Halo sobat sekolahlinux š berjumpa lagi dengan saya, kali ini saya akan menjelaskan bagaimana cara membuat smtp relay dengan authentikasi via rimap pada centos 7, oke ini dia hasil riset saya mencari-cari selama 1 minggu lebih :p ini.
detail server smtp relay:
smtpĀ relay =Ā relay.sekolahlinux.com
ip publicĀ =Ā 232.111.111.11 <<== SAMPLE/CONTOH
saya beranggapan kalau kalian sudah install centos 7 dan install postfix, dan sekarang kita akan create sertifikat ssl untuk keperluan authentikasi smtp relay yang akan kita buat. dalam generet file key dan crt ssl nya kita bisa lakukan sendiri ataupun kita bisa ke website cacert.org š , Ā untuk pembuatan ssl certifiednya ada 2 cara jadi kalian bisa mencoba salah satu cara dibawah ini
- http://sekolahlinux.com/create-self-signed-ssl-certificate-membuat-sendiri-sertifikat-ssl-dengan-openssl/
- http://sekolahlinux.com/generate-ssl-certificate-via-cacert-org/
jika sudah nantinya file akan di letaknya di script /etc/postfix/main.cfĀ seperti dibawah, jangan lupa copykan file certificate sll *.CRT dan *.KEY yang sudah di generate ke folder /etc/postfix/sslbaru , jika belum ada foldernya dibuat dulu ya
smtpd_tls_cert_file = /etc/postfix/sslbaru/sekolahlinux.com.crt smtpd_tls_key_file = /etc/postfix/sslbaru/sekolahlinux.com.key
jika sudah saatnya kita config postfixnya dan saslauthd, buat yang belum install postfix dan cyrus sasl
yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain
jika sudah edit file /etc/postfix/main.cfĀ seperti dibawah
queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix myhostname = relay.sekolahlinux.com mydomain = sekolahlinux.com inet_interfaces = all inet_protocols = all unknown_local_recipient_reject_code = 550 mynetworks_style = host mynetworks = 127.0.0.1 #202.148.1.50 #hash:/etc/postfix/mynetworks #alias_maps = hash:/etc/aliases #alias_database = hash:/etc/aliases debug_peer_level = 2 smtpd_banner = $myhostname ESMTP debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 relay_domains = $mydestination # hash:/usr/local/etc/postfix/relay_domains sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.10.1/samples readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES maximal_queue_lifetime = 1h bounce_queue_lifetime = 1h maximal_backoff_time = 5m minimal_backoff_time = 2m queue_run_delay = 2m smtpd_helo_required = yes message_size_limit = 28708746 smtpd_error_sleep_time = 2s #transport_maps = hash:/etc/postfix/transport smtpd_sender_restrictions = # check_sender_access hash:/usr/local/etc/postfix/sender_access smtpd_recipient_restrictions = # check_recipient_access hash:/usr/local/etc/postfix/recipient_access permit_mynetworks permit_sasl_authenticated reject_unauth_destination #sasl authentication & tls smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_sasl_path = smtpd smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_tls_auth_only = yes #smtpd_tls_CAfile = /etc/certs/DigiCertCA.crt smtpd_tls_cert_file = /etc/postfix/sslbaru/sekolahlinux.com.crt smtpd_tls_key_file = /etc/postfix/sslbaru/sekolahlinux.com.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom #smtpd_sasl_authenticated_header = no
edit file /etc/postfix/master.cf seperti dibawah
smtp inet n - n - - smtpd #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog #tlsproxy unix - - n - 0 tlsproxy submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_client_connection_count_limit=100 -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=reject_unknown_recipient_domain,reject_non_fqdn_recipient,permit_sasl_authenticated,reject smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_client_connection_count_limit=100 -o smtpd_client_restrictions=reject_unknown_recipient_domain,reject_non_fqdn_recipient,permit_sasl_authenticated,reject
lalu edit fileĀ /etc/sasl2/smtpd.conf seperti dibawah
pwcheck_method: saslauthd mech_list: plain login
lalu edit file /etc/sysconfig/saslauthd untuk mengaktifkan authentikasi via rimap seperti dibawah, ganti sekolahlinux.com dengan url server tujuan pengecekan imap.
# Directory in which to place saslauthd's listening socket, pid file, and so # on. This directory must already exist. SOCKETDIR="/var/run/saslauthd" # Mechanism to use when checking passwords. Run "saslauthd -v" to get a list # of which mechanism your installation was compiled with the ablity to use. MECH="rimap -r" # Additional flags to pass to saslauthd on the command line. See saslauthd(8) # for the list of accepted flags. FLAGS="-O sekolahlinux.com"
jika sudah jalankan servicenya
systemctl restart saslauthd.service systemctl restart postfix.service systemctl enable saslauthd.service systemctl enable postfix.service
sebelumnya jangan lupa check dahulu apakah server tujuan rimap support auth PLAIN & LOGIN atau tidak
[root@relay akbar]# telnet sekolahlinux.com 143 Trying 202.148.1.50... Connected to sekolahlinux.com. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. a logout * BYE Logging out a OK Logout completed. Connection closed by foreign host. [root@relay akbar]#
jika jawabannya seperti diatas maka server tujuan support PLAIN & LOGIN dengan mode RIMAP
namun jika sertujuan ternyata memberikan jawaban seperti dibawah ini maka server tujuan tidak supportĀ PLAIN & LOGIN dengan mode RIMAP
[root@relay akbar]# telnet sekolahlinux.com 143 Trying 202.148.1.50... Connected to sekolahlinux.com. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready. a logout * BYE Logging out a OK Logout completed. Connection closed by foreign host. [root@relay akbar]#
lalu bagaimana caranya agar server tujuan support untuk mode RIMAP dari server smtp relay, mudah saja pertama kita harus masuk ke server tujuan dalam hal ini berarti server sekolahlinux.com yang berlamat di ip 202.148.1.50 dan kita rubah rule dovecot yang ada di server sekolahlinux.com
[root@server ~]# vim /etc/dovecot/conf.d/10-ssl.conf
lalu rubah baris ini
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> # disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps # plain imap and pop3 are still allowed for local connections ssl = required
menjadi seperti ini
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> # disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps # plain imap and pop3 are still allowed for local connections ssl = yes
jika sudah restart service dovecot nya
systemctl restart dovecot.service
nah jika sudah coba pindah ke server relay.sekolahlinux.com dan coba telnet kembali maka hasilnya akan berubah menjadi seperti dibawah
[root@relay ~]# telnet sekolahlinux.com 143 Trying 202.148.1.50... Connected to sekolahlinux.com. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. a logout * BYE Logging out a OK Logout completed. Connection closed by foreign host. [root@relay ~]#
nah sekarang silahkan dicoba smtp relay nya š ingat jangan lupa cara diatas hanya untuk authentikasi user @sekolahlinux.com jadi kalau anda ingin authentikasi dengan @yourdomain.com kalian harus merubah ruleĀ FLAGS=”-O sekolahlinux.com” menjadiĀ FLAGS=”-O yourserver”
jika authentikasi gagal maka email tidak akan terkirim, kecuali ip public komputer anda dimasukkan kedalam mynetwork di konfigurasi postfix di main.cf
sekian tutorial kali ini
sumber: berbagai sumber banyak bgt google aja deh, toh pada akhirnya saya trial dan error sendiri dan alhamdulillah berhasil š