E D R , A S I H C RSS

SendmailAuth (rev. 1.3)

FrontPage SendmailAuth

8. SMTP ÀÎÁõ


ÇÊÀÚ°¡ »ý°¢ÇÏ´Â 8.10 ¹öÁ¯ÀÇ º¯È­ÁßÀÇ ²ÉÀ̶ó°í »ý°¢ µÇ´Â ±â´ÉÀÌ ¹Ù·Î SMTP ÀÎÁõ ºÎºÐÀÌ´Ù.(¼ÖÁ÷È÷ ±â¼úÀûÀÎ ºÎºÐ¿¡¼­´Â Multiple queues °¡ ´õ¿í ²ÉÀÏÁö´Â ¸ð¸£°ÚÁö¸¸ ³» ÀÔÀå¿¡¼­´Â .. --) ÇÊÀÚ°¡ hosting server¸¦ °ü¸®Çϸ鼭 ¹®Àǹ޴ø Áú¹®Áß¿¡¼­ °ÅÀÇ ´ëºÎºÐÀÌ ¿Ö smtp¼­¹ö¸¦ ÀÚ½ÅÀÇ µµ¸ÞÀÎÀ¸·Î »ç¿ëÀ» ÇÏÁö ¸øÇÏ´À³Ä´Â Áú¹®À̾ú´Ù.

¿ø·¡ ¾Æ´Â »ç¶÷µéÀº ´Ù ¾Ë°ÚÁö¸¸ smtp server´Â ÀÚ½ÅÀÌ »ç¿ëÇÏ´Â ISPÀÇ mail server¸¦ »ç¿ëÇÏ´Â °ÍÀÌ ¼Óµµ»ó °¡Àå ºü¸£´Ù. ÇÏÁö¸¸ ÀÌ¿¡ ´ëÇÑ Àü¹® Áö½ÄÀÌ ¾ø´Â »ç¶÷µéÀº ÀÌ°ÍÀ» ÀÌÇØÇÏÁö¸¦ ¸øÇÑ´Ù. ±×·¸´Ù°í ¸ðµç ´ë¿ª¿¡ ´ëÇؼ­ relay¸¦ ¿­¾î ÁÖÀÚ´Ï SPMAERÀÇ °ø·« ´ë»óÀÌ »·ÇÏ°í ±×Àú °ü¸®ÀÚ´Â ¼Ó¸¸ Å»»ÓÀ̾ú´Ù. ±×Àú NTÀÇ exchange¿¡¼­ Áö¿øÇÏ´Â stmp ÀÎÁõÀ» ¿Ö sendmail¿¡¼­´Â Áö¿øÀ» ÇÏÁö ¾ÊÀ»±î.. ÇÏ´Â ÇÑź »ÓÀ̾ú´Ù.

°¢¼³ÇÏ°í »ç¿ë¹ýÀ» ¾Ë¾Æ º¸ÀÚ. compile½Ã¿¡ ÀÌ ±â´ÉÀ» ³Ö¾ú´Ù¸é¼ÂÆûó ÇÊ¿äÇÑ °ÍÀº µû·Î ¾ø´Ù. ¶ÇÇÑ ÇÊÀÚÀÇ FTP ¿¡ ÀÖ´Â sendmail-8.10.0-2kr ÀÌ»ó ¹öÁ¯À» ¼³Ä¡ÇÏ¿´´Ù¸é ±âº»À¸·Î ¼ÂÆÃÀÌ µÇ¾î ÀÖÀ¸´Ï ±×³É »ç¿ëÀ» ÇÏ¸é µÈ´Ù.

