Postfix SMTP+saslauthd 身份验证失败

Postfix SMTP+saslauthd 身份验证失败

我尝试使用postfixsaslauthd实现SMTP 身份验证Ubuntu

我的 IP 是W.X.Y.Z,我的 VPS IP 是W'.X'.Y'.Z'
我的用户是JohnDoe,我的主机名是server

它不起作用,这里是日志文件/var/mail/log。当我尝试使用我的邮件应用程序进行身份验证时:

Sep 12 08:36:12 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:13 server dovecot: imap-login: Login: user=<JohnDoe>, method=PLAIN, rip=W.X.Y.Z, lip=W'.X'.Y'.Z', mpid=2392, TLS, session=<FvDmE4wfQwBUZ2XK>
Sep 12 08:36:13 server postfix/smtpd[2384]: warning: SASL authentication failure: unable to canonify user and get auxprops
Sep 12 08:36:13 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL DIGEST-MD5 authentication failed: authentication failure
Sep 12 08:36:13 server dovecot: imap(JohnDoe): Disconnected: Logged out in=30 out=456
Sep 12 08:36:13 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:13 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:14 server postfix/smtpd[2384]: warning: SASL authentication failure: unable to canonify user and get auxprops
Sep 12 08:36:14 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL DIGEST-MD5 authentication failed: authentication failure
Sep 12 08:36:14 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:15 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:16 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL CRAM-MD5 authentication failed: authentication failure
Sep 12 08:36:16 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:16 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:17 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL CRAM-MD5 authentication failed: authentication failure
Sep 12 08:36:17 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:17 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:18 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL NTLM authentication failed: authentication failure
Sep 12 08:36:18 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:18 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:19 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL NTLM authentication failed: authentication failure
Sep 12 08:36:19 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:20 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:20 server postfix/smtpd[2384]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 12 08:36:20 server postfix/smtpd[2384]: warning: SASL authentication failure: Password verification failed
Sep 12 08:36:20 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL PLAIN authentication failed: generic failure
Sep 12 08:36:21 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:21 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:22 server postfix/smtpd[2384]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 12 08:36:22 server postfix/smtpd[2384]: warning: SASL authentication failure: Password verification failed
Sep 12 08:36:22 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL PLAIN authentication failed: generic failure
Sep 12 08:36:22 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:22 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:23 server postfix/smtpd[2384]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 12 08:36:23 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL LOGIN authentication failed: generic failure
Sep 12 08:36:23 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:23 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:25 server postfix/smtpd[2384]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 12 08:36:25 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL LOGIN authentication failed: generic failure
Sep 12 08:36:25 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:25 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]

如果我尝试使用telnet手动身份验证:

MyComputer:~ JohnDoe$ telnet my.domain 587
Trying W'.X'.Y'.Z'...
Connected to my.domain.
Escape character is '^]'.
220 my.domain ESMTP Postfix (Ubuntu)
EHLO my.domain
250-server.my.domain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
250-AUTH=DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN Sm9obkRvZQBKb2huRG9lAE15UGFzc3dvcmQ=
535 5.7.8 Error: authentication failed: generic failure
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

我可以在日志中看到:

Sep 12 08:47:17 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:47:24 server postfix/smtpd[2384]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 12 08:47:24 server postfix/smtpd[2384]: warning: SASL authentication failure: Password verification failed
Sep 12 08:47:24 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL PLAIN authentication failed: generic failure
Sep 12 08:47:28 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]

这是我的posftconf -n输出:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
masquerade_domains = $mydomain
mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost
mydomain = my.domain
myhostname = server.$mydomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $mydomain ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

答案1

好的,在虚拟机上尝试了一下,

Sep 12 08:36:20 server postfix/smtpd[2384]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

日志消息可能表明chroot相关步骤尚未完成,因为进程strace上的postfix/smtpd表示 postfix 正在寻找一个(未记录的,叹息)文件名/var/run/saslauthd/mux,以及其他调试表明init.d脚本正在执行chroot相关操作。完成以下步骤后,我能够在测试虚拟机上对 PLAIN 进行身份验证:

rm -r /var/run/saslauthd/
mkdir -p /var/spool/postfix/var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run
chgrp sasl /var/spool/postfix/var/run/saslauthd
adduser postfix sasl

然后重新启动以确保所涉及的守护进程能够看到组成员身份的增加。如果没有,我会将一个附加strace到 postfix 进程并检查系统上的所有日志文件,看看是否有任何提示表明发生了什么。

相关内容