如何为 postfix 设置两个 smtp 端口?

tag-icon tag-icon centos email postfix smtp email-server
如何为 postfix 设置两个 smtp 端口?

带有 postfix、dovecot 和 mailx 的 CentOS 7 服务器需要适应通过 发送port 465和接收的邮件port 25为了实现这一点,需要改变哪些特定的语法和文件?

以下是我迄今为止的尝试:

1.)我在以下部分 添加465 inet n - - - - smtpd了:/etc/postfix/master.cf

# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n   -   n   -   -   smtpd
465       inet  n   -   -   -   -   smtpd

2.) 然后我通过输入 ,systemctl stop postfix接着输入systemctl start postfix,然后输入 来重新启动 postfix systemctl status postfix

3.) 接下来,我将防火墙中的端口 25 和端口 465 都分配给 SMTP 服务。我通过nc my.SERVER.ip.addr 465 < /dev/null在 devbox 终端中键入内容并看到它通过打印进行回复220 mydomain.com ESMTP Postfix,测试以确认防火墙允许端口 465。然后,我通过从另一台服务器发送测试电子邮件并看到该服务器已收到该电子邮件(显然是通过端口 25)来测试防火墙是否允许端口 25 进行 SMTP 访问。

4.) 我确认我的 devbox 上的 Thunderbird 客户端已将端口 465 设置为传出 smtp[电子邮件保护]我正尝试使用我的 devbox 的 Thunderbird 客户端从该服务器发送电子邮件的帐户。

5.) 然后我tcpdump -n -i any tcp port 465在服务器终端中输入,也在tcpdump -n -i any tcp port 465devbox 终端中输入。

6.) 完成所有这些设置后,我尝试使用 Thunderbird 向 发送一封测试电子邮件[email protected]。Thunderbird[email protected]超时未发送电子邮件,但tcpdump两台机器的终端上都打印了以下内容。

