最近我配置了使用 Postfix 和 Courier 的邮件服务器。除了通过 Postfix 服务器(运行在端口 587 上)发送邮件时的身份验证外,一切正常,该服务器启用了 StartTLS 并使用带有虚拟域和地图的 SASLAuthentication。
日志
当我尝试连接我的电子邮件客户端发送消息时,我会收到以下消息并显示在 /var/log/mail.log 中:
postfix/smtpd[5108]: connect from ip domain.com[xxx.xxx.xxx.xxx]
postfix/smtpd[5108]: Anonymous TLS connection established from domain.com[xxx.xxx.xxx.xxx]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
postfix/smtpd[5108]: warning: domain.com[xxx.xxx.xxx.xxx]: SASL CRAM-MD5 authentication failed: authentication failure
postfix/smtpd[5108]: disconnect from domain.com[xxx.xxx.xxx.xxx]
配置
/etc/postfix/main.cf:
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_cert_file = /etc/ssl/private/domain_com.crt
smtpd_tls_key_file = /etc/ssl/private/domain.key
smtpd_tls_CAfile = /etc/ssl/private/certificates.ca-bundle
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
broken_sasl_auth_clients = yes
smtpd_sasl_path = smtpd
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
myhostname = domain.com
virtual_mailbox_domains = /etc/postfix/virtual_domains
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = hash:/etc/postfix/virtual_maps
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
myorigin = domain.com
mydestination = domain.com, localhost.com, , localhost
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_rbl_client sbl.spamhaus.org,
permit
smtpd_helo_restrictions = reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname
smtpd_client_restrictions = reject_rbl_client dnsbl.sorbs.net
smtpd_sasl_local_domain =
smtpd_sasl_authenticated_header = yes
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous noplaintext
smtpd_recipient_restrictions = reject_unauth_destination permit_sasl_authenticated
smtpd_tls_security_level = encrypt
smtpd_tls_loglevel = 1
smtpd_tls_auth_only = no
/etc/default/saslauthd:
START=yes
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="rimap"
MECH_OPTIONS="127.0.0.1"
THREADS=5
OPTIONS="-c -r -m /var/spool/postfix/var/run/saslauthd"
目录
ls /etc/postfix/sasl/:
(empty)
ls /etc/postfix/:
dynamicmaps.cf main.cf master.cf postfix-files postfix-script post-install sasl smtpd.conf virtual.db virtual_domains virtual_maps virtual_maps.db
ls /etc/courier/:
authdaemonrc imapd imapd.cnf imapd-ssl shared userdb userdb.dat userdb.lock userdbshadow.dat
笔记
- 通过 imaps 进行的针对 courier 服务器的 userdb 身份验证完全正常。所以我的 postfix 配置肯定有问题。
问题
- 我如何修复我的配置以执行身份验证功能。
- 是否可以调试 SASLAuthentication,它只告诉我它是否成功,但没有告诉我例如找不到用户名。
如果您需要更多信息,请随时询问。如果您发现我的配置有些奇怪,或者您有任何改进建议,也请告诉我。非常感谢。任何帮助我都会非常感激。