±×·³ °£´ÜÇÏ°Ô ÇöÀç ³ªÀÇ smtp ¿¡¼­ smtp auth ±â´ÉÀÌ »ç¿ëÀÌ °¡´ÉÇÑÁö ºÎÅÍ »ìÆì º¸µµ·Ï ÇÑ´Ù. ÀÏ´Ü °¡Àå °£´ÜÇÑ ¹æ¹ýÀº ¶Ç´Â sendmail.cf ¿¡¼­
# list of authentication mechanisms
O AuthMechanisms=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
¶óÀÎÀÇ ÁÖ¼®ÀÌ Ç®·Á Àְųª ¶Ç´Â ÇØ´ç ¶óÀÎÀÌ ¼³Á¤ÀÌ ÀÖ´ÂÁö¸¦ È®ÀÎÇÏ¸é µÈ´Ù. º¸Åë RedHat 7.x ºÎÅÍ´Â smtp auth ±â´ÉÀÌ Áö¿øÀÌ µÇÁö¸¸ ¿©±â¼­ ³íÇÏ´Â login ¹æ½ÄÀÌ ¾Æ´Ï¶ó pam ÀÎÁõ ¹æ½ÄÀ» Áö¿øÇÑ´Ù. ¿©±â¼­´Â login ¹æ½ÄÀ» Áö¿ø ¼³¸íÇÒ °ÍÀÌ´Ù.

ÀÏ´Ü ¾ÈµÇ¾î ÀÖ´Ù°í ÆÇ´ÜÀÌ µÈ´Ù¸é ´ÙÀ½À» µû¶ó Çϵµ·Ï ÇÑ´Ù. ´ÙÀ½Àº sendamil 8.10 ÀÌ»ó ¹öÁ¯ÀÌ ¼³Ä¡ µÇ¾î ÀÖ°í, libsasl ¶Ç´Â cyrus-sasl package °¡ ¼³Ä¡°¡ µÇ¾î ÀÖ´Â »óȲ¿¡¼­ sendmail auth °¡ ¾ÈµÈ´Ù¸é µÇ°Ô ÇÏ´Â ¹æ¹ýÀÌ´Ù. ÀÏ´Ü /etc/mail ¿¡ º¸¸é sendmail.mc ¶ó´Â ÆÄÀÏÀÌ ÀÖÀ» °ÍÀÌ´Ù. ÀÌ ÆÄÀÏ¿¡ ´ÙÀ½ÀÇ ³»¿ëÀ» ±â¼úÇϵµ·Ï ÇÑ´Ù.
dnl # These are the allowed auth mechanisms. To allow relaying for a user
dnl # that uses one of them, you must set TRUST_AUTH_MECH.
define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
dnl # These are the SMTP auth mechanisms which, if used,
dnl # Sendmail will allow relaying for. 
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
±×¸®°í sendamil.cf file À» ´Ù½Ã »ý¼ºÇÏ¸é µÈ´Ù. ´Ü ÁÖÀÇ ÇÒ°ÍÀº rpm À¸·Î ¼³Ä¡¸¦ Çß°í sendmail.mc ¸¦ ÀÌ¿ëÇÏ¿© sendmail.cf ¸¦ ´Ù½Ã »ý¼ºÇÒ °æ¿ì¿¡´Â sendmail-cf package °¡ ¼³Ä¡°¡ µÇ¾î ÀÖ¾î¾ß ÇÑ´Ù.

ÀÏ´Ü ¼öÁ¤ÇÑ sendmail.mc ´Â ´ÙÀ½°ú °°´Ù. ¹°·Ð Á¶±Ý½Ä Ʋ¸±¼ö´Â ÀÖÁö¸¸ ÆÐŰ¡ ½Ã¿¡ ³ÖÀº ¿É¼Çµé¿¡ µû¶ó Á¶±Ý¾¿ Â÷ÀÌ°¡ ³¯°ÍÀÌ´Ù.

 Hanterm - cat /etc/mail/sendmail.mc


 [root@oops mail]# cat sendmail.mc

  divert(-1)
  dnl This is the macro config file used to generate the /etc/sendmail.cf
  dnl file. If you modify thei file you will have to regenerate the
  dnl /etc/sendmail.cf by running this macro config through the m4
  dnl preprocessor:
  dnl
  dnl        m4 /etc/sendmail.mc > /etc/sendmail.cf
  dnl
  dnl You will need to have the sendmail-cf package installed for this to
  dnl work.
  include(`/usr/lib/sendmail-cf/m4/cf.m4')
À§ÀÇ ¶óÀÎÀÇ path ¸¦ ÁÖÀÇÇÏÀÚ. RH 7.x ÀÇ °æ¿ì¿¡´Â ¾Æ¸¶ m4 file ÀÇ À§Ä¡°¡
/usr/share/sendmail-cf/m4/cf.m4 ¿¡ À§Ä¡ÇÒ °ÍÀÌ´Ù. ³ªµµ Á¤È®ÇÏ°Ô ±â¾ïÀº
¾È³ª´Ï ¾Ë¾Æ¼­ À§ÀÇ °æ·Î¸¦ È®ÀÎÇϱ⠹ٶõ´Ù.

