AUTH PLAIN 事务期间从 Postfix 传递到 Dovecot 的参数不完整

AUTH PLAIN 事务期间从 Postfix 传递到 Dovecot 的参数不完整

我正在从旧的 CentOS 机箱迁移到新的 Ubuntu 服务器。

我有一个在 CentOS 上运行的 Postfix/Dovecot/PostfixAdmin/SpamAssassin/Clamav 系统,并且正在尝试在新服务器上简单地复制相同的设置。

我有使用 Dovecot 和 PostfixAdmin MySQL 数据库的 POP3 登录。

但是,我无法进行 SMTP 身份验证。

目前,我还没有安装 clamav 或 SpamAssassin,因为我只是想让基本的电子邮件功能正常运行。

当我尝试从终端进行 SMTP 身份验证时:

$ telnet 54.215.191.120 25
Trying 54.215.191.120...
Connected to 54.215.191.120.
Escape character is '^]'.
220 ip-172-31-0-22.us-west-1.compute.internal ESMTP Postfix (Ubuntu)
ehlo craigfratelli.com
250-ip-172-31-0-22.us-west-1.compute.internal
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth plain AGluZm8uY29tAGFnbmVzMTkwNDA3
535 5.7.8 Error: authentication failed: 

问题在日志文件输出中很明显:

SELECT username as user, password, '/var/spool/mail/virtual//info.com' as userdb_home, 'maildir:/var/spool/mail/virtual//info.com' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = 'info.com' AND active = '1'
May 05 01:01:31 auth-worker(9654): Info: sql(info.com,76.91.191.145): unknown user

正如您在日志文件中看到的 Dovecot 运行的 SQL,%d、%u 和 %n 的值是错误的。以下是 SQL 模板:

user_query = SELECT '/var/spool/mail/virtual/%d/%n' as home, 'maildir:/var/spool/mail/virtual/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'

password_query = SELECT username as user, password, '/var/spool/mail/virtual/%d/%n' as userdb_home, 'maildir:/var/spool/mail/virtual/%d/%n' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'

输出的是错误的 SQL - 即 'info.com' 而不是正确的 '[电子邮件保护]“”。

我使用以下命令生成 base64 编码字符串:

perl -MMIME::Base64 -e 'print encode_base64("[email protected]");'
perl -MMIME::Base64 -e 'print encode_base64("<redacted>");'

以下是一些相关的配置文件。

输出dovecot -n

auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
disable_plaintext_auth = no
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
login_greeting = Welcome to Aaron's mail server.
mail_debug = yes
mail_gid = 5000
mail_uid = 5000
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
} 
protocols = imap pop3
service auth-worker {
  user = virtual
} 
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  } 
  unix_listener auth-userdb {
    mode = 0600
    user = virtual
  } 
} 
service imap-login {
  chroot = login
  client_limit = 256
  executable = /usr/lib/dovecot/imap-login
  inet_listener imap {
    address = *
    port = 143
  }
  inet_listener imaps {
    address = *
    port = 993
  }
  process_limit = 128
  process_min_avail = 2
  service_count = 1
} 
service imap {
  executable = /usr/lib/dovecot/imap
} 
service pop3-login {
  chroot = login
  client_limit = 256
  executable = /usr/lib/dovecot/pop3-login
  inet_listener pop3 {
    address = *
    port = 110
  }
  inet_listener pop3s {
    address = *
    port = 995
  }
  process_limit = 128
  process_min_avail = 2
  service_count = 1
} 
service pop3 {
  executable = /usr/lib/dovecot/pop3
} 
ssl_ca = </etc/postfix/ssl/smtpd.pem
ssl_cert = </etc/postfix/ssl/smtpd.pem
ssl_key = </etc/postfix/ssl/smtpd.pem
userdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
} 
protocol imap {
  imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
  imap_max_line_length = 64 k
  mail_plugins = quota
} 
protocol pop3 {
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
  pop3_uidl_format = %08Xu%08Xv
} 

还有我的main.cf

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = ip-172-31-0-22.us-west-1.compute.internal
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = aaroncraig.com
myorigin = aaroncraig.com
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 5000
virtual_transport = virtual
virtual_uid_maps = static:5000
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = aaroncraig.com
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sender_restrictions = permit_sasl_authenticated,
  permit_mynetworks,
  warn_if_reject,
  reject_non_fqdn_sender,
  reject_unknown_sender_domain,
  reject_unauth_pipelining,
  permit
smtpd_recipient_restrictions =
  reject_unauth_pipelining, permit_mynetworks,
  permit_sasl_authenticated,
  reject_non_fqdn_recipient,
  reject_unknown_recipient_domain,
  reject_unauth_destination,
  check_policy_service inet:127.0.0.1:10023,
  permit
smtpd_helo_required = yes
unknown_local_recipient_reject_code = 550
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining

最后是postfix的3个sql映射文件:

mysql_virtual_alias_maps.cf

hosts = localhost
user = postfix
password = [redacted]
dbname = postfix
table = alias
select_field = goto
where_field = address
additional_conditions = and active = '1'

mysql_virtual_domains_maps.cf

hosts = localhost
user = postfix
password = [redacted]
dbname = postfix
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = '0' and active = '1'

mysql_virtual_mailbox_maps.cf

hosts = localhost
user = postfix
password = [redacted]
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
additional_conditions = and active = '1'

盯着这个看了一天,我还是看不出哪里出了问题。任何帮助都非常感谢!

答案1

在我看来,postfix/dovecot 端一切正常。另一方面,base 64 字符串看起来很可疑。尝试解码它会导致类似“info.com�agnes190407”的内容,而我期望的是类似“[电子邮件保护]“。您是否使用了类似 ms 的域名?哪个客户端应该这样做?

相关内容