使用 SASL 的 Postfix

使用 SASL 的 Postfix

我对配置 POSTFIX + DOVECOT + Authenticated SMTP(目前为 SASL)感到很头疼。Pop/imap 帐户可以很好地获取邮箱,但我无法使用 sasl 登录 smtp:

这里:

[root@mail postfix]# telnet localhost smtp
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 localhost ESMTP
ehlo localhost
250-localhost
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN CRAM-MD5
250-AUTH=PLAIN LOGIN CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth plain aW5mby5jb20AaW5mby5jb20AcG9yY29kZGlv
535 5.7.8 Error: authentication failed: 

base64 摘要的使用方式如下(当然,域和传递方式不同):

perl -MMIME::Base64 -e 'print encode_base64("[email protected]\[email protected]\0mypass")'

主文件:

smtpd_banner = $myhostname ESMTP
biff = no
append_dot_mydomain = no

myhostname = localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $myhostname
mynetworks = 127.0.0.0/8, 151.236.7.0/24
mailbox_size_limit = 0
home_mailbox = Maildir/
virtual_mailbox_domains = /etc/postfix/vhosts
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
recipient_delimiter = +
inet_interfaces = all

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions  = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

Dovecot.conf:

auth_mechanisms = plain login cram-md5
auth_verbose = yes
auth_debug = yes
base_dir = /var/run/dovecot/
info_log_path = /var/log/dovecot.info
log_path = /var/log/dovecot
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = maildir:/home/vmail/%d/%n
passdb {
  args = /etc/dovecot/passwd
  driver = passwd-file
}
protocols = imap pop3
service auth {
  executable = /usr/libexec/dovecot/auth
  user = root
}
service imap-login {
  chroot = login
  executable = /usr/libexec/dovecot/imap-login
  user = dovecot
}
service imap {
  executable = /usr/libexec/dovecot/imap
}
service pop3-login {
  chroot = login
  executable = /usr/libexec/dovecot/pop3-login
  user = dovecot
}
service pop3 {
  executable = /usr/libexec/dovecot/pop3
}
ssl = no
userdb {
  args = /etc/dovecot/users
  driver = passwd-file
}
valid_chroot_dirs = /var/spool/vmail
protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
}

service auth {
    unix_listener /var/spool/postfix/private/auth {
       mode = 0600
       user = postfix
       group = postfix
    }
}

系统信息:

CentOS release 6.5 (Final)
postfix-2.6.6-2.2.el6_1.x86_64
dovecot-2.0.9-7.el6.x86_64

少了什么东西?

答案1

您的示例中用户名有两次,这会使任何登录尝试无效。当您测试 PLAIN 身份验证时,登录字符串是 base64 编码的 NULL 分隔用户名和密码,如下所示:

perl -MMIME::Base64 -e 'print encode_base64("\000user\000password");'
AHVzZXIAcGFzc3dvcmQ=

替代测试是 LOGIN 方法

perl -MMIME::Base64 -e 'print encode_base64("user")'
dXNlcg==
perl -MMIME::Base64 -e 'print encode_base64("password")'
cGFzc3dvcmQ=

测试内容如下所示,其中 S:是服务器,C:是客户端响应

openssl s_client -starttls smtp -connect localhost:25

C: EHLO localhost.localdomain
S: 250- Hello localhost [127.0.0.1], pleased to meet you
S: 250-AUTH LOGIN PLAIN
C: AUTH PLAIN
S: 334
C: AHVzZXIAcGFzc3dvcmQ=
S: 235 2.0.0 OK Authenticated

C: AUTH LOGIN
S: 334 VXNlcm5hbWU6
C: dXNlcg==
S: 334 UGFzc3dvcmQ6
C: cGFzc3dvcmQ=
S: 235 2.0.0 OK Authenticated

相关内容