  define(`confDEF_USER_ID',``8:12'')
  OSTYPE(`linux')
  undefine(`UUCP_RELAY')
  undefine(`BITNET_RELAY')
  define(`confAUTO_REBUILD')
  dnl #
  dnl # These are the allowed auth mechanisms. To allow relaying for a user
  dnl # that uses one of them, you must set TRUST_AUTH_MECH.
  define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
  dnl # These are the SMTP auth mechanisms which, if used,
  dnl # Sendmail will allow relaying for. 
  TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
  dnl #
  define(`confTO_CONNECT', `1m')
  define(`confTRY_NULL_MX_LIST',true)
  define(`confDONT_PROBE_INTERFACES',true)
  define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')
  dnl Security improvement by disallowing VRFY, EXPN
  define(`confPRIVACY_FLAGS',`authwarnings,needmailhelo,novrfy,noexpn')dnl
  FEATURE(`smrsh',`/usr/sbin/smrsh')
  FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')
  FEATURE(redirect)
  FEATURE(always_add_domain)
  FEATURE(use_cw_file)
  FEATURE(local_procmail)
  MAILER(smtp)
  MAILER(procmail)
  FEATURE(`access_db')
  FEATURE(`blacklist_recipients')
  dnl We strongly recommend to comment this one out if you want to protect
  dnl yourself from spam. However, the laptop and users on computers that do
  dnl not hav 24x7 DNS do need this.
  FEATURE(`accept_unresolvable_domains')
  dnl FEATURE(`relay_based_on_MX')
  dnl To use multiple queue feature of 8.10.x
  define(QUEUE_DIR,`/var/spool/mqueue/q*')
  dnl change Statistics file name from statistics to sendmail.st
  define(STATUS_FILE, `sendmail.st')
  dnl OOPS

 [root@oops mail]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

 À§ÀÇ ¸í·ÉÀ» ÀÌ¿ëÇÏ¿© sendmail.cf ¸¦ »õ·Î »ý¼ºÀ» ÇÒ¼ö ÀÖ´Ù.

 [root@oops mail]

À§ÀÇ sendmail.mc ³»¿ë ´ÙÀ½ÀÇ ¸í·ÉÀ» ½ÇÇàÇϸé sendmail.cf °¡ »õ·Î »ý¼ºÀÌ µÇ°Ô µÈ´Ù. ´Ù½Ã ÁÖÀǸ¦ ÇϰǸ¸ m4 ¸í·ÉÀ» ÀÌ¿ëÇÏ¿© sendmail.cf ¸¦ »õ·Î »ý¼ºÇÒ °æ¿ì sendmail-cf package °¡ ¼³Ä¡ µÇ¾î ÀÖ¾î¾ß ÇÑ´Ù´Â °ÍÀÌ´Ù. (¹°·Ð ÀÌ´Â rpm package ·Î sendmail ÀÌ ÀÌ¹Ì ¼³Ä¡ µÇ¾î ÀÖ´Â °æ¿ìÀÌ´Ù.)

´ÙÀ½Àº sasl ¿¡¼­ auth ÀÇ ¹æ½ÄÀ» ÁöÁ¤Çϵµ·Ï ÇÑ´Ù. ÀÏ´Ü sasl Àº libsasl ¶Ç´Â cyrus-sasl À̶ó´Â À̸§À¸·Î ¼³Ä¡°¡ µÇ¾î ÀÖÀ» °ÍÀÌ´Ù. ¸¸¾à ÀÌ µÎÆÐÅ°Áö°¡ ¼³Ä¡ µÇ¾î ÀÖÁö ¾Ê´Ù¸é sendmail À» óÀ½ºÎÅÍ ´Ù½Ã ¼³Ä¡ÇØ Áà¾ß ÇÑ´Ù.

