Postfix + Cyrus 无法正常工作

tag-icon tag-icon postfix sasl
Postfix + Cyrus 无法正常工作

我遇到了一个问题。我已经配置了 Postfix 以便使用 Cyrus 运行,但它仍然无法正常工作。

/var/log/mail.log

Nov 29 10:44:24 mail postfix/submission/smtpd[32229]: connect from out.example.com[xxx.xxx.xxx.xxx]
Nov 29 10:44:55 mail postfix/submission/smtpd[32229]: timeout after EHLO from out.example.com[xxx.xxx.xxx.xxx]
Nov 29 10:44:57 mail postfix/submission/smtpd[32229]: disconnect from out.example.com[xxx.xxx.xxx.xxx] ehlo=2 starttls=1 commands=3
Nov 29 10:45:10 mail postfix/submission/smtpd[32229]: connect from out.example.com[xxx.xxx.xxx.xxx]
Nov 29 10:45:12 mail postfix/submission/smtpd[32229]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
Nov 29 10:45:12 mail postfix/submission/smtpd[32229]: warning: SASL authentication failure: Password verification failed
Nov 29 10:45:12 mail postfix/submission/smtpd[32229]: warning: out.example.com[xxx.xxx.xxx.xxx]: SASL PLAIN authentication failed: generic failure
Nov 29 10:45:12 mail postfix/submission/smtpd[32229]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
Nov 29 10:45:12 mail postfix/submission/smtpd[32229]: warning: out.example.com[xxx.xxx.xxx.xxx]: SASL LOGIN authentication failed: generic failure
Nov 29 10:45:42 mail postfix/submission/smtpd[32229]: timeout after AUTH from out.example.com[xxx.xxx.xxx.xxx]
Nov 29 10:45:45 mail postfix/submission/smtpd[32229]: disconnect from out.example.com[xxx.xxx.xxx.xxx] ehlo=2 starttls=1 auth=0/2 commands=3/5

主文件:

smtpd_banner = $myhostname ESMTP $mail_name
biff = no

append_dot_mydomain = no

readme_directory = no

smtpd_tls_cert_file=/etc/letsencrypt/live/myserver.tld/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/myserver.tld/privkey.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous

smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes

smtpd_helo_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sender_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain
smtpd_relay_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        defer_unauth_destination

myhostname = myserver.tld
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydomain = myserver.tld
myorigin = $mydomain
mydestination = localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_transport = lmtp:unix:private/dovecot-lmtp
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
smtpd_timeout = 30s
smtp_helo_timeout = 15s
smtp_rcpt_timeout = 15s
smtpd_recipient_limit = 40
minimal_backoff_time = 180s
maximal_backoff_time = 3h

invalid_hostname_reject_code = 550
non_fqdn_reject_code = 550
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
debug_peer_list = 81.95.108.131
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes

主配置文件

smtp      inet  n       -       n       -       1       postscreen
smtpd     pass  -       -       y       -       -       smtpd
#dnsblog   unix  -       -       y       -       0       dnsblog
#tlsproxy  unix  -       -       y       -       0       tlsproxy
submission inet n       -       y       -       -       smtpd
 -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=cyrus
  -o smtpd_sasl_path=smtpd
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=cyrus
  -o smtpd_sasl_path=smtpd
  -o smtpd_client_restrictions=permit_sasl_authenticated
  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       y       -       -       qmqpd
#smtp       inet  n       -       -       -       -       smtpd
pickup     unix  n       -       n       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
#qmgr     unix  n       -       n       300     1       oqmgr
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache
maildrop   unix  -       n       n       -       -       pipe flags=DRhu
    user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp       unix  -       n       n       -       -       pipe flags=Fqhu
    user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail     unix  -       n       n       -       -       pipe flags=F user=ftn
    argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp      unix  -       n       n       -       -       pipe flags=Fq.
    user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n       n       -       2       pipe flags=R
    user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
    ${user} ${extension}

mailman    unix  -       n       n       -       -       pipe flags=FR
    user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop}
    ${user}
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated
dovecot unix    -       n       n       -       -      pipe
    flags=DRh user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension}

mlmmj   unix  -       n       n       -       -       pipe
    flags=ORhu user=mlmmj:mlmmj argv=/usr/bin/mlmmj-amime-receive -L /var/vmail/mlmmj/${nexthop}

smtp-amavis unix -  -   n   -   9  smtp
    -o syslog_name=postfix/amavis
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

127.0.0.1:10025 inet n  -   n   -   -  smtpd
    -o syslog_name=postfix/10025
    -o content_filter=
    -o mynetworks_style=host
    -o mynetworks=127.0.0.0/8
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o strict_rfc821_envelopes=yes
    -o smtp_tls_security_level=none
    -o smtpd_tls_security_level=none
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_end_of_data_restrictions=
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
127.0.0.1:10028 inet n  -   n   -   -  smtpd
    -o syslog_name=postfix/10028
    -o content_filter=
    -o mynetworks_style=host
    -o mynetworks=127.0.0.0/8
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o strict_rfc821_envelopes=yes
    -o smtp_tls_security_level=none
    -o smtpd_tls_security_level=none
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_end_of_data_restrictions=
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
   -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

请问一下哪里配置错误了?Postfix 用户已添加到 sasl 组。
(由于 SuperUser Antispam,配置中的一些注释已被删除)

答案1

您的配置存在一些问题。Postfix 有两个部分:SMTP 和 SMTPD。客户端和其他邮件服务器连接到 SMTPD,服务器使用 SMTP 发送邮件。您已设置 SMTPD SASL 身份验证,但未设置 SMTP SASL 身份验证。要设置 SMTP SASL 身份验证,您需要做两件事。首先,您需要在 main.cf 中启用它:

smtp_sasl_auth_enable = yes

大多数 ISP 会阻止端口 25 发出的传出流量,以防止垃圾邮件,因此您可能必须使用电子邮件中继。如果您使用邮件中继,则需要在 /etc/postfix 中创建一个名为 sasl_password_maps 的文件。

touch /etc/postfix/sasl_password_maps

使用有关您的中继的信息填写 /etc/postfix/sasl_password_maps。

[subdomain.emailrelay.com]:587      username:password

然后,您必须将这些选项放入 main.cf 中:

smtp_sasl_password_maps = hash:/etc/postfix/sasl_password_maps
relayhost = [subdomain.examplemailrelay.com]:587

然后运行以下命令:

postmap /etc/postfix/sasl_password_maps
systemctl restart postfix

另外,以下是我喜欢使用的一些安全 SMTP 选项。如果您愿意,可以将它们放入 main.cf 中:

smtp_tls_security_level = encrypt
smtp_sasl_security_options = noanonymous
smtp_tls_loglevel = 1
smtp_dns_support_level = dnssec
smtp_enforce_tls = yes
smtp_use_tls = yes

我希望这有帮助!

相关内容