{"id":171,"date":"2025-12-21T05:48:03","date_gmt":"2025-12-21T05:48:03","guid":{"rendered":"https:\/\/blogs.giamkichsan.com\/?p=171"},"modified":"2025-12-21T07:02:40","modified_gmt":"2025-12-21T07:02:40","slug":"171","status":"publish","type":"post","link":"https:\/\/blogs.giamkichsan.com\/index.php\/2025\/12\/21\/171\/","title":{"rendered":""},"content":{"rendered":"\n<p>Ok \ud83d\udc4d m\u00ecnh h\u01b0\u1edbng d\u1eabn b\u1ea1n <strong>c\u1ea5u h\u00ecnh Postfix port 587 (submission) \u0110\u00daNG CHU\u1ea8N<\/strong>, t\u1eebng b\u01b0\u1edbc, \u00e1p d\u1ee5ng cho <strong>Postfix (Ubuntu)<\/strong> nh\u01b0 server c\u1ee7a b\u1ea1n.<\/p>\n\n\n\n<p>M\u1ee5c ti\u00eau sau khi xong:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Port <strong>587<\/strong><\/li>\n\n\n\n<li><strong>STARTTLS<\/strong><\/li>\n\n\n\n<li><strong>SMTP AUTH<\/strong><\/li>\n\n\n\n<li>D\u00f9ng \u0111\u01b0\u1ee3c v\u1edbi <strong>MailKit \/ .NET<\/strong><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">\ud83c\udfaf M\u1ee4C TI\u00caU K\u1ef8 THU\u1eacT<\/h1>\n\n\n\n<p>Postfix s\u1ebd:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>L\u1eafng nghe <code>587<\/code><\/li>\n\n\n\n<li>B\u1eadt <code>STARTTLS<\/code><\/li>\n\n\n\n<li>Cho ph\u00e9p <code>AUTH LOGIN \/ PLAIN<\/code><\/li>\n\n\n\n<li>Ch\u1ec9 cho user \u0111\u00e3 auth g\u1eedi mail<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">1\ufe0f\u20e3 KI\u1ec2M TRA POSTFIX \u0110ANG L\u1eaeNG NGHE PORT 587 CH\u01afA<\/h1>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo netstat -plnt | grep :587\n<\/code><\/pre>\n\n\n\n<p>N\u1ebfu <strong>KH\u00d4NG th\u1ea5y<\/strong> \u2192 c\u1ea7n c\u1ea5u h\u00ecnh<br>N\u1ebfu <strong>C\u00d3<\/strong> nh\u01b0ng ch\u01b0a auth \u2192 v\u1eabn ph\u1ea3i ch\u1ec9nh<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">2\ufe0f\u20e3 S\u1eecA FILE <code>master.cf<\/code> (QUAN TR\u1eccNG NH\u1ea4T)<\/h1>\n\n\n\n<p>M\u1edf file:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo nano \/etc\/postfix\/master.cf\n<\/code><\/pre>\n\n\n\n<p>T\u00ecm (ho\u1eb7c th\u00eam) <strong>TO\u00c0N B\u1ed8 KH\u1ed0I D\u01af\u1edaI \u0110\u00c2Y<\/strong><br>\ud83d\udc49 <strong>NH\u1eda b\u1ecf d\u1ea5u <code>#<\/code> n\u1ebfu \u0111ang b\u1ecb comment<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>submission inet n       -       y       -       -       smtpd\n  -o syslog_name=postfix\/submission\n  -o smtpd_tls_security_level=encrypt\n  -o smtpd_sasl_auth_enable=yes\n  -o smtpd_tls_auth_only=yes\n  -o smtpd_reject_unlisted_recipient=no\n  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject\n  -o milter_macro_daemon_name=ORIGINATING\n<\/code><\/pre>\n\n\n\n<p>\ud83d\udccc \u00dd ngh\u0129a:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>submission<\/code> = port <strong>587<\/strong><\/li>\n\n\n\n<li><code>tls_security_level=encrypt<\/code> \u2192 B\u1eaeT BU\u1ed8C STARTTLS<\/li>\n\n\n\n<li><code>sasl_auth_enable=yes<\/code> \u2192 cho AUTH<\/li>\n\n\n\n<li><code>permit_sasl_authenticated<\/code> \u2192 ch\u1ec9 user auth m\u1edbi g\u1eedi<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">3\ufe0f\u20e3 C\u1ea4U H\u00ccNH SASL (AUTH) \u2013 B\u1eaeT BU\u1ed8C<\/h1>\n\n\n\n<h3 class=\"wp-block-heading\">M\u1edf file:<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo nano \/etc\/postfix\/main.cf\n<\/code><\/pre>\n\n\n\n<p>Th\u00eam ho\u1eb7c \u0111\u1ea3m b\u1ea3o