我有两个独立的 ubuntu 12.04 服务器。
- 运行 Trac (家庭服务器/Dyndns)
- 运行 postfix (VPS/staticIP)
我配置了 trac 以使用 TLS 并连接到 postfix 服务器。
Trac配置:
admit_domains =
always_notify_owner = true
always_notify_reporter = true
always_notify_updater = true
ambiguous_char_width = single
email_sender = SmtpEmailSender
ignore_domains =
mime_encoding = base64
sendmail_path = sendmail
smtp_always_bcc =
smtp_always_cc = [email protected]
smtp_default_domain =
smtp_enabled = true
smtp_from = [email protected]
smtp_from_name = Trac
smtp_password = randompassstring==
smtp_port = 587
smtp_replyto = [email protected]
smtp_server = vps.idev.ge
smtp_subject_prefix = __default__
smtp_user = [email protected]
ticket_subject_template = $prefix #$ticket.id: $summary
use_public_cc = false
use_short_addr = false
use_tls = true
当我尝试发送通知时,Trac 说:
ERROR: Failure sending notification on change to ticket #1: SMTPAuthenticationError: (535, '5.7.8 Error: authentication failed: authentication failure')
Postfix 说:
Anonymous TLS connection established from unknown[78.139.167.29]: TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
warning: SASL authentication failure: incorrect digest response
warning: unknown[78.139.167.29]: SASL CRAM-MD5 authentication failed: authentication failure
postconf -n 输出是
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
delay_warning_time = 4h
disable_vrfy_command = yes
inet_interfaces = all
local_recipient_maps =
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
masquerade_domains = vps.idev.ge www.idev.ge !sub.idev.ge
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
mydestination =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = host
myorigin = vps.idev.ge
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_helo_timeout = 60s
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_limit = 16
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:::1:10023, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_soft_error_limit = 3
smtpd_tls_CAfile = /etc/apache2/ssl/vps.idev.ge/PositiveSSLCA2.crt
smtpd_tls_cert_file = /etc/apache2/ssl/vps.idev.ge/vps.idev.ge.crt
smtpd_tls_key_file = /etc/apache2/ssl/vps.idev.ge/vps.idev.ge.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_maildir_extended = yes
virtual_maildir_limit_message = Sorry, the user's maildir has no space available in their inbox.
virtual_overquota_bounce = yes
virtual_uid_maps = static:5000
你知道这里发生了什么事吗?
答案1
测试:
openssl s_client -starttls smtp -crlf -connect vps.idev.ge:587
AUTH PLAIN, AUTH LOGIN运行正常。CRAM-MD5但似乎DIGEST-MD5功能不正常。
Trac 发现更好的方法并尝试使用它们,但失败了。trac 中没有后备机制。
临时修复/etc/postfix/sasl/smtpd.con
#mech_list: plain login cram-md5 digest-md5
mech_list: plain login
显然这不是一个好的解决方案。一个好的解决方案是修复 CRAM-MD5 和 DIGEST-MD5。但这只是暂时的。