在服务器上,这导致:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
15:26:40.204817 IP my.SERVER.ip.addr.urd > my.DEVBOX.ip.addr.40555: Flags [S.], seq 1955299233, ack 152228482, win 14480, options [mss 1460,sackOK,TS val 1056230222 ecr 5576928,nop,wscale 7], length 0
15:26:40.293442 IP my.DEVBOX.ip.addr.40555 > my.SERVER.ip.addr.urd: Flags [.], ack 1, win 115, options [nop,nop,TS val 5577014 ecr 1056230222], length 0
15:26:40.293926 IP my.SERVER.ip.addr.urd > my.DEVBOX.ip.addr.40555: Flags [P.], seq 1:43, ack 1, win 114, options [nop,nop,TS val 1056230312 ecr 5577014], length 42
15:26:40.298215 IP my.DEVBOX.ip.addr.40555 > my.SERVER.ip.addr.urd: Flags [F.], seq 1, ack 1, win 115, options [nop,nop,TS val 5577015 ecr 1056230222], length 0
15:26:40.298521 IP my.SERVER.ip.addr.urd > my.DEVBOX.ip.addr.40555: Flags [F.], seq 43, ack 2, win 114, options [nop,nop,TS val 1056230316 ecr 5577015], length 0
15:26:40.384890 IP my.DEVBOX.ip.addr.40555 > my.SERVER.ip.addr.urd: Flags [.], ack 43, win 115, options [nop,nop,TS val 5577104 ecr 1056230312], length 0
15:26:40.389738 IP my.DEVBOX.ip.addr.40555 > my.SERVER.ip.addr.urd: Flags [.], ack 44, win 115, options [nop,nop,TS val 5577113 ecr 1056230316], length 0
15:28:49.598741 IP my.DEVBOX.ip.addr.40557 > my.SERVER.ip.addr.urd: Flags [S], seq 1432245308, win 14600, options [mss 1460,sackOK,TS val 5706324 ecr 0,nop,wscale 7], length 0
15:28:49.598807 IP my.SERVER.ip.addr.urd > my.DEVBOX.ip.addr.40557: Flags [S.], seq 706641072, ack 1432245309, win 14480, options [mss 1460,sackOK,TS val 1056359616 ecr 5706324,nop,wscale 7], length 0
15:28:49.685239 IP my.DEVBOX.ip.addr.40557 > my.SERVER.ip.addr.urd: Flags [.], ack 1, win 115, options [nop,nop,TS val 5706409 ecr 1056359616], length 0
15:28:49.685304 IP my.DEVBOX.ip.addr.40557 > my.SERVER.ip.addr.urd: Flags [P.], seq 1:186, ack 1, win 115, options [nop,nop,TS val 5706409 ecr 1056359616], length 185
15:28:49.685328 IP my.SERVER.ip.addr.urd > my.DEVBOX.ip.addr.40557: Flags [.], ack 186, win 122, options [nop,nop,TS val 1056359703 ecr 5706409], length 0
15:28:49.700806 IP my.SERVER.ip.addr.urd > my.DEVBOX.ip.addr.40557: Flags [P.], seq 1:43, ack 186, win 122, options [nop,nop,TS val 1056359719 ecr 5706409], length 42
15:28:49.783363 IP my.DEVBOX.ip.addr.40557 > my.SERVER.ip.addr.urd: Flags [.], ack 43, win 115, options [nop,nop,TS val 5706510 ecr 1056359719], length 0
15:28:49.783411 IP my.SERVER.ip.addr.urd > my.DEVBOX.ip.addr.40557: Flags [P.], seq 43:154, ack 186, win 122, options [nop,nop,TS val 1056359801 ecr 5706510], length 111
15:28:49.868122 IP my.DEVBOX.ip.addr.40557 > my.SERVER.ip.addr.urd: Flags [.], ack 154, win 115, options [nop,nop,TS val 5706592 ecr 1056359801], length 0
15:30:36.430512 IP my.DEVBOX.ip.addr.40557 > my.SERVER.ip.addr.urd: Flags [F.], seq 186, ack 154, win 115, options [nop,nop,TS val 5813157 ecr 1056359801], length 0
15:30:36.430912 IP my.SERVER.ip.addr.urd > my.DEVBOX.ip.addr.40557: Flags [F.], seq 154, ack 187, win 122, options [nop,nop,TS val 1056466449 ecr 5813157], length 0
15:30:36.513221 IP my.DEVBOX.ip.addr.40557 > my.SERVER.ip.addr.urd: Flags [.], ack 155, win 115, options [nop,nop,TS val 5813243 ecr 1056466449], length 0
^C
19 packets captured
20 packets received by filter
0 packets dropped by kernel

在 DEVBOX 中,结果如下:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
12:32:00.232924 IP my.SERVER.ip.addr.urd > 10.0.0.2.40557: Flags [S.], seq 706641072, ack 1432245309, win 14480, options [mss 1460,sackOK,TS val 1056359616 ecr 5706324,nop,wscale 7], length 0
12:32:00.232992 IP 10.0.0.2.40557 > my.SERVER.ip.addr.urd: Flags [.], ack 1, win 115, options [nop,nop,TS val 5706409 ecr 1056359616], length 0
12:32:00.233212 IP 10.0.0.2.40557 > my.SERVER.ip.addr.urd: Flags [P.], seq 1:186, ack 1, win 115, options [nop,nop,TS val 5706409 ecr 1056359616], length 185
12:32:00.319025 IP my.SERVER.ip.addr.urd > 10.0.0.2.40557: Flags [.], ack 186, win 122, options [nop,nop,TS val 1056359703 ecr 5706409], length 0
12:32:00.334311 IP my.SERVER.ip.addr.urd > 10.0.0.2.40557: Flags [P.], seq 1:43, ack 186, win 122, options [nop,nop,TS val 1056359719 ecr 5706409], length 42
12:32:00.334359 IP 10.0.0.2.40557 > my.SERVER.ip.addr.urd: Flags [.], ack 43, win 115, options [nop,nop,TS val 5706510 ecr 1056359719], length 0
12:32:00.415529 IP my.SERVER.ip.addr.urd > 10.0.0.2.40557: Flags [P.], seq 43:154, ack 186, win 122, options [nop,nop,TS val 1056359801 ecr 5706510], length 111
12:32:00.415586 IP 10.0.0.2.40557 > my.SERVER.ip.addr.urd: Flags [.], ack 154, win 115, options [nop,nop,TS val 5706592 ecr 1056359801], length 0
12:33:46.981077 IP 10.0.0.2.40557 > my.SERVER.ip.addr.urd: Flags [F.], seq 186, ack 154, win 115, options [nop,nop,TS val 5813157 ecr 1056359801], length 0
12:33:47.066884 IP my.SERVER.ip.addr.urd > 10.0.0.2.40557: Flags [F.], seq 154, ack 187, win 122, options [nop,nop,TS val 1056466449 ecr 5813157], length 0
12:33:47.066946 IP 10.0.0.2.40557 > my.SERVER.ip.addr.urd: Flags [.], ack 155, win 115, options [nop,nop,TS val 5813243 ecr 1056466449], length 0
^C
11 packets captured
12 packets received by filter
0 packets dropped by kernel

