![SMTP 身份验证未登录中继服务器](https://linux22.com/image/590868/SMTP%20%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81%E6%9C%AA%E7%99%BB%E5%BD%95%E4%B8%AD%E7%BB%A7%E6%9C%8D%E5%8A%A1%E5%99%A8.png)
我正在尝试配置辅助 postfix 以针对我的主 postfix 服务器启用 SMTP AUTH(postfix + ldap auth + cyrus)
我已经关注http://www.postfix.org/SASL_README.html#client_sasl添加:
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
relayhost = [192.168.66.98]
辅助 postfix 的配置文件为:
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = localhost, 192.168.66.85
inet_protocols = all
local_recipient_maps =
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = ddol-test.com
mynetworks = 192.168.66.0/24, 127.0.0.0/8
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
relay_domains = $mydestination
relayhost = [192.168.66.98]
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
transport_maps =
unknown_local_recipient_reject_code = 550
# cat /etc/postfix/sasl_passwd
[192.168.66.98] [email protected]:1234
当我发送邮件时,它会被正确地重定向到 .66.98,但它不会对其进行身份验证,并且电子邮件的行为就像未经身份验证的用户一样。
这是我的主要 Postfix 配置:
# cat main.cf
...
...
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = smtpd
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
permit
smtpd_sender_restrictions =
reject_authenticated_sender_login_mismatch,
permit
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
check_policy_service inet:127.0.0.1:10031,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unverified_recipient,
check_policy_service inet:127.0.0.1:10045,
reject_rbl_client bl.spamcop.net,
reject_rbl_client psbl.surriel.com,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client xbl.spamhaus.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client combined.rbl.msrbl.net,
reject_rbl_client relays.ordb.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client dnsbl.njabl.org,
permit
header_checks = pcre:/etc/postfix/header_checks
smtpd_end_of_data_restrictions =
check_policy_service inet:127.0.0.1:10031
soft_bounce = no
smtpd_helo_required = yes
smtpd_delay_reject = yes
disable_vrfy_command = yes
smtpd_sender_login_maps = ldap:/etc/postfix/sender_maps
amavisd-new_destination_concurrency_limit = 20
virtual_alias_maps = ldap:/etc/postfix/mailRedirect ldap:/etc/postfix/virtual ldap:/etc/postfix/catch-all
smtpd_sasl_local_domain =
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
message_size_limit=15728640
目前,从辅助 postfix 发送的任何邮件都会被转发到主 postfix,但它会像未经身份验证的用户一样通过所有检查,但我不希望这样。我希望电子邮件的行为与经过身份验证的用户相同,并停止在 smtpd_recipient_restrictions 中的“permit_sasl_authenticated”中。
答案1
你的问题在这里:
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
relayhost = [192.168.66.98]
请注意,您使用的是“smtpd”而不是“smtp”。这意味着您正在为监听守护进程而不是发送代理设置 sasl。
以下是我所使用的:
# use authentication
relayhost = [mail.messagingengine.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options = noanonymous
并且它运行良好。
哦-saslpass 的内容是:
mail.messagingengine.com [email protected]:mypass
注意冒号和空格。我猜你需要在那里输入 IP 地址,或者在 /etc/hosts 中输入一个条目并使用名称。@my.domain 是因为 messagesengine 使用完全合格的电子邮件地址进行登录。你可能只需要一个用户名。