtpd_sender_restrictions = reject_unknown_sender_domain # Reject½Ã Reject Äڵ带 ÁöÁ¤ÇÑ´Ù. 450Àº Try Again Later ¸¦ ¶æÇÏ´Â °Í. access_map_reject_code = 550 unknown_client_reject_code = 450 unknown_hostname_reject_code = 450 unknown_address_reject_code = 450 # For SPAM/Junk Mail Control - Header Check ¼³Á¤. regexp´Â Regular Expression, Áï Á¤±ÔÇ¥Çö½ÄÀÌ´Ù. # regexp ´ë½Å, pcre¸¦ »ç¿ëÇÒ¼öµµ ÀÖ´Ù. # pcre¸¦ »ç¿ë½Ã # header_checks = pcre:/etc/postfix/header_checks header_checks = regexp:/etc/postfix/header_checks # MIME Çì´õ üũ. ÷ºÎÆÄÀϵîÀ» üũÇÒ ÇÊÅÍ·Î »ç¿ëÇÑ´Ù. mime_header_checks = regexp:/etc/postfix/mime_header_checks # Body Check¸¦ »ç¿ëÇÒ °æ¿ì ÁÖ¼®À» Ç® °Í # body_checks = regexp:/etc/postfix/body_checks À§¿Í °°ÀÌ ¼³Á¤À» ÇÏ°í ³ª¸é, ÀÌÁ¦ ÇÊÅ͸µÀ» ÇÒ ¿ä¼ÒµéÀ» Ãß°¡ÇÏ°í, °ü¸®ÇØ¾ß ÇÑ´Ù.
header_checks, mime_header_checks, body_checks ÀÌ ¼¼°³ÀÇ ÆÄÀÏÀº ´ÙÀ½°ú °°Àº °øÅëÀûÀÎ ÇÊÅÍ ±¸Á¶¸¦ °¡Áö°í ÀÖ´Ù.
/Á¤±ÔÇ¥Çö½Ä/ ¾×¼Ç [¸Þ½ÃÁö]Áï, Á¤±ÔÇ¥Çö½ÄÀ» ¸¸Á·ÇÏ´Â ¸ÞÀÏÀÌ ÀÖÀ» °æ¿ì ±× ¸ÞÀÏÀ» ¾î¶»°Ô ó¸®ÇÏ´Â °¡´Â ¾×¼Ç¿¡¼ °áÁ¤ÇØÁÖ´Â °ÍÀÌ´Ù. ¸Þ½ÃÁö´Â ÀϺΠ¾×¼Ç¿¡¼ ¿É¼Ç ó·³ »ç¿ëÇÒ ¼ö ÀÖ´Ù. ¾×¼ÇÀº ¾Æ·¡ÀÇ Ç¥·Î Á¤¸®Çسõ¾Ò´Ù.
/etc/postfix/header_checks ¼³Á¤ ¿¹Á¦ # ¾îÂ÷ÇÇ REJECT µÇ¸é ´Ù¾çÇÑ ¹æ¹ýÀ¸·Î ´õ ¸¹ÀÌ º¸³»´Â ºÎ·ù°¡ ÀÖÀ¸¹Ç·Î Á¶¿ëÈ÷ ¹ö¸²(DISCARD). # REJECTµµ °¡´ÉÇÏ´Ù. /^Subject:.*\[±¤°í\]/ DISCARD /^Subject:.*\(±¤°í\)/ DISCARD /^Subject: \[±¤°í\]/ DISCARD /^Subject: \(±¤°í\)/ DISCARD /^Subject: \(¼ºÀα¤°í\)/ DISCARD /^Subject: \[¼ºÀα¤°í\]/ DISCARD /^Subject: \[¼ºÀÎ\]/ DISCARD /^Subject: Make Money Fast/ DISCARD /^To: friend@public.com/ DISCARD /^From: .