日志

日志

最近我配置了使用 Postfix 和 Courier 的邮件服务器。除了通过 Postfix 服务器(运行在端口 587 上)发送邮件时的身份验证外,一切正常,该服务器启用了 StartTLS 并使用带有虚拟域和地图的 SASLAuthentication。

日志

当我尝试连接我的电子邮件客户端发送消息时,我会收到以下消息并显示在 /var/log/mail.log 中:

postfix/smtpd[5108]: connect from ip domain.com[xxx.xxx.xxx.xxx]
postfix/smtpd[5108]: Anonymous TLS connection established from domain.com[xxx.xxx.xxx.xxx]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
postfix/smtpd[5108]: warning: domain.com[xxx.xxx.xxx.xxx]: SASL CRAM-MD5 authentication failed: authentication failure
postfix/smtpd[5108]: disconnect from domain.com[xxx.xxx.xxx.xxx]

配置

/etc/postfix/main.cf:

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_cert_file = /etc/ssl/private/domain_com.crt
smtpd_tls_key_file = /etc/ssl/private/domain.key
smtpd_tls_CAfile = /etc/ssl/private/certificates.ca-bundle
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
broken_sasl_auth_clients = yes
smtpd_sasl_path = smtpd
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
myhostname = domain.com
virtual_mailbox_domains = /etc/postfix/virtual_domains
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = hash:/etc/postfix/virtual_maps
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
myorigin = domain.com
mydestination = domain.com, localhost.com, , localhost
        reject_unknown_recipient_domain,
        reject_unauth_destination,
        reject_rbl_client sbl.spamhaus.org,
        permit
smtpd_helo_restrictions = reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname,
        reject_unknown_helo_hostname
smtpd_client_restrictions = reject_rbl_client dnsbl.sorbs.net
smtpd_sasl_local_domain = 
smtpd_sasl_authenticated_header = yes
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous noplaintext 
smtpd_recipient_restrictions = reject_unauth_destination permit_sasl_authenticated
smtpd_tls_security_level = encrypt
smtpd_tls_loglevel = 1
smtpd_tls_auth_only = no

/etc/default/saslauthd

START=yes
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="rimap"
MECH_OPTIONS="127.0.0.1"
THREADS=5
OPTIONS="-c -r -m /var/spool/postfix/var/run/saslauthd"

目录

ls /etc/postfix/sasl/:

(empty)

ls /etc/postfix/:

dynamicmaps.cf  main.cf  master.cf  postfix-files  postfix-script  post-install  sasl  smtpd.conf  virtual.db  virtual_domains  virtual_maps  virtual_maps.db

ls /etc/courier/:

authdaemonrc  imapd  imapd.cnf  imapd-ssl  shared  userdb  userdb.dat  userdb.lock  userdbshadow.dat

笔记

  • 通过 imaps 进行的针对 courier 服务器的 userdb 身份验证完全正常。所以我的 postfix 配置肯定有问题。

问题

  1. 我如何修复我的配置以执行身份验证功能。
  2. 是否可以调试 SASLAuthentication,它只告诉我它是否成功,但没有告诉我例如找不到用户名。

如果您需要更多信息,请随时询问。如果您发现我的配置有些奇怪,或者您有任何改进建议,也请告诉我。非常感谢。任何帮助我都会非常感激。

相关内容