ÀÏ´Ü rpm -qa | grep Sendmail.conf ¸í·ÉÀ» ½ÇÇà ÇÏ¿© Sendmail.conf ¸¦ ã¾Æ¼­ ´ÙÀ½ÀÇ ³»¿ëÀ» »ðÀÔÇÑ´Ù.
pwcheck_method: shadow
Sendmail.conf °¡ Á¸ÀçÇÏÁö ¾ÊÀ» °æ¿ì¿¡´Â /usr/lib/sasl À̶ó´Â directory °¡ Á¸ÀçÇϸé /usr/lib/sasl/Sendmail.conf ¸¦ »ý¼ºÇÏ¿© À§ÀÇ ³»¿ëÀ» ³Ö¾îÁÖ¸é µÈ´Ù. ±×¸®°í sendmail À» Àç½ÃÀÛ ÇÑ´Ù. (ÇÊÀÚ°¡ ÆÐŰ¡ÇÑ sendmail À» ¼³Ä¡Çϸé À§ÀÇ ºÎºÐÀÌ shadow °¡ ¾Æ´Ï¶ó pam À¸·Î µÇ¾î ÀÖÀ» °ÍÀÌ´Ù. ÀÌ°Ç ´Ù¸¥ ±â´ÉÀ» Ãß°¡Ç߱⠶§¹®¿¡ pam À¸·Î ¼³Á¤À» ÇÑ °ÍÀÌ´Ù. À§ÀÇ °ÍÀÌ shadow À̵ç pam À̵ç Å©°Ô ¹®Á¦°¡ µÉ °ÍÀº ¾ø´Ù.)

±×·³ ¿î¿µÇÏ´Â ¹æ¹ý¿¡ ´ëÇؼ­ º¸µµ·Ï ÇÏ°Ú´Ù. sendmail¿¡¼­ smtp server·Î »ç¿ëÀ» Çϱâ À§Çؼ­´Â /etc/mai/access ¿¡¼­ ÇØ´ç ´ë¿ª¿¡ ´ëÇÏ¿© RELAY¸¦ Çã¿ëÀ» ÇØ Áà¾ß ÇÑ´Ù. ÇÏÁö¸¸ smtp auth ±â´ÉÀÌ Á¤ÀÇ°¡ µÇ¾î ÀÖÀ¸¸é access¿¡¼­ ¼³Á¤À» ÇÒ ÇÊ¿ä ¾øÀÌ (ÀÌ°ÍÀº RELAY¼³Á¤À» ¾ÈÇØ Á൵ µÈ´Ù´Â ¶æÀÌÁö access file¿¡¼­ REJECT·Î ¸·¾Æ¼­´Â ¾ÈµÈ´Ù´Â ÀǹÌÀÌ´Ù) client side¿¡¼­ mail client¿¡¼­ ¼³Á¤¸¸ ÇØ ÁÖ¸é µÈ´Ù. ±×·³ Netscape Mailer¿Í Outlook Express¿¡¼­ÀÇ ¼³Á¤À» º¸µµ·Ï ÇÏÀÚ.

  • Netscpae mailer

    Edit>Preferences>mail & Newgroups>Mail Servers

    ¿¡¼­ Outgoing mail server user name ¿¡ °èÁ¤À¯Àú¸¦ Àû¾î ÁÖ°í SSL ¸ðµå´Â If Possible ·Î Àâ¾Æ ÁÖ¸é µÈ´Ù. ¹°·Ð Plainµµ °¡´ÉÇÏ´Ù. ±×¸®°í ¸ÞÀÏÀ» º¸³»¸é ÀÎÁõ âÀÌ ¶ß°Ô µÇ¸ç ¿©±â¿¡ °èÁ¤ name°ú °èÁ¤ password·Î loginÀ» ÇÏ¸é µÈ´Ù.

