Smtp
Exim4 對 Courier 的 SMTP 身份驗證
我最近使用 Courier 在 Ubuntu 10.04 伺服器上設置了 Exim4。本地郵件傳遞一切正常,唯一缺少的是 SMTP 身份驗證。我在 Courier 的伺服器上設置了一個帳戶,但是每當我嘗試發送到主機時,它都不會提示我進行身份驗證並報告以下內容:
Error while Sending message. RCPT TO <marco.ceppi.use@gmail.com> failed: relay not permitted
我在“超級調試模式”下執行 exim 並收到以下資訊:
Exim version 4.71 uid=0 gid=0 pid=28644 D=fbb95cfd Berkeley DB: Berkeley DB 4.8.24: (August 14, 2009) Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM Old_Demime Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp Fixed never_users: 0 Size of off_t: 8 GnuTLS compile-time version: 2.8.5 GnuTLS runtime version: 2.8.5 changed uid/gid: forcing real = effective uid=0 gid=0 pid=28644 auxiliary group list: <none> seeking password data for user "uucp": cache not available getpwnam() succeeded uid=10 gid=10 configuration file is /var/lib/exim4/config.autogenerated log selectors = 00000ffc 00612001 cwd=/etc/exim4 5 args: exim -d+acl+auth -oX 588 -bd trusted user admin user seeking password data for user "mail": cache not available getpwnam() succeeded uid=8 gid=8 seeking password data for user "mail": using cached result getpwnam() succeeded uid=8 gid=8 user name "root" extracted from gecos field "root" originator: uid=0 gid=0 login=root name=root 28644 daemon_smtp_port overridden by -oX: 28644 <: 588 28644 listening on 205.186.156.60 port 588 28644 changed uid/gid: running as a daemon 28644 uid=111 gid=113 pid=28644 28644 auxiliary group list: 113 28644 LOG: MAIN 28644 exim 4.71 daemon started: pid=28644, no queue runs, listening for SMTP on [205.186.156.60]:588 28644 set_process_info: 28644 daemon: no queue runs, listening for SMTP on [205.186.156.60]:588 28644 daemon running with uid=111 gid=113 euid=111 egid=113 28644 Listening... 28644 Connection request from 173.66.235.14 port 32994 28644 search_tidyup called 28644 1 SMTP accept process running 28644 Listening... 31812 sender_fullhost = [173.66.235.14] 31812 sender_rcvhost = [173.66.235.14] 31812 Process 31812 is handling incoming connection from [173.66.235.14] 31812 host in host_lookup? no (option unset) 31812 set_process_info: 31812 handling incoming connection from [173.66.235.14] 31812 host in host_reject_connection? no (option unset) 31812 host in sender_unqualified_hosts? no (option unset) 31812 host in recipient_unqualified_hosts? no (option unset) 31812 host in helo_verify_hosts? no (option unset) 31812 host in helo_try_verify_hosts? no (option unset) 31812 host in helo_accept_junk_hosts? no (option unset) 31812 SMTP>> 220 dagobah.seacrow.org ESMTP Exim 4.71 Sat, 13 Nov 2010 22:20:22 -0500 31812 Process 31812 is ready for new message 31812 smtp_setup_msg entered 31812 SMTP<< EHLO [192.168.1.6] 31812 [192.168.1.6] in helo_lookup_domains? no (end of list) 31812 sender_fullhost = ([192.168.1.6]) [173.66.235.14] 31812 sender_rcvhost = [173.66.235.14] (helo=[192.168.1.6]) 31812 set_process_info: 31812 handling incoming connection from ([192.168.1.6]) [173.66.235.14] 31812 host in pipelining_advertise_hosts? yes (matched "*") 31812 host in auth_advertise_hosts? yes (matched "*") 31812 host in tls_advertise_hosts? no (option unset) 31812 SMTP>> 250-dagobah.seacrow.org Hello [192.168.1.6] [173.66.235.14] 31812 250-SIZE 52428800 31812 250-PIPELINING 31812 250 HELP 31812 SMTP<< MAIL FROM:<MYEMAIL@example.com> 31812 using ACL "acl_check_mail" 31812 processing "accept" 31812 accept: condition test succeeded 31812 SMTP>> 250 OK 31812 SMTP<< RCPT TO:<marco.ceppi.use@gmail.com> 31812 using ACL "acl_check_rcpt" 31812 processing "accept" 31812 check hosts = : 31812 host in ":"? no (end of list) 31812 accept: condition test failed 31812 processing "deny" 31812 check domains = +local_domains 31812 search_open: dsearch "/etc/valiases" 31812 search_find: file="/etc/valiases" 31812 key="gmail.com" partial=-1 affix=NULL starflags=0 31812 LRU list: 31812 4/etc/valiases 31812 End 31812 internal_search_find: file="/etc/valiases" 31812 type=dsearch key="gmail.com" 31812 file lookup required for gmail.com 31812 in /etc/valiases 31812 lookup failed 31812 search_open: dsearch "/var/mail/virtual" 31812 search_find: file="/var/mail/virtual" 31812 key="gmail.com" partial=-1 affix=NULL starflags=0 31812 LRU list: 31812 4/var/mail/virtual 31812 4/etc/valiases 31812 End 31812 internal_search_find: file="/var/mail/virtual" 31812 type=dsearch key="gmail.com" 31812 file lookup required for gmail.com 31812 in /var/mail/virtual 31812 lookup failed 31812 gmail.com in "@:localhost:dsearch;/etc/valiases:dsearch;/var/mail/virtual"? no (end of list) 31812 gmail.com in "+local_domains"? no (end of list) 31812 deny: condition test failed 31812 processing "deny" 31812 check domains = !+local_domains 31812 cached no match for +local_domains 31812 cached lookup data = NULL 31812 gmail.com in "!