*@test.com/ DISCARD # ¾Æ·¡´Â MIME Encoded µÈ Á¦¸ñÀ» °ËÃâ. (±¤°í), [±¤°í] ·Î ½ÃÀÛÇÏ´Â °ÍµéÀ» ¹ö¸² /^Subject: =\?euc-kr\?q\?\(=B1=A4=B0=ED\)*/ DISCARD /^Subject: =\?euc-kr\?q?\[=B1=A4=B0=ED\]*/ DISCARD /^Subject: =\?ks_c_5601-1987\?B\?KLGksO0p*/ DISCARD /^Subject: =\?ks_c_5601-1987\?B\?W7GksO1d*/ DISCARD # Ư¼öÇÑ ½ºÆÔ ÇüŸ¦ À§ÇÑ ÇÊÅÍ. °ø¹éÀÌ 8ÀÚ ÀÌ»óµÇ´Â Á¦¸ñÀÌ µé¾î°£ °æ¿ì /^Subject: .* / REJECT # ½ºÆиӴ Ŭ¶óÀ̾ðÆ®ÀÇ ¸®½ºÆ® ÃÖ »ó´Ü¿¡ ÆíÁö¸¦ ¿Ã¸®±â À§ÇØ ³¯Â¥¸¦ ¿¾³¯·Î Á¶ÀÛÇÏ´Â °æ¿ì°¡ ÀÖ´Ù. /^Date: .* 200[0-2]/ REJECT /^Date: .* 19[0-9][0-9]/ REJECT # free ¶ó´Â ±ÛÀÚ »çÀÌ¿¡ Ư¼öÇÑ ¹®ÀÚ°¡ ÀÖÀ» °æ¿ì Á¦°Å /^Subject: .*f[ _\.\*\-]+r[ _\.\*\-]+e[ _\.\*\-]+e/ REJECT /etc/postfix/mime_header_checks ÀÇ ¿¹Á¦. mime_header_checks´Â MIMEÀ¸·Î ÷ºÎµÈ ÆÄÀÏÀÌ ÀÖÀ» °æ¿ì È®ÀåÀÚ¸¦ °Ë»çÇÏ¿© ÇÊÅ͸µ ÇÏ°Ô ÇØÁØ´Ù. ȸé»ó ¾î¿ ¼ö ¾øÀÌ È®ÀåÀÚ ºÎºÐÀ» ´ÙÀ½ ÁÙ·Î ³»·È´Âµ¥, °¢ /name À¸·Î ½ÃÀÛÇÏ´Â Ç׸ñÀº ¿ø·¡ ¸ðµÎ ÇÑÁÙ·Î ÀÌ·ç¾îÁ®ÀÖ´Ù.
/name=[^>]*\.(ade|adp|asd|bas|bat|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|inf|ins|isp |js|lnk|ocx|msi|pif|reg|scf|scr|swf|uue|vb|vbe|vbs|vbx|vxd|wsh)/ REJECT º» ÆíÁö´Â À§ÇèÆÄÀÏ Ã·ºÎ·Î °ÅºÎµË´Ï´Ù. À§¿¡¼ ¼Ò°³µÈ ºÎºÐÀº Postfix¿¡¼ ±âº»À¸·Î žÀçµÇ¾î ÀÖ´Â ±â´ÉÀ» È°¿ëÇÑ ¿¹Á¦Àε¥, Á» ´õ °·ÂÇÑ ½ºÆÔ ¹× ¹ÙÀÌ·¯½º ÇÊÅ͸µÀ» ¿øÇÑ´Ù¸é Spam AssassinÀÇ »ç¿ëÀ» ±ÇÀåÇÑ´Ù.
4.5. Postfix¸¦ ±¸¼ºÇÏ´Â ¸í·É¾îµé ¶º» ¸í·É¾îÀÇ ¿ø¹®Àº http://www.postfix.org/commands.html ¸¦ ÂüÁ¶ÇÑ´Ù.
4.6.1. SSL WrapperÀÎ stunnelÀ» »ç¿ëÇÏ¿© ¾ÈÀüÇÑ SMTP/POP3 ¼¹ö ±¸ÃàÇϱ⠶SMTP¸¦ ¾µ¶§, º¸³»Áö´Â ³»¿ë°ú ±âŸ Á¤º¸¸¦ º¸È£ÇÏ°í ½Í´Ù¸é SSL Wrapper¸¦ »ç¿ëÇϴ°ÍÀ» ±ÇÀåÇÑ´Ù.
