我正在从旧的 CentOS 机箱迁移到新的 Ubuntu 服务器。
我有一个在 CentOS 上运行的 Postfix/Dovecot/PostfixAdmin/SpamAssassin/Clamav 系统,并且正在尝试在新服务器上简单地复制相同的设置。
我有使用 Dovecot 和 PostfixAdmin MySQL 数据库的 POP3 登录。
但是,我无法进行 SMTP 身份验证。
目前,我还没有安装 clamav 或 SpamAssassin,因为我只是想让基本的电子邮件功能正常运行。
当我尝试从终端进行 SMTP 身份验证时:
$ telnet 54.215.191.120 25
Trying 54.215.191.120...
Connected to 54.215.191.120.
Escape character is '^]'.
220 ip-172-31-0-22.us-west-1.compute.internal ESMTP Postfix (Ubuntu)
ehlo craigfratelli.com
250-ip-172-31-0-22.us-west-1.compute.internal
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth plain AGluZm8uY29tAGFnbmVzMTkwNDA3
535 5.7.8 Error: authentication failed:
问题在日志文件输出中很明显:
SELECT username as user, password, '/var/spool/mail/virtual//info.com' as userdb_home, 'maildir:/var/spool/mail/virtual//info.com' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = 'info.com' AND active = '1'
May 05 01:01:31 auth-worker(9654): Info: sql(info.com,76.91.191.145): unknown user
正如您在日志文件中看到的 Dovecot 运行的 SQL,%d、%u 和 %n 的值是错误的。以下是 SQL 模板:
user_query = SELECT '/var/spool/mail/virtual/%d/%n' as home, 'maildir:/var/spool/mail/virtual/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
password_query = SELECT username as user, password, '/var/spool/mail/virtual/%d/%n' as userdb_home, 'maildir:/var/spool/mail/virtual/%d/%n' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
输出的是错误的 SQL - 即 'info.com' 而不是正确的 '[电子邮件保护]“”。
我使用以下命令生成 base64 编码字符串:
perl -MMIME::Base64 -e 'print encode_base64("[email protected]");'
perl -MMIME::Base64 -e 'print encode_base64("<redacted>");'
以下是一些相关的配置文件。
输出dovecot -n
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
disable_plaintext_auth = no
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
login_greeting = Welcome to Aaron's mail server.
mail_debug = yes
mail_gid = 5000
mail_uid = 5000
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
protocols = imap pop3
service auth-worker {
user = virtual
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
mode = 0600
user = virtual
}
}
service imap-login {
chroot = login
client_limit = 256
executable = /usr/lib/dovecot/imap-login
inet_listener imap {
address = *
port = 143
}
inet_listener imaps {
address = *
port = 993
}
process_limit = 128
process_min_avail = 2
service_count = 1
}
service imap {
executable = /usr/lib/dovecot/imap
}
service pop3-login {
chroot = login
client_limit = 256
executable = /usr/lib/dovecot/pop3-login
inet_listener pop3 {
address = *
port = 110
}
inet_listener pop3s {
address = *
port = 995
}
process_limit = 128
process_min_avail = 2
service_count = 1
}
service pop3 {
executable = /usr/lib/dovecot/pop3
}
ssl_ca = </etc/postfix/ssl/smtpd.pem
ssl_cert = </etc/postfix/ssl/smtpd.pem
ssl_key = </etc/postfix/ssl/smtpd.pem
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
imap_max_line_length = 64 k
mail_plugins = quota
}
protocol pop3 {
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = %08Xu%08Xv
}
还有我的main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = ip-172-31-0-22.us-west-1.compute.internal
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = aaroncraig.com
myorigin = aaroncraig.com
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 5000
virtual_transport = virtual
virtual_uid_maps = static:5000
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = aaroncraig.com
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sender_restrictions = permit_sasl_authenticated,
permit_mynetworks,
warn_if_reject,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauth_pipelining,
permit
smtpd_recipient_restrictions =
reject_unauth_pipelining, permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
check_policy_service inet:127.0.0.1:10023,
permit
smtpd_helo_required = yes
unknown_local_recipient_reject_code = 550
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining
最后是postfix的3个sql映射文件:
mysql_virtual_alias_maps.cf
hosts = localhost
user = postfix
password = [redacted]
dbname = postfix
table = alias
select_field = goto
where_field = address
additional_conditions = and active = '1'
mysql_virtual_domains_maps.cf
hosts = localhost
user = postfix
password = [redacted]
dbname = postfix
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = '0' and active = '1'
mysql_virtual_mailbox_maps.cf
hosts = localhost
user = postfix
password = [redacted]
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
additional_conditions = and active = '1'
盯着这个看了一天,我还是看不出哪里出了问题。任何帮助都非常感谢!
答案1
在我看来,postfix/dovecot 端一切正常。另一方面,base 64 字符串看起来很可疑。尝试解码它会导致类似“info.com�agnes190407”的内容,而我期望的是类似“[电子邮件保护]“。您是否使用了类似 ms 的域名?哪个客户端应该这样做?