tcpdump -n -i any tcp port 465请注意,尽管两个命令(服务器和 devbox)同时运行, 但服务器输出中的前 7 项来自之前的测试。

请注意,postconf -n在服务器上输入的内容会导致:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 550

另外,postconf -M在服务器上输入结果是:

smtp       inet  n       -       n       -       -       smtpd
465        inet  n       -       -       -       -       smtpd
pickup     unix  n       -       n       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache

/var/log/maillog那个时期 的内容是:

Mar  3 15:22:05 mydomain postfix/postfix-script[8565]: starting the Postfix mail system
Mar  3 15:22:05 mydomain postfix/master[8567]: daemon started -- version 2.10.1, configuration /etc/postfix
Mar  3 15:23:40 mydomain postfix/smtpd[8572]: connect from unknown[my.DEVBOX.ip.addr]
Mar  3 15:25:26 mydomain postfix/smtpd[8572]: lost connection after UNKNOWN from unknown[my.DEVBOX.ip.addr]
Mar  3 15:25:26 mydomain postfix/smtpd[8572]: disconnect from unknown[my.DEVBOX.ip.addr]
Mar  3 15:26:40 mydomain postfix/smtpd[8572]: connect from unknown[my.DEVBOX.ip.addr]
Mar  3 15:26:40 mydomain postfix/smtpd[8572]: lost connection after CONNECT from unknown[my.DEVBOX.ip.addr]
Mar  3 15:26:40 mydomain postfix/smtpd[8572]: disconnect from unknown[my.DEVBOX.ip.addr]
Mar  3 15:28:49 mydomain postfix/smtpd[8578]: connect from unknown[my.DEVBOX.ip.addr]
Mar  3 15:30:36 mydomain postfix/smtpd[8578]: lost connection after UNKNOWN from unknown[my.DEVBOX.ip.addr]
Mar  3 15:30:36 mydomain postfix/smtpd[8578]: disconnect from unknown[my.DEVBOX.ip.addr]
Mar  3 15:33:40 mydomain postfix/anvil[8574]: statistics: max connection rate 1/60s for (465:my.DEVBOX.ip.addr) at Mar  3 15:23:40
Mar  3 15:33:40 mydomain postfix/anvil[8574]: statistics: max connection count 1 for (465:my.DEVBOX.ip.addr) at Mar  3 15:23:40
Mar  3 15:33:40 mydomain postfix/anvil[8574]: statistics: max cache size 1 at Mar  3 15:23:40

Thunderbird 中的传出服务器设置如下:

Description:           <Not Specified>  
Server Name:           mydomain.com  
Port:                  465
User Name:             me
Authentication Method: Normal Password
Connection Security:   SSL/TLS

我认为堵塞发生在后缀中。因此我该做哪些更改才能使 Postfix 允许远程客户端通过它发送邮件,port 465同时仍允许从其他服务器接收邮件port 25

编辑:

