Smtp

Exim4 對 Courier 的 SMTP 身份驗證

  • November 14, 2010

我最近使用 Courier 在 Ubuntu 10.04 伺服器上設置了 Exim4。本地郵件傳遞一切正常,唯一缺少的是 SMTP 身份驗證。我在 Courier 的伺服器上設置了一個帳戶,但是每當我嘗試發送到主機時,它都不會提示我進行身份驗證並報告以下內容:

Error while Sending message.

RCPT TO <marco.ceppi.use@gmail.com> failed: relay not permitted

我在“超級調試模式”下執行 exim 並收到以下資訊:

Exim version 4.71 uid=0 gid=0 pid=28644 D=fbb95cfd
Berkeley DB: Berkeley DB 4.8.24: (August 14, 2009)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
GnuTLS compile-time version: 2.8.5
GnuTLS runtime version: 2.8.5
changed uid/gid: forcing real = effective
 uid=0 gid=0 pid=28644
 auxiliary group list: <none>
seeking password data for user "uucp": cache not available
getpwnam() succeeded uid=10 gid=10
configuration file is /var/lib/exim4/config.autogenerated
log selectors = 00000ffc 00612001
cwd=/etc/exim4 5 args: exim -d+acl+auth -oX 588 -bd
trusted user
admin user
seeking password data for user "mail": cache not available
getpwnam() succeeded uid=8 gid=8
seeking password data for user "mail": using cached result
getpwnam() succeeded uid=8 gid=8
user name "root" extracted from gecos field "root"
originator: uid=0 gid=0 login=root name=root
28644 daemon_smtp_port overridden by -oX:
28644   <: 588
28644 listening on 205.186.156.60 port 588
28644 changed uid/gid: running as a daemon
28644   uid=111 gid=113 pid=28644
28644   auxiliary group list: 113
28644 LOG: MAIN
28644   exim 4.71 daemon started: pid=28644, no queue runs, listening for SMTP on [205.186.156.60]:588
28644 set_process_info: 28644 daemon: no queue runs, listening for SMTP on [205.186.156.60]:588
28644 daemon running with uid=111 gid=113 euid=111 egid=113
28644 Listening...
28644 Connection request from 173.66.235.14 port 32994
28644 search_tidyup called
28644 1 SMTP accept process running
28644 Listening...
31812 sender_fullhost = [173.66.235.14]
31812 sender_rcvhost = [173.66.235.14]
31812 Process 31812 is handling incoming connection from [173.66.235.14]
31812 host in host_lookup? no (option unset)
31812 set_process_info: 31812 handling incoming connection from [173.66.235.14]
31812 host in host_reject_connection? no (option unset)
31812 host in sender_unqualified_hosts? no (option unset)
31812 host in recipient_unqualified_hosts? no (option unset)
31812 host in helo_verify_hosts? no (option unset)
31812 host in helo_try_verify_hosts? no (option unset)
31812 host in helo_accept_junk_hosts? no (option unset)
31812 SMTP>> 220 dagobah.seacrow.org ESMTP Exim 4.71 Sat, 13 Nov 2010 22:20:22 -0500
31812 Process 31812 is ready for new message
31812 smtp_setup_msg entered
31812 SMTP<< EHLO [192.168.1.6]
31812 [192.168.1.6] in helo_lookup_domains? no (end of list)
31812 sender_fullhost = ([192.168.1.6]) [173.66.235.14]
31812 sender_rcvhost = [173.66.235.14] (helo=[192.168.1.6])
31812 set_process_info: 31812 handling incoming connection from ([192.168.1.6]) [173.66.235.14]
31812 host in pipelining_advertise_hosts? yes (matched "*")
31812 host in auth_advertise_hosts? yes (matched "*")
31812 host in tls_advertise_hosts? no (option unset)
31812 SMTP>> 250-dagobah.seacrow.org Hello [192.168.1.6] [173.66.235.14]
31812 250-SIZE 52428800
31812 250-PIPELINING
31812 250 HELP
31812 SMTP<< MAIL FROM:<MYEMAIL@example.com>
31812 using ACL "acl_check_mail"
31812 processing "accept"
31812 accept: condition test succeeded
31812 SMTP>> 250 OK
31812 SMTP<< RCPT TO:<marco.ceppi.use@gmail.com>
31812 using ACL "acl_check_rcpt"
31812 processing "accept"
31812 check hosts = :
31812 host in ":"? no (end of list)
31812 accept: condition test failed
31812 processing "deny"
31812 check domains = +local_domains
31812 search_open: dsearch "/etc/valiases"
31812 search_find: file="/etc/valiases"
31812   key="gmail.com" partial=-1 affix=NULL starflags=0
31812 LRU list:
31812   4/etc/valiases
31812   End
31812 internal_search_find: file="/etc/valiases"
31812   type=dsearch key="gmail.com"
31812 file lookup required for gmail.com
31812   in /etc/valiases
31812 lookup failed
31812 search_open: dsearch "/var/mail/virtual"
31812 search_find: file="/var/mail/virtual"
31812   key="gmail.com" partial=-1 affix=NULL starflags=0
31812 LRU list:
31812   4/var/mail/virtual
31812   4/etc/valiases
31812   End
31812 internal_search_find: file="/var/mail/virtual"
31812   type=dsearch key="gmail.com"
31812 file lookup required for gmail.com
31812   in /var/mail/virtual
31812 lookup failed
31812 gmail.com in "@:localhost:dsearch;/etc/valiases:dsearch;/var/mail/virtual"? no (end of list)
31812 gmail.com in "+local_domains"? no (end of list)
31812 deny: condition test failed
31812 processing "deny"
31812 check domains = !+local_domains
31812 cached no match for +local_domains
31812 cached lookup data = NULL
31812 gmail.com in "!+local_domains"? yes (end of list)
31812 check local_parts = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
31812 marco.ceppi.use in "^[./|] : ^.*[@%!`#&?] : ^.*/\.\./"? no (end of list)
31812 deny: condition test failed
31812 processing "accept"
31812 check local_parts = postmaster
31812 marco.ceppi.use in "postmaster"? no (end of list)
31812 accept: condition test failed
31812 processing "deny"
31812 check !acl = acl_local_deny_exceptions
31812 using ACL "acl_local_deny_exceptions"
31812 processing "accept"
31812 check hosts = ${if exists{/etc/exim4/host_local_deny_exceptions}{/etc/exim4/host_local_deny_exceptions}{}}
31812 host in ""? no (end of list)
31812 accept: condition test failed
31812 processing "accept"
31812 check senders = ${if exists{/etc/exim4/sender_local_deny_exceptions}{/etc/exim4/sender_local_deny_exceptions}{}}
31812 MYEMAIL@example.com in ""? no (end of list)
31812 accept: condition test failed
31812 processing "accept"
31812 check hosts = ${if exists{/etc/exim4/local_host_whitelist}{/etc/exim4/local_host_whitelist}{}}
31812 host in ""? no (end of list)
31812 accept: condition test failed
31812 processing "accept"
31812 check senders = ${if exists{/etc/exim4/local_sender_whitelist}{/etc/exim4/local_sender_whitelist}{}}
31812 MYEMAIL@example.com in ""? no (end of list)
31812 accept: condition test failed
31812 end of ACL "acl_local_deny_exceptions": implicit DENY
31812 check senders = ${if exists{/etc/exim4/local_sender_callout}{/etc/exim4/local_sender_callout}{}}
31812 MYEMAIL@example.com in ""? no (end of list)
31812 deny: condition test failed
31812 processing "accept"
31812 check hosts = +relay_from_hosts
31812 host in ": 127.0.0.1 : ::::1"? no (end of list)
31812 host in "+relay_from_hosts"? no (end of list)
31812 accept: condition test failed
31812 processing "accept"
31812 check authenticated = *
31812 accept: condition test failed
31812 processing "require"
31812 check domains = +local_domains : +relay_to_domains
31812 cached no match for +local_domains
31812 cached lookup data = NULL
31812 gmail.com in "empty"? no (end of list)
31812 gmail.com in "+local_domains : +relay_to_domains"? no (end of list)
31812 require: condition test failed
31812 SMTP>> 550 relay not permitted
31812 LOG: MAIN REJECT
31812   H=([192.168.1.6]) [173.66.235.14] F=<MYEMAIL@example.com> rejected RCPT <marco.ceppi.use@gmail.com>: relay not permitted
31812 SMTP<< QUIT
31812 SMTP>> 221 dagobah.seacrow.org closing connection
31812 LOG: smtp_connection MAIN
31812   SMTP connection from ([192.168.1.6]) [173.66.235.14] closed by QUIT
31812 search_tidyup called
28644 child 31812 ended: status=0x0
28644 0 SMTP accept processes now running
28644 Listening...

