Sendmail
centos 6.4 sendmail SMTP-AUTH 不工作
我想要帶有 sendmail 和 dovecot 的 cinfugiure centos 6.4 伺服器到 SMTP-AUTH ,我配置了 saslauthd 和 sendmail,但是 SMTP-AUTH 不起作用,實際配置是
$$ root@server sasl2 $$# rpm -qa | grep sendmail sendmail-8.14.4-8.el6.x86_64 sendmail-cf-8.14.4-8.el6.noarch
[root@server sasl2]# sendmail -d0.1 -bv Version 8.14.4 Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT ============ SYSTEM IDENTITY (after readcf) ============ (short domain name) $w = server (canonical domain name) $j = server.itzena.cz (subdomain name) $m = itzena.cz (node name) $k = server.itzena.cz ======================================================== Recipient names must be specified [root@server sasl2]# grep -v ^dnl /etc/mail/sendmail.mc divert(-1)dnl include(`/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(`setup for linux')dnl OSTYPE(`linux')dnl define(`confDEF_USER_ID', ``8:12'')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST', `True')dnl define(`confDONT_PROBE_INTERFACES', `True')dnl define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl define(`ALIAS_FILE', `/etc/aliases')dnl define(`STATUS_FILE', `/var/log/mail/statistics')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A')dnl define(`confAUTH_OPTIONS', `A p')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confTO_IDENT', `0')dnl FEATURE(`no_default_msa', `dnl')dnl FEATURE(`smrsh', `/usr/sbin/smrsh')dnl FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnl EXPOSED_USER(`root')dnl FEATURE(`accept_unresolvable_domains')dnl LOCAL_DOMAIN(`localhost.localdomain')dnl MAILER(smtp)dnl MAILER(procmail)dnl [root@server sasl2]# saslauthd -v saslauthd 2.1.23 authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap [root@server sasl2]# cat /etc/sasl2/Sendmail.conf pwcheck_method:saslauthd mech_list: PLAIN LOGIN [root@server sasl2]# telnet localhost 25 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 server.itzena.cz ESMTP Sendmail 8.14.4/8.14.4; Sat, 6 Jul 2013 14:58:49 +0200 ehlo localhost 250-server.itzena.cz Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-DELIVERBY 250 HELP
我有未註釋的行
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
但如果
[root@server ~]# telnet localhost 25 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 server.itzena.cz ESMTP Sendmail 8.14.4/8.14.4; Sun, 7 Jul 2013 09:17:08 +0200 ehlo localhost 250-server.itzena.cz Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-DELIVERBY 250 HELP AUTH LOGIN 503 5.3.3 AUTH not available
您目前的 m4 中有兩條相互矛盾的行:
define(`confAUTH_OPTIONS', `A')dnl define(`confAUTH_OPTIONS', `A p')dnl
假設其中第二個優先,該
p
標誌告訴 sendmail 除非加密到位,否則不要提供身份驗證,這意味著您需要啟動並執行 TLS 才能獲得身份驗證。這是與我的郵件伺服器的一對可比較的對話。第一個是明文,使用telnet
:[me@risby iplayer]$ telnet www.teaparty.net 25 Trying 2a01:8000:0:4::1:1... Connected to www.teaparty.net. Escape character is '^]'. 220 : ESMTP you accept terms at http://www.teaparty.net/smtp.html ehlo me 250-lory.teaparty.net Hello [IPv6:2001:4d48:ad51:3500:7271:bcff:feac:445a], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 14000000 250-ETRN 250-STARTTLS 250-DELIVERBY 250 HELP quit 221 2.0.0 lory.teaparty.net closing connection Connection closed by foreign host.
因為它是純文字連接,所以不提供身份驗證。現在我將嘗試使用
openssl
來建立啟用 TLS 的連接:[me@risby iplayer]$ openssl s_client -connect www.teaparty.net:25 -starttls smtp CONNECTED(00000003) [much crypto stuff deleted] 250 HELP ehlo me 250-lory.teaparty.net Hello [IPv6:2001:4d48:ad51:3500:7271:bcff:feac:445a], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 14000000 250-ETRN 250-AUTH LOGIN PLAIN 250-DELIVERBY 250 HELP quit 221 2.0.0 lory.teaparty.net closing connection
請注意如何
AUTH
提供選項。我注意到除了告訴 sendmail 只提供AUTH
加密是否到位之外,您還沒有配置 TLS;您需要先配置它,然後才能測試是否提供了 AUTH。在 sendmail 下配置 TLS 超出了這個問題的範圍,但是 SF 上已經有答案可以幫助解決這個問題。