ÀÌ·¯ÇÑ SSL Wrapper¿¡´Â SSLWRAP°ú stunnelÀÌ Á¸ÀçÇϴµ¥, º» ¼¿¡¼´Â stunnelÀ» »ç¿ëÇÏ¿© Secure SMTP/POP3/IMAP(Port 465/995/993)¸¦ ±¸ÃàÇϴ°Ϳ¡ ´ëÇØ ¾ð±ÞÇÏ°íÀÚ ÇÑ´Ù.
stunnel Homepage : http://www.stunnel.org
À§ÀÇ È¨ÆäÀÌÁö¿¡¼, stunnel ÃֽŹöÀüÀ» ¹Þ¾Æ¼ ¼³Ä¡Çϵµ·Ï ÇÑ´Ù. ¾Æ·¡ÀÇ ¿¹Á¦¿¡´Â stunnel 4.0.4¸¦ »ç¿ëÇß´Ù.
Kerberos-5 devel ÆÐÅ°Áö(´ë°³ krb5-devel)°¡ ÀÖÀ½¿¡µµ ºÒ±¸ÇÏ°í make Áß¿¡ Kerberos °ü·Ã Çì´õ¸¦ ãÁö ¸øÇÑ´Ù´Â ¸Þ½ÃÁö°¡ ³ª¿À¸é configure Çϱâ Àü¿¡ CPPFLAGS ȯ°æº¯¼ö·Î, Kerberos Çì´õ°¡ ÀÖ´Â À§Ä¡¸¦ ÁöÁ¤ÇØÁÖµµ·Ï ÇÑ´Ù.
# export CPPFLAGS=-I/usr/kerberos/include makeÀÇ ÃÖÁ¾ ´Ü°è¿¡¼, stunnel.pem (±âº» SSL ÀÎÁõ¼)¸¦ »ý¼ºÇÏ·Á°í ÇÑ´Ù. À̵é ÀÎÁõ¼´Â ³ªÁß stunnel ¼³Á¤¿¡¼ º¯°æÇÒ ¼ö ÀÖÀ¸¹Ç·Î ÀûÀýÇÏ°Ô À̸§À» Áö¾î¼ ä¿öÁÖÀÚ.
¼³Ä¡°¡ ¸ðµÎ ³¡³ª¸é, $PREFIX/etc/stunnel/stunnel.conf-sampleÀ» stunnel.conf·Î º¹»çÇÑ ÈÄ, ÀÚ±â ÀÔ¸À¿¡ ¸ÂÃß¾î ¼³Á¤À» ½ÃÀÛÇÑ´Ù. (conf ÆÄÀÏÀÇ À§Ä¡´Â, stunnel ½ÇÇà½Ã ÁöÁ¤ÀÌ °¡´ÉÇϹǷÎ, ÀÓÀÇ·Î ÁöÁ¤ÇØ ÁÙ ¼öµµ ÀÖ´Ù.)
¾Æ·¡´Â ¼³Á¤ÆÄÀÏÀÇ ÀϺκÐÀÌ´Ù. Ç¥½ÃµÇÁö ¾ÊÀº ¾Æ·§ ºÎºÐÀº Wrapping ÇÒ Æ÷Æ® ¹øÈ£¸¦ ¸ÅÇÎÇØÁÖ´Â ºÎºÐÀε¥, ÀÌ´Â ÀÔ¸À¿¡ µû¶ó ¼³Á¤ÇÏ¸é µÈ´Ù.