我注意到它沒有在輸出頂部的 Authenticators 行中列出 courier。我相信這是我遇到的問題。我不知道如何讓它尋找Courier。我的身份驗證器部分有以下內容:

begin authenticators

plain_courier_authdaemon:
 driver = plaintext
 public_name = PLAIN
 server_condition = \
   ${extract {ADDRESS} \
             {${readsocket{/var/run/courier/authdaemon/socket} \
             {AUTH ${strlen:exim\nlogin\n$auth2\n$auth3\n}\nexim\nlogin\n$auth2\n$auth3\n} }} \
             {yes} \
             fail}
 server_set_id = $auth2
 .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
 server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
 .endif

login_courier_authdaemon:
 driver = plaintext
 public_name = LOGIN
 server_prompts = Username:: : Password::
 server_condition = \
   ${extract {ADDRESS} \
             {${readsocket{/var/run/courier/authdaemon/socket} \
             {AUTH ${strlen:exim\nlogin\n$auth1\n$auth2\n}\nexim\nlogin\n$auth1\n$auth2\n} }} \
             {yes} \
             fail}
 server_set_id = $auth1
 .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
 server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
 .endif


cram_md5:
 driver = cram_md5
 public_name = CRAM-MD5
 client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
 client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}

PASSWDLINE=${sg{\
               ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
           }\
           {\\N[\\^]\\N}\
           {^^}\
       }

plain:
 driver = plaintext
 public_name = PLAIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
 client_send = "<; ${if !eq{$tls_cipher}{}\
                   {^${extract{1}{:}{PASSWDLINE}}\
            ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
          }fail}"
.else
 client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
           ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif

login:
 driver = plaintext
 public_name = LOGIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
 client_send = "<; ${if and{\
                         {!eq{$tls_cipher}{}}\
                         {!eq{PASSWDLINE}{}}\
                        }\
                     {}fail}\
                ; ${extract{1}{::}{PASSWDLINE}}\
        ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.else
 client_send = "<; ${if !eq{PASSWDLINE}{}\
                     {}fail}\
                ; ${extract{1}{::}{PASSWDLINE}}\
        ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif

(評論已從輸出中刪除)

當然,在詢問後幾分鐘,以及詢問前幾個小時的搜尋,我想通了。我還沒有在這個郵件伺服器上使用 TLS,所以我需要添加AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = true到 exim4.conf.template 文件的頂部。

引用自:https://serverfault.com/questions/201616