c\u00f3:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># TLS\nsmtpd_tls_cert_file=\/etc\/letsencrypt\/live\/mail.giamkichsan.com\/fullchain.pem\nsmtpd_tls_key_file=\/etc\/letsencrypt\/live\/mail.giamkichsan.com\/privkey.pem\nsmtpd_tls_security_level=may\nsmtpd_tls_loglevel=1\n\n# SASL AUTH\nsmtpd_sasl_auth_enable = yes\nsmtpd_sasl_type = dovecot\nsmtpd_sasl_path = private\/auth\nsmtpd_sasl_security_options = noanonymous\nsmtpd_sasl_local_domain = $myhostname\nbroken_sasl_auth_clients = yes\n<\/code><\/pre>\n\n\n\n<p>\ud83d\udccc Postfix <strong>KH\u00d4NG t\u1ef1 auth<\/strong> \u2192 n\u00f3 d\u00f9ng <strong>Dovecot<\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">4\ufe0f\u20e3 C\u1ea4U H\u00ccNH DOVECOT (N\u1ebeU CH\u01afA C\u00d3)<\/h1>\n\n\n\n<h3 class=\"wp-block-heading\">Ki\u1ec3m tra dovecot:<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status dovecot\n<\/code><\/pre>\n\n\n\n<p>N\u1ebfu ch\u01b0a c\u00f3:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install dovecot-core dovecot-imapd -y\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">S\u1eeda file:<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo nano \/etc\/dovecot\/conf.d\/10-master.conf\n<\/code><\/pre>\n\n\n\n<p>T\u00ecm block:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>service auth {\n<\/code><\/pre>\n\n\n\n<p>B\u00ean trong ph\u1ea3i c\u00f3:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>service auth {\n  unix_listener \/var\/spool\/postfix\/private\/auth {\n    mode = 0660\n    user = postfix\n    group = postfix\n  }\n}\n<\/code><\/pre>\n\n\n\n<p>\ud83d\udccc C\u00e1i n\u00e0y cho ph\u00e9p Postfix g\u1ecdi Dovecot \u0111\u1ec3 AUTH<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">5\ufe0f\u20e3 KH\u1edeI \u0110\u1ed8NG L\u1ea0I D\u1ecaCH V\u1ee4<\/h1>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl restart dovecot\nsudo systemctl restart postfix\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">6\ufe0f\u20e3 TEST AUTH PORT 587 (C\u1ef0C K\u1ef2 QUAN TR\u1eccNG)<\/h1>\n\n\n\n<pre class=\"wp-block-code\"><code>openssl s_client -starttls smtp -connect mail.giamkichsan.com:587\n<\/code><\/pre>\n\n\n\n<p>Sau khi hi\u1ec7n:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>220 mail.giamkichsan.com ESMTP Postfix\n<\/code><\/pre>\n\n\n\n<p>G\u00f5:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>EHLO test\n<\/code><\/pre>\n\n\n\n<p>\ud83d\udc49 B\u1ea0N PH\u1ea2I TH\u1ea4Y:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>250-AUTH LOGIN PLAIN\n250-STARTTLS\n<\/code><\/pre>\n\n\n\n<p>\u2705 Th\u1ea5y AUTH \u2192 c\u1ea5u h\u00ecnh TH\u00c0NH C\u00d4NG<br>\u274c Kh\u00f4ng th\u1ea5y \u2192 Postfix ch\u01b0a nh\u1eadn SASL<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">7\ufe0f\u20e3 CODE .NET CHU\u1ea8N SAU KHI C\u1ea4U H\u00ccNH XONG<\/h1>\n\n\n\n<pre class=\"wp-block-code\"><code>client.Connect(\n    \"mail.giamkichsan.com\",\n    587,\n    SecureSocketOptions.StartTls\n);\n\nclient.Authenticate(\n    \"vcduan@giamkichsan.com\",\n    \"Soc@2902\"\n);\n\nclient.Send(message);\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">\ud83e\udde8 L\u1ed6I HAY G\u1eb6P &amp; C\u00c1CH S\u1eecA NHANH<\/h1>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>L\u1ed7i<\/th><th>Nguy\u00ean nh\u00e2n<\/th><\/tr><\/thead><tbody><tr><td>No AUTH<\/td><td>Dovecot ch\u01b0a link Postfix<\/td><\/tr><tr><td>535 auth failed<\/td><td>Sai user \/ mailbox<\/td><\/tr><tr><td>TLS error<\/td><td>Sai path cert<\/td><\/tr><tr><td>timeout<\/td><td>Firewall ch\u1eb7n 587<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>\ud83d\udc49 M\u1edf firewall:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw