Linux

mysql 未使用 cyrus 進行身份驗證以進行後綴身份驗證

  • February 19, 2021

所以我一直在建構一個郵件伺服器,我已經設置了 postfix 和一個數據庫,現在我想要的是 cyrus 應該從我已經設置了一個數據庫的數據庫中驗證我的郵件伺服器使用者,現在我遇到了一些問題

yum -y install cyrus-sasl*

我的後綴 -n 看起來像這樣

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
cyrus_sasl_config_path = /etc/sasl2/
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = localhost, 192.168.1.1
inet_protocols = ipv4
local_recipient_maps = mysql:/etc/postfix/mysql-local.cf
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = domain.com
myhostname = my.domain.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
smtpd_tls_key_file = /etc/postfix/ssl/server.key
smtpd_tls_security_level = may
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-aliases.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-users.cf

我的 postconf -M 看起來像這樣

smtp       inet  n       -       n       -       -       smtpd
submission inet  n       -       n       -       -       smtpd 
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_auth_enable=yes 
-o broken_sasl_auth_clients=yes 
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject 
-o milter_macro_daemon_name=ORIGINATING
smtps      inet  n       -       n       -       -       smtpd
-o smtpd_sasl_security_options=noanonymous 
-o smtpd_sasl_auth_enable=yes 
-o broken_sasl_auth_clients=yes 
-o syslog_name=postfix/smtps 
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject 
-o milter_macro_daemon_name=ORIGINATING
pickup     unix  n       -       n       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache

}

貓 /etc/sasl2/smtpd.conf

{

pwcheck_method: saslauthd
auxprop_plugin: mysql
mech_list: PLAIN LOGIN
sql_engine: mysql
sql_hostnames: 127.0.0.1, localhost
sql_user: postfix
sql_passwd: password
sql_database: server
sql_select: SELECT password FROM users WHERE email = '%u'

}

現在的問題是當我嘗試從 mysql 時,我無法驗證數據庫的使用者

貓 /etc/imapd.conf

configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN
allowplaintext: no
defaultdomain: mail
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
# uncomment this if you're operating in a DSCP environment (RFC-4594)
# qosmarking: af13

貓 /etc/cyrus.conf

# standard standalone server implementation

START {
 # do not delete this entry!
 recover       cmd="ctl_cyrusdb -r"

 # this is only necessary if using idled for IMAP IDLE
 idled         cmd="idled"
}

# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
 # add or remove based on preferences
 imap          cmd="imapd" listen="imap" prefork=5
 imaps         cmd="imapd -s" listen="imaps" prefork=1
 pop3          cmd="pop3d" listen="pop3" prefork=3
 pop3s         cmd="pop3d -s" listen="pop3s" prefork=1
 sieve         cmd="timsieved" listen="sieve" prefork=0

 # these are only necessary if receiving/exporting usenet via NNTP
#  nntp         cmd="nntpd" listen="nntp" prefork=3
#  nntps                cmd="nntpd -s" listen="nntps" prefork=1

 # at least one LMTP is required for delivery
#  lmtp         cmd="lmtpd" listen="lmtp" prefork=0
 lmtpunix      cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1

 # this is only necessary if using notifications
#  notify       cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1
}

EVENTS {
 # this is required
 checkpoint    cmd="ctl_cyrusdb -c" period=30

 # this is only necessary if using duplicate delivery suppression,
 # Sieve or NNTP
 delprune      cmd="cyr_expire -E 3" at=0400

 # this is only necessary if caching TLS sessions
 tlsprune      cmd="tls_prune" at=0400
}

所以任何人都可以讓我擺脫這個問題謝謝….

問題可能出在/etc/sasl2/smtpd.conf

pwcheck_method = auxprop

如果saslauthd使用,那麼它將查看 pam 方法數據庫並忽略指向 sql 的所有其他設置。此外,如果您只是嘗試在不設置 imap 的情況下發送郵件,則無法從郵件客戶端連接,因為郵件客戶端需要完整設置郵件伺服器,因此您需要手動設置郵件客戶端並將 smtp 設置為使用 StartTLS 埠 587,標準密碼身份驗證確保在郵件客戶端詢問您時提供正確的密碼。

基本上,如果您想使用saslauthd機制更好地安裝pam_mysql模組並設置/etc.pam.d/smtp以查找 mysql 數據庫。

希望這可以幫助

引用自:https://serverfault.com/questions/1052724