+local_domains"? yes (end of list) 31812 check local_parts = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./ 31812 marco.ceppi.use in "^[./|] : ^.*[@%!`#&?] : ^.*/\.\./"? no (end of list) 31812 deny: condition test failed 31812 processing "accept" 31812 check local_parts = postmaster 31812 marco.ceppi.use in "postmaster"? no (end of list) 31812 accept: condition test failed 31812 processing "deny" 31812 check !acl = acl_local_deny_exceptions 31812 using ACL "acl_local_deny_exceptions" 31812 processing "accept" 31812 check hosts = ${if exists{/etc/exim4/host_local_deny_exceptions}{/etc/exim4/host_local_deny_exceptions}{}} 31812 host in ""? no (end of list) 31812 accept: condition test failed 31812 processing "accept" 31812 check senders = ${if exists{/etc/exim4/sender_local_deny_exceptions}{/etc/exim4/sender_local_deny_exceptions}{}} 31812 MYEMAIL@example.com in ""? no (end of list) 31812 accept: condition test failed 31812 processing "accept" 31812 check hosts = ${if exists{/etc/exim4/local_host_whitelist}{/etc/exim4/local_host_whitelist}{}} 31812 host in ""? no (end of list) 31812 accept: condition test failed 31812 processing "accept" 31812 check senders = ${if exists{/etc/exim4/local_sender_whitelist}{/etc/exim4/local_sender_whitelist}{}} 31812 MYEMAIL@example.com in ""? no (end of list) 31812 accept: condition test failed 31812 end of ACL "acl_local_deny_exceptions": implicit DENY 31812 check senders = ${if exists{/etc/exim4/local_sender_callout}{/etc/exim4/local_sender_callout}{}} 31812 MYEMAIL@example.com in ""? no (end of list) 31812 deny: condition test failed 31812 processing "accept" 31812 check hosts = +relay_from_hosts 31812 host in ": 127.0.0.1 : ::::1"? no (end of list) 31812 host in "+relay_from_hosts"? no (end of list) 31812 accept: condition test failed 31812 processing "accept" 31812 check authenticated = * 31812 accept: condition test failed 31812 processing "require" 31812 check domains = +local_domains : +relay_to_domains 31812 cached no match for +local_domains 31812 cached lookup data = NULL 31812 gmail.com in "empty"? no (end of list) 31812 gmail.com in "+local_domains : +relay_to_domains"? no (end of list) 31812 require: condition test failed 31812 SMTP>> 550 relay not permitted 31812 LOG: MAIN REJECT 31812 H=([192.168.1.6]) [173.66.235.14] F=<MYEMAIL@example.com> rejected RCPT <marco.ceppi.use@gmail.com>: relay not permitted 31812 SMTP<< QUIT 31812 SMTP>> 221 dagobah.seacrow.org closing connection 31812 LOG: smtp_connection MAIN 31812 SMTP connection from ([192.168.1.6]) [173.66.235.14] closed by QUIT 31812 search_tidyup called 28644 child 31812 ended: status=0x0 28644 0 SMTP accept processes now running 28644 Listening...
我注意到它沒有在輸出頂部的 Authenticators 行中列出 courier。我相信這是我遇到的問題。我不知道如何讓它尋找Courier。我的身份驗證器部分有以下內容:
begin authenticators plain_courier_authdaemon: driver = plaintext public_name = PLAIN server_condition = \ ${extract {ADDRESS} \ {${readsocket{/var/run/courier/authdaemon/socket} \ {AUTH ${strlen:exim\nlogin\n$auth2\n$auth3\n}\nexim\nlogin\n$auth2\n$auth3\n} }} \ {yes} \ fail} server_set_id = $auth2 .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} .endif login_courier_authdaemon: driver = plaintext public_name = LOGIN server_prompts = Username:: : Password:: server_condition = \ ${extract {ADDRESS} \ {${readsocket{/var/run/courier/authdaemon/socket} \ {AUTH ${strlen:exim\nlogin\n$auth1\n$auth2\n}\nexim\nlogin\n$auth1\n$auth2\n} }} \ {yes} \ fail} server_set_id = $auth1 .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} .endif cram_md5: driver = cram_md5 public_name = CRAM-MD5 client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}} client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}} PASSWDLINE=${sg{\ ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\ }\ {\\N[\\^]\\N}\ {^^}\ } plain: driver = plaintext public_name = PLAIN .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS client_send = "<; ${if !eq{$tls_cipher}{}\ {^${extract{1}{:}{PASSWDLINE}}\ ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\ }fail}" .else client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\ ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}" .endif login: driver = plaintext public_name = LOGIN .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS client_send = "<; ${if and{\ {!eq{$tls_cipher}{}}\ {!eq{PASSWDLINE}{}}\ }\ {}fail}\ ; ${extract{1}{::}{PASSWDLINE}}\ ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}" .else client_send = "<; ${if !eq{PASSWDLINE}{}\ {}fail}\ ; ${extract{1}{::}{PASSWDLINE}}\ ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}" .endif
(評論已從輸出中刪除)
當然,在詢問後幾分鐘,以及詢問前幾個小時的搜尋,我想通了。我還沒有在這個郵件伺服器上使用 TLS,所以我需要添加
AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = true
到 exim4.conf.template 文件的頂部。