# ÀÎÁõ¼ÀÇ À§Ä¡. cert = /usr/etc/stunnel/stunnel.pem # chroot¸¦ °É°Ô µÇ´Âµ¥, À̶§ ÇØ´ç µð·ºÅ丮°¡ Á¸ÀçÇÏÁö ¾ÊÀ¸¸é ¾Æ·¡ÀÇ setuid, setgid ¿¡ ¸ÂÃç µð·ºÅ丮¸¦ »ý¼ºÇϵµ·Ï ÇÑ´Ù. chroot = /var/run/stunnel/ # PID is created inside chroot jail : À§ÀÇ chroot ¼³Á¤¿¡¼ Á¤ÇØÁØ °æ·Î°¡ "/"ÀÓÀ» ÁÖÀÇ. ½±°Ô ¸»ÇØ °íÄ¥ ÇÊ¿ä°¡ ¾ø´Ù pid = /stunnel.pid setuid = nobody setgid = nobody # Eudora »ç¿ëÀÚ°¡ °ÅÀÇ ¾ø°ÚÁö¸¸, Ȥ½Ã³ª ÀÖÀ» °æ¿ì ÁÖ¼®À» Ç®¾îÁØ´Ù. # options = DONT_INSERT_EMPTY_FRAGMENTS ÀÌÁ¦ ¸ðµç ¼³Á¤ÀÌ ³¡³ª¸é stunnelÀ» ½ÇÇàÇØÁÖ¸é µÈ´Ù. rc ÆÄÀÏÀ̳ª, ȤÀº chkconfig ÆÄÀÏÀ» »ý¼ºÇؼ init¿¡ µî·ÏÇϸé ÀçºÎÆà ÀÌÈÄ¿¡µµ ÀÚµ¿À¸·Î ½ÇÇàÀÌ µÉ °ÍÀÌ´Ù. ´ç¿¬È÷, ¾ÈÀüÇÑ ¹öÀüÀÇ OpenSSLÀ» ÇÊ¿ä·Î ÇÑ´Ù.
¿¡·¯¸Þ½ÃÁö°¡ /var/log/messages¿¡ ÀúÀåµÇ±â ¶§¹®¿¡ ºÒÆíÇÏ´Ù. µ¥¸óÀÌ ¶°ÀÖ´ÂÁö È®ÀÎÀº Çʼö°¡ µÉ °ÍÀÌ´Ù.
¸ÞÀÏ Å¬¶óÀ̾ðÆ®(Outlook series, Mozilla Thunderbird, ...)¿¡¼´Â, SSLÀ» »ç¿ëÇÑ´Ù¿¡ üũÇÏ°í »ç¿ëÇÏ¸é µÈ´Ù.
4.6.2. Debian ¿¡¼´Â? ¶Debian À¯Àú¸¦ À§ÇÑ ¸î°¡Áö À¯ÀÇÇÒ Á¡.
addgroup sasl apt-get install postfix-tls qpopper sasl-bin libsasl-modules-plain libsasl2 libsasl-gssapi-mit libsasl-digestmd5-des sasl2-bin libsasl2-modules ÀÏ´Ü ÀÌÁ¤µµ·Î ¼³Ä¡ÇϽðí, Â÷ÀÌÁ¡ À̶ó¸é µð·ºÅ丮 ¸íÀÌ Á¶±Ý Ʋ¸° °Í°ú init ½ºÅ©¸³ÀÇ ¹®Á¦Á¡ÀÌ ÀÖ´Ù´Â °Í Á¤µµÀÔ´Ï´Ù.
http://hanselan.de/postfix/pwcheck ÀÌ°÷ÀÇ init ½ºÅ©¸³À» ¹Þ¾Æ¼ ¾²½Ã±æ ¹Ù¶ø´Ï´Ù. (Å« Â÷ÀÌ´Â ¾ø°í..¸î ÁÙ »èÁ¦µÇ¾úÀ» »ÓÀÔ´Ï´Ù)
mkdir -p /var/spool/postfix/var/run/pwcheck chown postfix.root /var/spool/postfix/var/run/pwcheck/ chmod 700 /var/spool/postfix/var/run/pwcheck/ ln -s /var/spool/postfix/var/run/pwcheck /var/run/pwcheck echo 'pwcheck_method: pwcheck' >> /etc/postfix/sasl/smtpd.conf µð·ºÅ丮¸¦ À§ÀÇ Çü½Ä´ë·Î ¼¼ÆÃÇؼ »ç¿ëÇϽøé Á¤µµ·Î ÇÏ½Ã¸é µË´Ï´Ù. Á» ´õ ÀÚ¼¼ÇÑ ³»¿ëÀº http://www.google.com ¿¡¼ "smtp auth debian" Á¤µµ·Î °Ë»öÇØ º¸½Ã±æ ¹Ù¶ø´Ï´Ù.
-- Ç㼺¿í
|
You will be successful in love. |