根据@sebix提供的链接中的说明,我尝试了以下操作:

/etc/postfix/main.cf取消了以下行的注释:

smtpd_tls_security_level = may

在中/etc/postfix/master.cf,我取消了以下两行的注释:

-o smtpd_tls_wrappermode=yes 
-o smtpd_sasl_auth_enable=yes

然而,当我尝试发送测试电子邮件时,Thunderbird 回复了以下错误对话框:

Sending of message failed.
The message could not be sent because the connection to SMTP server mydomain.com was  
lost in the middle of the transaction. Try again or contact your network administrator.

编辑#2

根据 Esa Jokinen 的建议,我尝试了以下几个命令。

在 DEVBOX 上,我输入了以下内容telnet mydomain.com 587并得到了以下回复。请注意,我添加输入的两行#前面有,尽管#终端中没有。我添加了#以强调/清晰:

Trying my.Server.ip.addr...
Connected to mydomain.com.
Escape character is '^]'.
220 mydomain.com ESMTP Postfix
# EHLO mydomain.com
250-mydomain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
# STARTTLS
454 4.7.0 TLS not available due to local problem

接下来,在服务器上,我输入了openssl s_client -host localhost -port 587 -starttls smtp。这导致以下输出:

CONNECTED(00000003)
140634999289760:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 244 bytes and written 284 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

在服务器上,我再次输入postconf -n并得到以下输出:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_cert_file = </etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = </etc/pki/dovecot/private/dovecot.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550

在服务器上,我再次输入postconf -M并得到以下内容:

smtp       inet  n       -       n       -       -       smtpd
587        inet  n       -       -       -       -       smtpd
submission inet  n       -       -       -       -       smtpd 
-o smtpd_tls_security_level=encrypt 
-o smtpd_sasl_auth_enable=yes 
-o smtpd_sasl_type=dovecot 
-o smtpd_sasl_path=private/auth 
-o smtpd_sasl_security_options=noanonymous 
-o smtpd_sasl_local_domain=$myhostname 
-o smtpd_client_restrictions=permit_sasl_authenticated,reject 
-o smtpd_sender_login_maps=hash:/etc/postfix/virtual 
-o smtpd_sender_restrictions=reject_sender_login_mismatch 
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
pickup     unix  n       -       n       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache

接下来,我尝试使用远程开发箱上的 Thunderbird 客户端通过服务器发送电子邮件。经过此测试后,nano /var/log/maillog在 SERVER 中输入以下内容:

Mar  4 11:57:19 mydomain postfix/smtpd[11029]: error: open database /etc/postfix/virtual.db: No such file or directory
Mar  4 11:57:19 mydomain postfix/smtpd[11029]: warning: cannot get RSA certificate from file </etc/pki/dovecot/certs/dovecot.pem: disabling TLS support
Mar  4 11:57:19 mydomain postfix/smtpd[11029]: warning: TLS library problem: 11029:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fope$
Mar  4 11:57:19 mydomain postfix/smtpd[11029]: warning: TLS library problem: 11029:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
Mar  4 11:57:19 mydomain postfix/smtpd[11029]: warning: TLS library problem: 11029:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa$
Mar  4 11:57:19 mydomain postfix/smtpd[11029]: connect from unknown[98.244.12.133]
Mar  4 11:57:20 mydomain postfix/cleanup[11032]: 1FD8680B3BCE: message-id=<[email protected]>
Mar  4 11:57:20 mydomain postfix/qmgr[10139]: 1FD8680B3BCE: from=<[email protected]>, size=873, nrcpt=1 (queue active)
Mar  4 11:57:20 mydomain postfix/smtpd[11029]: disconnect from unknown[98.244.12.133]
Mar  4 11:57:20 mydomain postfix/local[11034]: 1FD8680B3BCE: to=<[email protected]>, orig_to=<postmaster>, relay=local, delay=0.07, delays=0.04/0.01/0/0.0$
Mar  4 11:57:20 mydomain postfix/qmgr[10139]: 1FD8680B3BCE: removed

这些读数表明问题出在证书上。请注意,我使用了 中指定的证书/etc/dovecot/conf.d/10-ssl.conf。在使用 nano 确认每个文件都存在且包含加密代码后,我只是剪切并粘贴了两个证书/密钥文件的 URL。同时还要确保将密钥指向密钥,将证书指向证书。

我这样做对吗?