  • Outlook Express 98

    µµ±¸>°èÁ¤>¸ÞÀÏ>°èÁ¤µî·ÏÁ¤º¸>¼­¹ö>º¸³»´Â ¸ÞÀϼ­¹ö

    ¿¡¼­ "ÀÎÁõ ÇÊ¿ä"¿¡ üũ¸¦ ÇÏ°í ¿·ÀÇ "¼³Á¤"À» Ŭ¸¯ÇÑÈÄ ·Î±×¿Â Á¤º¸¿¡ °èÁ¤ ID¸¦ ³Ö¸é µÈ´Ù. ±×¸®°í º¸¾È¾ÏÈ£ÀÎÁõÀ» »ç¿ëÇÏ¿© ·Î±×¿ÂÀº ¼±ÅÃÇÏ¸é ¾ÈµÈ´Ù ^^; PlainÀ¸·Î ÇØ¾ß ÇÑ´Ù.

±×·³ ´ÙÀ½Àº °£´ÜÇÏ°Ô sendmail¿¡¼­ smtp auth±â´ÉÀÌ Á¦´ë·Î ÀÛµ¿À» ÇÏ´ÂÁö »ìÆì º¸µµ·Ï ÇÑ´Ù. ºÓÀº»ö ±ÛÀÚ´Â ÇÊÀÚ°¡ typingÀ» ÇÑ °ÍÀÌ´Ù.

Hanterm - telnet localhost 25


[root@oops mail]# telnet localhost 25

 Trying 127.0.0.1...
 Connected to localhost.
 Escape character is '^]'.
 220 oops.org ESMTP Sendmail 8.10.0/8.10.0; Tue, 4 Apr 2000 15:31:05 +0900  
 ehlo localhost
 250-oops.org Hello localhost [127.0.0.1], pleased to meet you
 250-ENHANCEDSTATUSCODES
 250-EXPN
 250-VERB
 250-8BITMIME
 250-SIZE
 250-DSN
 250-ONEX
 250-ETRN
 250-XUSR
 250-AUTH LOGIN PLAIN
 250 HELP
 quit
 221 2.0.0 oops.org closing connection
 Connection closed by foreign host.

 [root@oops etc]# 

À§¿¡¼­ Èò»ö ±½Àº ±ÛÀÚ·Î AUTH LOGIN PLAINÀÌ ³ª¿À¸é Plain ¹æ½ÄÀÇ loginÀÌ °¡´ÉÇÏ´Ù´Â ÀǹÌÀÌ´Ù. ¹°·Ð compile½Ã¿¡ ¾î¶°ÇÑ ¹æ½ÄÀ¸·Î ÇÏ´À³Ä¿¡ µû¶ó ´Þ¶ó Áö¹Ç·Î ²À À§¿Í°°Àº °á°ú°¡ ³ª¿À¸®¶ó´Â ¹ýÀº ¾øÁö¸¸ ¾î¶°ÇÑ ÇüÅ·εç auth¿Í ºñ½ÁÇÑ ¹®±¸´Â ³ª¿Í¾ß ÇÑ´Ù´Â °ÍÀ» ¾Ë¾Æ¾ß ÇÑ´Ù.

ÀÚ, ±×·³ ½ÇÁ¦·Î sendmail auth °¡ ÀÛµ¿ÇÏ´ÂÁö¸¦ Å×½ºÆ® ÇÏ´Â °ÍÀº ¾Æ·¡ÀÇ °úÁ¤À¸·Î Å×½ºÆ®¸¦ ÇÒ ¼ö°¡ ÀÖ´Ù.

 Hanterm - telnet localhost 25


 [root@oops mail]# php -r 'echo base64_encode("user")."\n";'
 dXNlcg==

 [root@oops mail]# php -r 'echo base64_encode("password")."\n";'
 cGFzc3dvcmQ=

 [root@oops mail]# telnet localhost 25

 Trying 127.0.0.1...
 Connected to localhost.
 Escape character is '^]'.
 220 work.oops.org ESMTP Sendmail 8.12.9/8.12.9; Sat, 23 Aug 2003 01:27:54 +0900
 AUTH LOGIN
 334 VXNlcm5hbWU6
 dXNlcg==
 334 UGFzc3dvcmQ6
 cGFzc3dvcmQ=
 235 2.0.0 OK Authenticated
 quit
 221 2.0.0 work.oops.org closing connection
 Connection closed by foreign host.

