PDA

View Full Version : Vấn đề Linux và Exchange



tit_mit
04-07-2009, 09:57 AM
Tôi dùng mail GW linux và exchange. để security tôi config sau: o Exchange Default SMTP server >> Access>> Authentication>> bỏ Anonymous, check basic authentication, nhưng khi mail bên ngoài gửi vào trong log Linux báo lỗi Client does not permission on this x.t.z.t (IP server) kết quả Linux không relay mail đến exchange. Nếu check vào Anoymuos thì ok, nhưng như vậy sẽ bi lợi dùng SMTP server
Ai có ý gì chỉ giúp

zippo
06-07-2009, 10:39 PM
Hello ban

Mac dinh doi voi SMTP cua Exchange 2003 la khong cho phep relay tu bat cu IP nao (ngoai tru localhost), viec nay de tranh viec tro thanh openrelay

Nhung van khong the tranh duoc truong hop: fake mail (sender address domain = recipient address domain), vi exchange chi kiem tra recipient address (option) cua nguoi nhan ma thoi. De tranh viec nay ban disable cai autonomous la dung roi (luc nay bat cu ai muon connect den TCP/25 deu phai authenticate truoc)

Nhung lam viec nay dan den, nhung ai khong authenticate thi khong the gui mail den exchange cua ban duoc, cho nen khi ban de mail exchange ra internet thi khong ai co the gui den domain cua ban. Sender mail server se nhan duoc mot bao loi 550 "Client does not permission on this x.t.z.t (IP server)"


Cach giai quyet:

Step 1. setup mot mail gateway(linux/unix) de nhan mail tu domain khac (ban da lam viec nay): postfix, qmail,exim,sendmail,....

Step 2. forward mail den exchange
(option1): moi lan Unix/linux forward mail den exchange thi no cung authenticate y nhu mot mail client.
(option2): Add IP cua LInux/UNIX vo relay trusted list cua Exchange

Chu y: neu trong domain cua Ban co nhieu Exchange server thi kho khan day, vi mail transfer giua cac exchange server la dung SMTP (anonymous)
chuc ban thanh cong

tit_mit
07-07-2009, 12:37 PM
Chào bạn
Trong trả lời của bạn có 2 opt
Opt1: Linux config như 1 authenticated client thì tôi cũng đã nghĩ ra hướng này (vd trong OE phải check "my server require authentication..") tuy nhiên trong linux lam sao config Postfix để là Authenticated client. Bạn có thể cho cấu hình cụ thể
Opt2: "Add IP cua LInux/UNIX vo relay trusted list"
Tôi đã làm sau: Smtp server >> Access
Authentication : checked Anonymous, basic authentication
Relay>>Granted: Internal's , External's IP của mail GW (Linux),
Allow all computer which successfully authenticate to relay regardless of the list above
Tuy nhien nếu bỏ anonymous thi bao loi trên, nên hiện giờ vẫn phải check anoymous

zippo
08-07-2009, 03:51 PM
dung link nay http://www.postfix.org/SASL_README.html

Enabling SASL authentication in the Postfix SMTP client

Turn on client-side SASL authentication, and specify a table with per-host or per-destination username and password information. The Postfix SMTP client first searches the table for an entry with the remote SMTP server hostname; if no entry is found, then the Postfix SMTP client searches the table for an entry with the next-hop destination. Usually, that is the right-hand part of an email address, but it can also be the information that is specified with the relayhost parameter or with a transport(5) table.

/etc/postfix/main.cf:
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
relayhost = [mail.myisp.net]
# Alternative form:
# relayhost = [mail.myisp.net]:submission

/etc/postfix/sasl_passwd:
[mail.myisp.net] username:password
[mail.myisp.net]:submission username:password

tit_mit
11-07-2009, 11:46 AM
cach nay khong co tac dung

zippo
11-07-2009, 03:43 PM
Hien nay toi dang su dung, chay tot . Sao lai noi khong co tac dung chu

tit_mit
13-07-2009, 01:26 PM
thi toi da cau hinh theo nhu vay ma ko chay, ko hiu noi

zippo
13-07-2009, 07:56 PM
moi lan ban gui mail den exchange thi ban doc log file syslog, gui len xem coi bi loi gi

tit_mit
22-07-2009, 08:51 PM
syslog : 454 5.7.3 Client does not have permission to submit mail to this server

zippo
23-07-2009, 12:10 PM
Vay la chua co authenticated roi,kiem tra Postfix lai

tit_mit
24-07-2009, 05:01 PM
Hi zippo
Ban co the cho toi cau hinh postfix ma ban da chay tot, duoc?

nggianglx
25-05-2010, 10:42 AM
mình cũng đang tìm hiểu về vấn đề mail server này. bạn zippo có thể cho mình xin file cấu hình không.

Thanks.