allow 587\/tcp\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">\u2705 T\u00d3M T\u1eaeT CH\u1ed0T<\/h1>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u274c \u0110\u1eebng c\u1ed1 port 465<\/li>\n\n\n\n<li>\u2705 <strong>587 + STARTTLS l\u00e0 chu\u1ea9n<\/strong><\/li>\n\n\n\n<li>\u2705 Postfix + Dovecot<\/li>\n\n\n\n<li>\u2705 MailKit ch\u1ea1y m\u01b0\u1ee3t<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>\ud83d\udc49 Sau khi b\u1ea1n c\u1ea5u h\u00ecnh xong, <strong>copy output c\u1ee7a l\u1ec7nh n\u00e0y<\/strong> g\u1eedi m\u00ecnh:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>openssl s_client -starttls smtp -connect mail.giamkichsan.com:587\n<\/code><\/pre>\n\n\n\n<p>M\u00ecnh s\u1ebd check v\u00e0 x\u00e1c nh\u1eadn <strong>OK 100% tr\u01b0\u1edbc khi b\u1ea1n ch\u1ea1y tool .NET<\/strong> \ud83d\udcaf<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udfe2 C\u00c1CH 2 (CHU\u1ea8N MAIL SERVER \u2013 KHUY\u00caN D\u00d9NG)<\/h2>\n\n\n\n<p>\ud83d\udc49 D\u00f9ng <strong>passwd-file<\/strong> cho mailbox (\u0110\u00daNG CHU\u1ea8N ISP)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1\ufe0f\u20e3 T\u1ea1o file password mailbox<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir -p \/etc\/dovecot\/passwd\nnano \/etc\/dovecot\/passwd\/users\n<\/code><\/pre>\n\n\n\n<p>N\u1ed9i dung:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>vcduan@giamkichsan.com:{PLAIN}Soc@2902\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">2\ufe0f\u20e3 S\u1eeda auth config<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/dovecot\/conf.d\/10-auth.conf\n<\/code><\/pre>\n\n\n\n<p>\u0110\u1ed5i th\u00e0nh:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>disable_plaintext_auth = no\nauth_mechanisms = plain login\n\n!include auth-passwdfile.conf.ext\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">3\ufe0f\u20e3 S\u1eeda passwd-file config<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/dovecot\/conf.d\/auth-passwdfile.conf.ext\n<\/code><\/pre>\n\n\n\n<p>\u0110\u1ea3m b\u1ea3o:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>passdb {\n  driver = passwd-file\n  args = scheme=PLAIN \/etc\/dovecot\/passwd\/users\n}\n\nuserdb {\n  driver = static\n  args = uid=vmail gid=vmail home=\/var\/mail\/vhosts\/%d\/%n\n}\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\"><p>Ok \ud83d\udc4d m\u00ecnh h\u01b0\u1edbng d\u1eabn b\u1ea1n c\u1ea5u h\u00ecnh Postfix port 587 (submission) \u0110\u00daNG CHU\u1ea8N, t\u1eebng b\u01b0\u1edbc, \u00e1p d\u1ee5ng cho Postfix (Ubuntu) nh\u01b0 server c\u1ee7a b\u1ea1n. <a class=\"mh-excerpt-more\" href=\"https:\/\/blogs.giamkichsan.com\/index.php\/2025\/12\/21\/171\/\" title=\"\">[&#8230;]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-171","post","type-post","status-publish","format-standard","hentry","category-ubuntu-he-dieu-hanh"],"_links":{"self":[{"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/posts\/171","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/comments?post=171"}],"version-history":[{"count":2,"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/posts\/171\/revisions"}],"predecessor-version":[{"id":173,"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/posts\/171\/revisions\/173"}],"wp:attachment":[{"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/media?parent=171"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/categories?post=171"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/tags?post=171"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}