系統升級後後綴無法正常工作(沒有 SASL 身份驗證機制)
我在 Ubuntu Server 機器 14.04 LTS 上執行了一個工作的 postfix/dovecot 配置。然後我使用 . 升級到 16.04.2
do-release-upgrade
。除了我的郵件服務,一切似乎都正常。在更新之前一切正常,但現在我有一個奇怪的行為。當我從內部 LAN 連接時,客戶端沒有發生錯誤,但沒有顯示電子郵件,也沒有文件夾等,看起來郵件伺服器是空的。但是當我嘗試從外部(即 mxtoolbox)連接時,我得到You hung up on us after we connected. Please whitelist us. (connection lost)
. 在 syslog 中發生以下情況:postfix/smtpd[26657]: connect from pws3.mxtoolbox.com[64.20.227.134] dovecot: auth: Warning: sql: Ignoring changed user_query in /etc/dovecot/dovecot-sql.conf.ext, because us$ postfix/smtpd[26657]: fatal: no SASL authentication mechanisms postfix/master[21009]: warning: process /usr/lib/postfix/sbin/smtpd pid 26657 exit status 1 postfix/master[21009]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
我已經檢查了 no SASL 錯誤,但找不到問題。
libsasl2-modules
已安裝並且 saslauthd 服務正在執行,我在更新之前或之後沒有更改配置上的任何內容。我正在為郵件系統使用 postfix、dovecot 和 mysql 數據庫。
postconf -n
append_dot_mydomain = no biff = no dovecot_destination_recipient_limit = 1 inet_interfaces = all inet_protocols = all local_recipient_maps = $virtual_mailbox_maps mailbox_size_limit = 51200000 message_size_limit = 51200000 mydestination = myhostname = mymaildomain.tld mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client sbl.spamhaus.org, check_client_access cidr:/etc/postfix/ip-block, permit smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client sbl.spamhaus.org, check_client_access cidr:/etc/postfix/ip-block smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noplaintext smtpd_sasl_type = dovecot smtpd_sender_restrictions = reject_unknown_sender_domain smtpd_tls_cert_file = /etc/letsencrypt/live/koehnkenet.de/fullchain.pem smtpd_tls_ciphers = high smtpd_tls_key_file = /etc/letsencrypt/live/koehnkenet.de/privkey.pem smtpd_tls_loglevel = 1 smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_alias_maps = proxy:mysql:/etc/postfix/virtual/mysql-aliases.cf, proxy:mysql:/etc/postfix/virtual/mysql_virtual_alias_domain_maps.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual/mysql-domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual/mysql-maps.cf, proxy:mysql:/etc/postfix/virtual/mysql_virtual_alias_domain_mailbox_maps.cf, proxy:mysql:/etc/postfix/virtual/mysql_virtual_alias_domain_catchall_maps.cf virtual_transport = dovecot
systemctl status dovecot -l
dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled) Active: active (running) since Di 2017-05-02 00:59:41 CEST; 10h ago Docs: man:dovecot(1) http://wiki2.dovecot.org/ Process: 21507 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS) Process: 21512 ExecStart=/usr/sbin/dovecot (code=exited, status=0/SUCCESS) Main PID: 21515 (dovecot) CGroup: /system.slice/dovecot.service ├─21515 /usr/sbin/dovecot ├─21516 dovecot/anvil ├─21517 dovecot/log ├─21542 dovecot/config ├─26588 dovecot/imap-login ├─26592 dovecot/imap ├─26662 dovecot/imap-login ├─26666 dovecot/imap ├─26679 dovecot/auth ├─26680 dovecot/ssl-params └─26685 dovecot/auth -w
systemctl 狀態後綴 -l
postfix.service - LSB: Postfix Mail Transport Agent Loaded: loaded (/etc/init.d/postfix; bad; vendor preset: enabled) Drop-In: /run/systemd/generator/postfix.service.d └─50-postfix-$mail-transport-agent.conf Active: active (running) since Di 2017-05-02 00:28:49 CEST; 11h ago Docs: man:systemd-sysv-generator(8) Process: 20854 ExecStop=/etc/init.d/postfix stop (code=exited, status=0/SUCCESS) Process: 20883 ExecStart=/etc/init.d/postfix start (code=exited, status=0/SUCCESS) CGroup: /system.slice/postfix.service ├─21009 /usr/lib/postfix/sbin/master ├─21011 qmgr -l -t fifo -u ├─21015 tlsmgr -l -t unix -u -c └─25923 pickup -l -t fifo -u -c
systemctl 狀態 saslauthd -l
saslauthd.service - LSB: saslauthd startup script Loaded: loaded (/etc/init.d/saslauthd; bad; vendor preset: enabled) Active: active (running) since Di 2017-05-02 00:27:59 CEST; 11h ago Docs: man:systemd-sysv-generator(8) Process: 20756 ExecStop=/etc/init.d/saslauthd stop (code=exited, status=0/SUCCESS) Process: 20775 ExecStart=/etc/init.d/saslauthd start (code=exited, status=0/SUCCESS) CGroup: /system.slice/saslauthd.service ├─20799 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5 ├─20800 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5 ├─20801 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5 ├─20802 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5 └─20803 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5 Mai 02 00:27:59 Mydomain systemd[1]: Starting LSB: saslauthd startup script... Mai 02 00:27:59 Mydomain saslauthd[20775]: * Starting SASL Authentication Daemon saslauthd Mai 02 00:27:59 Mydomain saslauthd[20799]: detach_tty : master pid is: 20799 Mai 02 00:27:59 Mydomain saslauthd[20799]: ipc_init : listening on socket: /var/run/saslauthd/mux Mai 02 00:27:59 Mydomain saslauthd[20775]: ...done. Mai 02 00:27:59 Mydomain systemd[1]: Started LSB: saslauthd startup script.
/etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no append_dot_mydomain = no readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/letsencrypt/live/mydomain.tld/fullchain.pem smtpd_tls_key_file=/etc/letsencrypt/live/mydomain.tld/privkey.pem smtpd_use_tls=yes # Disable SSLv2/3 as they are vulnerable smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_ciphers = high smtpd_tls_loglevel = 1 myhostname = mydomain.tld myorigin = /etc/mailname mydestination = relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 51200000 message_size_limit = 51200000 recipient_delimiter = + inet_interfaces = all inet_protocols = all ###### SASL Auth ###### smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noplaintext ###### Use Dovecot LMTP Service to deliver Mails to Dovecot ###### #virtual_transport = lmtp:unix:private/dovecot-lmtp virtual_transport = dovecot dovecot_destination_recipient_limit=1 ##### Only allow mail transport if client is authenticated or in own network (PHP Scripts, ...) ###### smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client sbl.spamhaus.org, check_client_access cidr:/etc/postfix/ip-block, permit smtpd_sender_restrictions = reject_unknown_sender_domain ###### MySQL Connection ###### virtual_alias_maps = proxy:mysql:/etc/postfix/virtual/mysql-aliases.cf, proxy:mysql:/etc/postfix/virtual/mysql_virtual_alias_domain_maps.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual/mysql-maps.cf, proxy:mysql:/etc/postfix/virtual/mysql_virtual_alias_domain_mailbox_maps.cf, proxy:mysql:/etc/postfix/virtual/mysql_virtual_alias_domain_catchall_maps.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual/mysql-domains.cf local_recipient_maps = $virtual_mailbox_maps smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client sbl.spamhaus.org, check_client_access cidr:/etc/postfix/ip-block
/etc/postfix/master.cf
smtp inet n - y - - smtpd dovecot unix - n n - - pipe flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}
鴿子會議 -n
# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.13 (7b14904) # OS: Linux 4.4.0-75-generic x86_64 Ubuntu 16.04.2 LTS auth_mechanisms = plain login base_dir = /var/run/dovecot/ first_valid_uid = 150 last_valid_uid = 150 mail_gid = mail mail_home = /media/daten/vmail/%d/%n mail_location = maildir:~/mail:LAYOUT=fs mail_privileged_group = mail mail_uid = vmail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } postmaster_address = postmaster@mydomain.tld protocols = " imap lmtp" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = mail mode = 0600 user = vmail } } service lmtp { unix_listener lmtp { group = postfix mode = 0660 user = postfix } user = vmail } ssl = required ssl_cert = </etc/letsencrypt/live/mydomain.tld/fullchain.pem ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA ssl_key = </etc/letsencrypt/live/mydomain.tld/privkey.pem
MySQL 正在執行,憑據也在執行,dovecot 的 sql 查詢也在執行並輸出正確的數據,當我嘗試在 phpmyadmin 中使用它們時,postfixadmin 也在執行。硬碟已安裝並且路徑也正確,vmail 文件夾包含郵件和文件夾等。我不知道為什麼我無法從公共網路連接,但只能從本地網路連接,郵箱中沒有顯示電子郵件或文件夾。
我發現了問題。問題是我用
smtpd_sasl_security_options = noanonymous,noplaintext
但沒有設置
smtpd_tls_auth_only = yes
,所以明文連接立即被拒絕。在這裡找到答案:http: //postfix.1071664.n5.nabble.com/quot-smtpd-sasl-security-options-noplaintext-quot-with-dovecot-td25165.html