Halo sobat sekolahlinux š berjumpa lagi dengan saya, kali ini saya akan menjelaskan bagaimana cara membuat smtp relay dengan authentikasi via rimap pada centos 7, oke ini dia hasil riset saya mencari-cari selama 1 minggu lebih :p ini.
detail server smtp relay:
smtpĀ relay =Ā relay.sekolahlinux.com
ip publicĀ =Ā 232.111.111.11 <<== SAMPLE/CONTOH
saya beranggapan kalau kalian sudah install centos 7 dan install postfix, dan sekarang kita akan create sertifikat ssl untuk keperluan authentikasi smtp relay yang akan kita buat. dalam generet file key dan crt ssl nya kita bisa lakukan sendiri ataupun kita bisa ke website cacert.org š , Ā untuk pembuatan ssl certifiednya ada 2 cara jadi kalian bisa mencoba salah satu cara dibawah ini
- http://sekolahlinux.com/create-self-signed-ssl-certificate-membuat-sendiri-sertifikat-ssl-dengan-openssl/
- http://sekolahlinux.com/generate-ssl-certificate-via-cacert-org/
jika sudah nantinya file akan di letaknya di script /etc/postfix/main.cfĀ seperti dibawah, jangan lupa copykan file certificate sll *.CRT dan *.KEY yang sudah di generate ke folder /etc/postfix/sslbaru , jika belum ada foldernya dibuat dulu ya
smtpd_tls_cert_file = /etc/postfix/sslbaru/sekolahlinux.com.crt smtpd_tls_key_file = /etc/postfix/sslbaru/sekolahlinux.com.key
jika sudah saatnya kita config postfixnya dan saslauthd, buat yang belum install postfix dan cyrus sasl
yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain
jika sudah edit file /etc/postfix/main.cfĀ seperti dibawah
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = relay.sekolahlinux.com
mydomain = sekolahlinux.com
inet_interfaces = all
inet_protocols = all
unknown_local_recipient_reject_code = 550
mynetworks_style = host
mynetworks =
127.0.0.1
#202.148.1.50
#hash:/etc/postfix/mynetworks
#alias_maps = hash:/etc/aliases
#alias_database = hash:/etc/aliases
debug_peer_level = 2
smtpd_banner = $myhostname ESMTP
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
relay_domains =
$mydestination
# hash:/usr/local/etc/postfix/relay_domains
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
maximal_queue_lifetime = 1h
bounce_queue_lifetime = 1h
maximal_backoff_time = 5m
minimal_backoff_time = 2m
queue_run_delay = 2m
smtpd_helo_required = yes
message_size_limit = 28708746
smtpd_error_sleep_time = 2s
#transport_maps = hash:/etc/postfix/transport
smtpd_sender_restrictions =
# check_sender_access hash:/usr/local/etc/postfix/sender_access
smtpd_recipient_restrictions =
# check_recipient_access hash:/usr/local/etc/postfix/recipient_access
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
#sasl authentication & tls
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = yes
#smtpd_tls_CAfile = /etc/certs/DigiCertCA.crt
smtpd_tls_cert_file = /etc/postfix/sslbaru/sekolahlinux.com.crt
smtpd_tls_key_file = /etc/postfix/sslbaru/sekolahlinux.com.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
#smtpd_sasl_authenticated_header = no
edit file /etc/postfix/master.cf seperti dibawah
smtp inet n - n - - smtpd #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog #tlsproxy unix - - n - 0 tlsproxy submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_client_connection_count_limit=100 -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=reject_unknown_recipient_domain,reject_non_fqdn_recipient,permit_sasl_authenticated,reject smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_client_connection_count_limit=100 -o smtpd_client_restrictions=reject_unknown_recipient_domain,reject_non_fqdn_recipient,permit_sasl_authenticated,reject
lalu edit fileĀ /etc/sasl2/smtpd.conf seperti dibawah
pwcheck_method: saslauthd mech_list: plain login
lalu edit file /etc/sysconfig/saslauthd untuk mengaktifkan authentikasi via rimap seperti dibawah, ganti sekolahlinux.com dengan url server tujuan pengecekan imap.
# Directory in which to place saslauthd's listening socket, pid file, and so # on. This directory must already exist. SOCKETDIR="/var/run/saslauthd" # Mechanism to use when checking passwords. Run "saslauthd -v" to get a list # of which mechanism your installation was compiled with the ablity to use. MECH="rimap -r" # Additional flags to pass to saslauthd on the command line. See saslauthd(8) # for the list of accepted flags. FLAGS="-O sekolahlinux.com"
jika sudah jalankan servicenya
systemctl restart saslauthd.service systemctl restart postfix.service systemctl enable saslauthd.service systemctl enable postfix.service
sebelumnya jangan lupa check dahulu apakah server tujuan rimap support auth PLAIN & LOGIN atau tidak
[root@relay akbar]# telnet sekolahlinux.com 143 Trying 202.148.1.50... Connected to sekolahlinux.com. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. a logout * BYE Logging out a OK Logout completed. Connection closed by foreign host. [root@relay akbar]#
jika jawabannya seperti diatas maka server tujuan support PLAIN & LOGIN dengan mode RIMAP
namun jika sertujuan ternyata memberikan jawaban seperti dibawah ini maka server tujuan tidak supportĀ PLAIN & LOGIN dengan mode RIMAP
[root@relay akbar]# telnet sekolahlinux.com 143 Trying 202.148.1.50... Connected to sekolahlinux.com. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready. a logout * BYE Logging out a OK Logout completed. Connection closed by foreign host. [root@relay akbar]#
lalu bagaimana caranya agar server tujuan support untuk mode RIMAP dari server smtp relay, mudah saja pertama kita harus masuk ke server tujuan dalam hal ini berarti server sekolahlinux.com yang berlamat di ip 202.148.1.50 dan kita rubah rule dovecot yang ada di server sekolahlinux.com
[root@server ~]# vim /etc/dovecot/conf.d/10-ssl.conf
lalu rubah baris ini
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> # disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps # plain imap and pop3 are still allowed for local connections ssl = required
menjadi seperti ini
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> # disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps # plain imap and pop3 are still allowed for local connections ssl = yes
jika sudah restart service dovecot nya
systemctl restart dovecot.service
nah jika sudah coba pindah ke server relay.sekolahlinux.com dan coba telnet kembali maka hasilnya akan berubah menjadi seperti dibawah
[root@relay ~]# telnet sekolahlinux.com 143 Trying 202.148.1.50... Connected to sekolahlinux.com. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. a logout * BYE Logging out a OK Logout completed. Connection closed by foreign host. [root@relay ~]#
nah sekarang silahkan dicoba smtp relay nya š ingat jangan lupa cara diatas hanya untuk authentikasi user @sekolahlinux.com jadi kalau anda ingin authentikasi dengan @yourdomain.com kalian harus merubah ruleĀ FLAGS=”-O sekolahlinux.com” menjadiĀ FLAGS=”-O yourserver”
jika authentikasi gagal maka email tidak akan terkirim, kecuali ip public komputer anda dimasukkan kedalam mynetwork di konfigurasi postfix di main.cf
sekian tutorial kali ini
sumber: berbagai sumber banyak bgt google aja deh, toh pada akhirnya saya trial dan error sendiri dan alhamdulillah berhasil š