Postfix

PostFix 和 Dovecot - 沒有 smtp 身份驗證

  • May 23, 2013

我使用本指南來設置我的郵件伺服器,一切正常,除了似乎沒有任何 smtp 身份驗證。不知道發生了什麼,因為 mail.log 或 mail.err 中沒有任何指示。希望這裡有人可以幫助我。

這就是我執行 telnet 命令時發生的情況(我換掉了域和電子郵件地址)。

telnet pro.domain.org 25
Trying 50.576.3.15...
Connected to mail.domain.org.
Escape character is '^]'.
220 pro.domain.org ESMTP Postfix (Ubuntu)
ehlo example.com
250-pro.domain.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: <chris@gmail.com>
250 2.1.0 Ok
rcpt to: <chris@domain.org>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
asd
.
250 2.0.0 Ok: queued as 7C0F8D620
quit
221 2.0.0 Bye
Connection closed by foreign host.

這是 postconf -n 輸出

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
always_bcc = chris@domain.org
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
inet_interfaces = all
mailbox_size_limit = 0
mydestination = localhost
myhostname = pro.domain.org
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem
smtpd_tls_key_file = /etc/ssl/private/dovecot.pem
smtpd_use_tls = yes
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp

這是 postconf -a 輸出

cyrus
dovecot

這是 dovecot -n 輸出

# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 3.9.2-x86_64-linode32 x86_64 Ubuntu 12.04.2 LTS ext3
auth_mechanisms = plain login
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_privileged_group = mail
passdb {
 args = /etc/dovecot/dovecot-sql.conf.ext
 driver = sql
}
protocols = imap pop3 lmtp
service auth-worker {
 user = vmail
}
service auth {
 unix_listener /var/spool/postfix/private/auth {
   group = postfix
   mode = 0666
   user = postfix
 }
 unix_listener auth-userdb {
   mode = 0600
   user = vmail
 }
 user = dovecot
}
service imap-login {
 inet_listener imap {
   port = 0
 }
}
service lmtp {
 unix_listener /var/spool/postfix/private/dovecot-lmtp {
   group = postfix
   mode = 0600
   user = postfix
 }
}
service pop3-login {
 inet_listener pop3 {
   port = 0
 }
}
ssl = required
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
 args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
 driver = static
}

看來 dovecot 確實在創建套接字

ls -la /var/spool/postfix/private/auth
srw-rw-rw- 1 postfix postfix 0 May 22 23:10 /var/spool/postfix/private/auth

關於現在做什麼的任何想法?

您應該配置使用smtpd_tls_auth_only = yes,因為這不允許明文發送密碼。但是,這意味著AUTH只能通過加密通道獲得。你應該用

openssl s_client -connect smtp.example.com:25 -starttls smtp -CApath /etc/ssl/certs/

查看您的 dovecot 配置,您有:

unix_listener /var/spool/postfix/private/auth {
 group = postfix
 mode = 0666
 user = postfix

根據postfix的文件,你應該有一個套接字監聽而不是 unix_listener - 如果你正在做 unix_listener 你還應該有一個 TCP 套接字。所以你的 dovecot.conf 應該包含這個:

  socket listen {
    client {
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = postfix
      group = postfix
    }
  }

完成此操作後,重新啟動 dovecot 和 postfix。如果它仍然不起作用,請檢查您的後綴日誌(通常是 /var/log/mail.log)並從那裡發布任何資訊作為對原始問題的編輯。

原始答案,根據評論不適用

您將電子郵件發送到 $mydomain 中列出的收件人地址,並且您已將郵件伺服器配置為始終接受這些郵件。

要測試身份驗證,您需要從 $mynetwork 中未列出的網路進行連接,並將郵件發送給未列為允許的收件人域的收件人。

(事實上,如果你確實以正確的方式進行了測試,那麼弄清楚你是否沒有把你正在做的一半資訊弄明白會容易得多。)

引用自:https://serverfault.com/questions/510124