Sendmail

認證成功,但發送仍然失敗

  • October 27, 2017

我正在嘗試將我的家庭伺服器配置為中繼來自家庭 iPhone 的電子郵件。為此,我在伺服器的 SASL 數據庫中創建了一個“使用者”帳戶,並將 sendmail 配置為使用 CRAM-MD5 作為唯一的 SASL 機制。在日誌中(在高詳細級別)sendmail 說:

AUTH: available mech=CRAM-MD5, allowed mech=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5

當 iPhone 連接時,它的身份驗證嘗試似乎成功了(參見下面的交換)。但是,無論如何,電子郵件都會被拒絕,這完全讓我感到困惑……

<-- EHLO [192.168.1.171]
--- 250-symbion.example.com Hello ... [...], pleased to meet you
--- 250-ENHANCEDSTATUSCODES
--- 250-PIPELINING
--- 250-8BITMIME
--- 250-SIZE
--- 250-DSN
--- 250-AUTH CRAM-MD5
--- 250-STARTTLS
--- 250-DELIVERBY
--- 250 HELP
<-- AUTH CRAM-MD5
--- 334 PDEzOT....dG1hbi5jb20+
--- 235 2.0.0 OK Authenticated
<-- MAIL FROM:<mi+m@aldan.example.net>
Authentication-Warning: symbion.example.com: Host ... [...] claimed to be [192.168.1.171]
--- 403 4.7.0 authentication required
ruleset=check_mail, arg1=<mi+m@aldan.example.net>, relay=... [...], reject=403 4.7.0 authentication required
<-- RCPT TO:<info@......>
--- 503 5.0.0 Need MAIL before RCPT
<-- DATA
--- 503 5.0.0 Need MAIL command
<-- QUIT
--- 221 2.0.0 symbion.example.com closing connection

我的access數據庫不大:

CERTISSUER:/MY/OWN/Certificate/Authority   RELAY
TLS_Clt:127.0.0.1       OK
TLS_Clt:192.168.1       OK
TLS_Clt:        VERIFY:112
Try_TLS:127.0.0.1       NO
Try_TLS:192.168.1       NO
Connect:192.168.1       RELAY
Connect:127.0.0.1       RELAY
Srv_Features:127.0.0.1  S A V
Srv_Features:192.168.1  S A V
Srv_Features:   s a v

與本地呼叫的 sendmail 相同:

% sendmail -O LogLevel=14 -bs -Am
220 symbion.example.com ESMTP Sendmail 8.15.2/8.15.2; Fri, 27 Oct 2017 01:02:25 -0400 (EDT)
AUTH CRAM-MD5
334 PDEwM....vbT4=
cmlvc0BzeW1ia...JhYjU5
235 2.0.0 OK Authenticated
MAIL FROM: mi@meow
403 4.7.0 authentication required

好吧,這是罪魁禍首:

TLS_Clt:        VERIFY:112

沒有必要,而且確實有害,因為無法將愚蠢的 iPhone 配置為提供客戶端證書。一旦我刪除了上述行,身份驗證就開始對提供令人滿意的證書的對等方提供預共享憑據的對等方起作用CRAM-MD5

(這AUTH_OPTIONS部分被證明是無關緊要的。)

引用自:https://serverfault.com/questions/880547