我没有太多维护邮件服务器的经验,但尽管如此,我必须将 sendmail 配置为其中一台服务器的 MTA。我遇到一个问题,即 sendmail 响应试图向外部域发送邮件的 MUA 时出现以下情况:
“拒绝中继。需要正确的身份验证。”
真正的问题是身份验证正在运行,但对经过身份验证的用户,中继被拒绝。以下日志显示身份验证成功,但中继被拒绝。
注意:敏感信息(用户名、IP...)已从日志中删除。“myusername”是 MUA 使用的用户名,MYIP 是 MUA 连接到 sendmail 的 IP 地址。
sendmail[31285]: p4GLALtU031285: <-- STARTTLS
sendmail[31285]: p4GLALtU031285: --- 220 2.0.0 Ready to start TLS
sendmail[31285]: STARTTLS=server, get_verify: 0 get_peer: 0x0
sendmail[31285]: STARTTLS=server, relay=MYDOMAIN [MYIP], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-CAMELLIA256-SHA, bits=256/256
sendmail[31285]: STARTTLS=server, cert-subject=, cert-issuer=, verifymsg=ok
sendmail[31285]: AUTH: available mech=PLAIN ANONYMOUS LOGIN, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
sendmail[31285]: STARTTLS=read, info: fds=7/4, err=2
sendmail[31285]: p4GLALtU031285: <-- EHLO [127.0.0.1]
sendmail[31285]: p4GLALtV031285: --- 250-example.com Hello MYDOMAIN [MYIP], pleased to meet you
sendmail[31285]: p4GLALtV031285: --- 250-ENHANCEDSTATUSCODES
sendmail[31285]: p4GLALtV031285: --- 250-PIPELINING
sendmail[31285]: p4GLALtV031285: --- 250-8BITMIME
sendmail[31285]: p4GLALtV031285: --- 250-SIZE
sendmail[31285]: p4GLALtV031285: --- 250-DSN
sendmail[31285]: p4GLALtV031285: --- 250-ETRN
sendmail[31285]: p4GLALtV031285: --- 250-AUTH LOGIN PLAIN
sendmail[31285]: p4GLALtV031285: --- 250-DELIVERBY
sendmail[31285]: p4GLALtV031285: --- 250 HELP
sendmail[31285]: STARTTLS=read, info: fds=7/4, err=2
sendmail[31285]: p4GLALtV031285: <-- AUTH PLAIN XXXXXXXXXXXXXXXXXXXXX==
sendmail[31285]: p4GLALtV031285: --- 235 2.0.0 OK Authenticated
sendmail[31285]: AUTH=server, relay=MYDOMAIN [MYIP], authid=myusername, mech=PLAIN, bits=0
sendmail[31285]: STARTTLS=read, info: fds=7/4, err=2
sendmail[31285]: p4GLALtV031285: <-- MAIL FROM:<[email protected]> SIZE=382
sendmail[31285]: p4GLALtV031285: --- 250 2.1.0 <[email protected]>... Sender ok
sendmail[31285]: STARTTLS=read, info: fds=7/4, err=2
sendmail[31285]: p4GLALtV031285: <-- RCPT TO:<[email protected]>
sendmail[31285]: p4GLALtV031285: --- 550 5.7.1 <[email protected]>... Relaying denied. Proper authentication required.
为什么 sendmail 会响应“235 2.0.0 OK Authenticated”,然后显示“拒绝中继。需要进行正确的身份验证。”?我觉得我在这里遗漏了一些重要的东西。
这是 sendmail.mc 文件的相关部分:
define(`confAUTH_OPTIONS', `A p')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'i)dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
这是 /etc/mail/access。安装后处于默认状态
# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# If you want to use AuthInfo with "M:PLAIN LOGIN", make sure to have the
# cyrus-sasl-plain package installed.
#
# By default we allow relaying from localhost...
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
答案1
感谢您的评论。问题已解决,解决方案愚蠢又令人尴尬。感谢 AlexD,我做到了:
grep AuthMech sendmail.cf
并得到这个:
C{TrustAuthMech}EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAINi
那个字母“i”在那里做什么?我不是 sendmail 专家,但我认为这不是指定“PLAIN”身份验证的正确方法。我检查了 .mc 文件,字母“i”在这里:
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'i)dnl
删除它,重建配置,重新启动服务器,就这样。一切都按预期进行。