 [root@oops mail]#
sendmail auth ¿¡¼­ÀÇ ÀÎÁõ½Ã user name °ú password ´Â base64 encoding ÀÌ µÈ °ªÀ» ÀÌ¿ëÇØ¾ß ÇÑ´Ù. Áï À§ÀÇ °úÁ¤¿¡¼­ óÀ½ php ¸¦ ½ÇÇàÇÏ´Â °ÍÀÌ À¯Àú¸í°ú Æнº¿öµåÀÇ base64 ÀÎÄÚµù °ªÀ» ±¸ÇÏ´Â °úÁ¤À̸ç, 25¹ø Æ÷Æ®·Î Á¢¼ÓÀ» ÇÑ ºÎºÐ¿¡¼­ ºÓÀº»ö ±Û¾¾ ºÎºÐÀÌ ¹Ù·Î À¯Àú¸í°ú Æнÿöµå¸¦ ÀÔ·ÂÇÏ´Â ºÎºÐÀÌ´Ù. Æнº¿öµå¸¦ ³ÖÀº ÈÄ¿¡,
235 2.0.0 OK Authenticated
¸Þ¼¼Áö°¡ ³ª¿Â´Ù¸é ÀÎÁõ¿¡ ¼º°øÀ» ÇÑ °ÍÀÌ´Ù.

ÀÌ ¿Ü¿¡µµ 25¹ø port·Î Á÷Á¢ loginÇÏ¿© »ç¿ëÀ» ÇÏ´Â ¸í·ÉµéÀº ¿©±â ¸¦ ÂüÁ¶ Çϵµ·Ï ÇÑ´Ù.

9. SSL + Sendamil

smtp auth ±â´ÉÀ» »ç¿ëÇϱâ À§Çؼ­´Â libsasl °ú openssl À» ¿¬µ¿À» ÇÏ°Ô µÈ´Ù. ´öºÐ¿¡ TLS/TTS ¸¦ ÀÌ¿ëÇÏ¿© ÆÐŶÀ» ¾Ïȣȭ ÇÏ¿© º¸³¾¼ö°¡ ÀÖ´Ù. ÇÏÁö¸¸ ¾Æ½±°Ôµµ ¿ì¸®°¡ °¡Àå ¸¹ÀÌ »ç¿ëÇÏ´Â mail agent ÀÎ OutLook °ú Netscape mail agent ÀÇ °æ¿ì¿¡´Â libsasl ¿¡¼­ Á¦°øÇÏ´Â ¾Ïȣȭ°¡ Áö¿øÀÌ µÇÁö ¾Ê´Â´Ù.

°á±¹ ÆÐŶÀ» ¾Ïȣȭ ÇÏ¿© »ç¿ëÀ» ÇÏ·Á¸é ¶Ç´Ù¸¥ ÇÁ·Î±×·¥ÀÇ µµ¿òÀ» ¹Þ¾Æ¾ß ÇÑ´Ù. ±× ´ëÇ¥ÀûÀÎ ÇÁ·Î±×·¥ÀÌ ¹Ù·Î sslwrap °ú stunnel ÀÌ ÀÖ´Ù. ÇÊÀÚÀÇ È¨ÆäÀÌÁö¿¡¼­´Â sslwrap À» ÀÌ¿ëÇÏ¿© sendmail °ú ssl À» ¿¬µ¿½ÃÅ°´Â ¹æ¹ýÀ» Á¦½ÃÇÏ°í ÀÖ´Ù. ÇÊÀÚÀÇ °­Á¶õ¿¡¼­ Secure TCP with SSLWRAP °­Á¸¦ ÂüÁ¶ Çϵµ·Ï Ç϶ó.
Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2005-01-06 18:41:20
Processing time 0.0332 sec