编辑#3

我修改了密钥文件的 URL 引用

smtpd_tls_cert_file = </etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = </etc/pki/dovecot/private/dovecot.pem


smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem

<我还删除了中的两个符号/etc/dovecot/conf.d/10-ssl.conf。(这两个符号在测试开始之前就在那里。)接下来,我输入sudo nanoopen bpth 证书和密钥以确保它们在给定位置可访问,结果确实如此。然后,我尝试使用我的开发箱上的 Thunderbird 客户端通过服务器发送另一封电子邮件。这导致 Thunderbird 请求我为未知证书添加例外。当我接受未知证书时,Thunderbird 给了我一个连接超时对话框并且无法发送电子邮件,而以下内容写入/var/log/maillog

Mar  4 14:08:28 mydomain postfix/postfix-script[11361]: stopping the Postfix mail system
Mar  4 14:08:28 mydomain postfix/master[11293]: terminating on signal 15
Mar  4 14:08:33 mydomain postfix/postfix-script[11444]: starting the Postfix mail system
Mar  4 14:08:33 mydomain postfix/master[11446]: daemon started -- version 2.10.1, configuration /etc/postfix
Mar  4 14:08:44 mydomain postfix/smtpd[11451]: error: open database /etc/postfix/virtual.db: No such file or directory
Mar  4 14:08:44 mydomain postfix/smtpd[11451]: connect from unknown[my.DEVBOX.ip.addr]
Mar  4 14:08:44 mydomain postfix/smtpd[11451]: warning: SASL: Connect to private/auth failed: No such file or directory
Mar  4 14:08:44 mydomain postfix/smtpd[11451]: fatal: no SASL authentication mechanisms
Mar  4 14:08:45 mydomain postfix/master[11446]: warning: process /usr/libexec/postfix/smtpd pid 11451 exit status 1
Mar  4 14:08:45 mydomain postfix/master[11446]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

笔记:

删除<from</etc/pki/dovecot/certs/dovecot.pem</etc/pki/dovecot/private/dovecot.pemin/etc/dovecot/conf.d/10-ssl.conf会导致服务器上运行的应用程序的 JavaMail imap 连接停止工作。但重新添加<in 可以解决问题。这可能指的是链接文件夹。

答案1

似乎您没有在端口 465 上启用 SSL,也没有对 smtp 提交服务器使用不同的设置。这意味着您在端口 465 上的设置可能与端口 25 上的设置相同。Thunderbird 随后尝试建立 SMTPS 连接,但以纯文本形式答复。提交与纯 SMTP 的设置完全不同,当然也需要身份验证。

master.cf 上的以下配置应该可以在端口 587 上启用良好的安全提交(带有 TLS 身份验证的 SMTP):

submission inet n - - - - smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_sasl_local_domain=$myhostname
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sender_login_maps=hash:/etc/postfix/virtual
  -o smtpd_sender_restrictions=reject_sender_login_mismatch
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

如果不需要,只需删除 smtpd_sender_login_maps。Dovecot 特定的行并不完全是 Dovecot 特定的。相反,Postfix 使用 Dovecot 进行 SASL 身份验证,您确实应该设置它。

对于 TLS,您还需要在 main.cf 中添加这些参数(并且可能用您自己的证书路径替换 snakeoil):

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

通过这些修改,它可能也适用于 SMTPS (465):

smtps inet n - - - - smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
...

我认为这些可能对你继续有帮助:

http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL

https://www.vultr.com/docs/simple-mailserver-postfix-dovecot-sieve-centos-7

相关内容