(DigitalOceanの)Ubuntu 20.04のexim4でSMTP認証
4385 ワード
「(DigitalOceanの)Ubuntu 20.04のexim4でSPFとDKIM」の続きです。
https://qiita.com/kentasaito/items/9bf5f31277b6fe46ed96
設定ファイルの変化確認用
cp -a /var/lib/exim4/config.autogenerated /var/lib/exim4/config.autogenerated.1
Eximユーザの作成
cp -a /var/lib/exim4/config.autogenerated /var/lib/exim4/config.autogenerated.1
ユーザ名はOS上に存在するユーザ名でなくてもよい。
/usr/share/doc/exim4-base/examples/exim-adduser
chown root:Debian-exim /etc/exim4/passwd
chmod 640 /etc/exim4/passwd
Let's Encryptの証明書と秘密鍵を利用する
vi /etc/letsencrypt/renewal-hooks/deploy/exim4.sh
#!/usr/bin/bash
cp /etc/letsencrypt/live/[ドメイン名]/fullchain.pem /etc/exim4/exim.crt
chown root:Debian-exim /etc/exim4/exim.crt
chmod 640 /etc/exim4/exim.crt
cp /etc/letsencrypt/live/[ドメイン名]/privkey.pem /etc/exim4/exim.key
chown root:Debian-exim /etc/exim4/exim.key
chmod 640 /etc/exim4/exim.key
service exim4 reload
chmod 755 /etc/letsencrypt/renewal-hooks/deploy/exim4.sh
certbot --force-renewal
TLSを使う
vi /etc/exim4/exim4.conf.localmacros
MAIN_TLS_ENABLE = true
LOGIN
vi /etc/exim4/exim4.conf.template
login_server:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
server_set_id = $auth1
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
.endif
service exim4 reload
メモ: Eximの設定が反映されているか確認
diff /var/lib/exim4/config.autogenerated.1 /var/lib/exim4/config.autogenerated
26a27,28
> MAIN_TLS_ENABLE = true
>
910a913,922
>
> login_server:
> driver = plaintext
> public_name = LOGIN
> server_prompts = "Username:: : Password::"
> server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
> server_set_id = $auth1
> .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
> server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
> .endif
コマンドラインからテスト
vi /etc/letsencrypt/renewal-hooks/deploy/exim4.sh
#!/usr/bin/bash
cp /etc/letsencrypt/live/[ドメイン名]/fullchain.pem /etc/exim4/exim.crt
chown root:Debian-exim /etc/exim4/exim.crt
chmod 640 /etc/exim4/exim.crt
cp /etc/letsencrypt/live/[ドメイン名]/privkey.pem /etc/exim4/exim.key
chown root:Debian-exim /etc/exim4/exim.key
chmod 640 /etc/exim4/exim.key
service exim4 reload
chmod 755 /etc/letsencrypt/renewal-hooks/deploy/exim4.sh
certbot --force-renewal
vi /etc/exim4/exim4.conf.localmacros
MAIN_TLS_ENABLE = true
LOGIN
vi /etc/exim4/exim4.conf.template
login_server:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
server_set_id = $auth1
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
.endif
service exim4 reload
メモ: Eximの設定が反映されているか確認
diff /var/lib/exim4/config.autogenerated.1 /var/lib/exim4/config.autogenerated
26a27,28
> MAIN_TLS_ENABLE = true
>
910a913,922
>
> login_server:
> driver = plaintext
> public_name = LOGIN
> server_prompts = "Username:: : Password::"
> server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
> server_set_id = $auth1
> .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
> server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
> .endif
コマンドラインからテスト
vi /etc/exim4/exim4.conf.template
login_server:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
server_set_id = $auth1
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
.endif
service exim4 reload
diff /var/lib/exim4/config.autogenerated.1 /var/lib/exim4/config.autogenerated
26a27,28
> MAIN_TLS_ENABLE = true
>
910a913,922
>
> login_server:
> driver = plaintext
> public_name = LOGIN
> server_prompts = "Username:: : Password::"
> server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
> server_set_id = $auth1
> .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
> server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
> .endif
コマンドラインからテスト
これはサーバ上ではなく、手元のPCから行う。
openssl s_client -connect [ドメイン名]:587 -starttls smtp
各コマンドは小文字で。
ehlo [ドメイン名]
auth login
334 VXNlcm5hbWU6
[Eximユーザ名をbase64エンコードしたもの。'user'なら'dXNlcg==']
334 UGFzc3dvcmQ6
[Eximユーザのパスワードをbase64エンコードしたもの。'pass'なら'cGFzcw==']
235 Authentication succeeded
quit
Author And Source
この問題について((DigitalOceanの)Ubuntu 20.04のexim4でSMTP認証), 我々は、より多くの情報をここで見つけました https://qiita.com/kentasaito/items/88103352bc01b794b5fd著者帰属:元の著者の情報は、元のURLに含まれています。著作権は原作者に属する。
Content is automatically searched and collected through network algorithms . If there is a violation . Please contact us . We will adjust (correct author information ,or delete content ) as soon as possible .