Postifx 和 Dovecot:致命:没有 SASL 认证机制

Postifx 和 Dovecot:致命:没有 SASL 认证机制

当我从 Gmail 向服务器发送测试邮件时,收到此错误:

致命:没有 SASL 身份验证机制

以下是我的所有配置文件和日志文件,以帮助我们:

/var/log/邮件日志

Nov  4 14:42:49 ns1 postfix/postfix-script[2147]: stopping the Postfix mail system
Nov  4 14:42:49 ns1 postfix/master[1340]: terminating on signal 15
Nov  4 14:42:49 ns1 postfix/postfix-script[2228]: starting the Postfix mail system
Nov  4 14:42:49 ns1 postfix/master[2230]: daemon started -- version 2.10.1, configuration /etc/postfix
Nov  4 14:45:37 ns1 postfix/smtpd[2314]: connect from mail-oi0-f51.google.com[209.85.218.51]
Nov  4 14:45:37 ns1 postfix/smtpd[2314]: fatal: no SASL authentication mechanisms
Nov  4 14:45:38 ns1 postfix/master[2230]: warning: process /usr/libexec/postfix/smtpd pid 2314 exit status 1
Nov  4 14:45:38 ns1 postfix/master[2230]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
Nov  4 14:47:18 ns1 postfix/anvil[2317]: statistics: max connection rate 1/60s for (smtp:209.85.218.51) at Nov  4 14:45:37
Nov  4 14:47:18 ns1 postfix/anvil[2317]: statistics: max connection count 1 for (smtp:209.85.218.51) at Nov  4 14:45:37
Nov  4 14:47:18 ns1 postfix/anvil[2317]: statistics: max cache size 1 at Nov  4 14:45:37

systemctl 状态 dovecot -l

[root@ns1 ~]# systemctl status dovecot -l
   dovecot.service - Dovecot IMAP/POP3 email server
   Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2016-11-04 14:43:28 BRST; 35s ago
  Process: 2246 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS)
 Main PID: 2250 (dovecot)
   CGroup: /system.slice/dovecot.service
           ├─2250 /usr/sbin/dovecot -F
           ├─2251 dovecot/anvil
           ├─2252 dovecot/log
           └─2254 dovecot/config

Nov 04 14:43:28 ns1.domain.com.br systemd[1]: Starting Dovecot IMAP/POP3 email server...
Nov 04 14:43:28 ns1.domain.com.br systemd[1]: Started Dovecot IMAP/POP3 email server.

systemctl 状态后缀-l

[root@ns1 ~]# systemctl status postfix -l
   postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2016-11-04 14:42:49 BRST; 1min 55s ago
  Process: 2141 ExecStop=/usr/sbin/postfix stop (code=exited, status=0/SUCCESS)
  Process: 2158 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
  Process: 2154 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
  Process: 2152 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
 Main PID: 2230 (master)
   CGroup: /system.slice/postfix.service
           ├─2230 /usr/libexec/postfix/master -w
           ├─2231 pickup -l -t unix -u
           └─2232 qmgr -l -t unix -u

Nov 04 14:42:49 ns1.domain.com.br systemd[1]: Starting Postfix Mail Transport Agent...
Nov 04 14:42:49 ns1.domain.com.br postfix/postfix-script[2228]: starting the Postfix mail system
Nov 04 14:42:49 ns1.domain.com.br postfix/master[2230]: daemon started -- version 2.10.1, configuration /etc/postfix
Nov 04 14:42:49 ns1.domain.com.br systemd[1]: Started Postfix Mail Transport Agent.

systemctl 状态 saslauthd -l

[root@ns1 ~]# systemctl status saslauthd -l
   saslauthd.service - SASL authentication daemon.
   Loaded: loaded (/usr/lib/systemd/system/saslauthd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2016-11-03 12:19:08 BRST; 1 day 2h ago
  Process: 1978 ExecStart=/usr/sbin/saslauthd -m $SOCKETDIR -a $MECH $FLAGS (code=exited, status=0/SUCCESS)
 Main PID: 1979 (saslauthd)
   CGroup: /system.slice/saslauthd.service
           ├─1979 /usr/sbin/saslauthd -m /run/saslauthd -a pam -r
           ├─1980 /usr/sbin/saslauthd -m /run/saslauthd -a pam -r
           ├─1981 /usr/sbin/saslauthd -m /run/saslauthd -a pam -r
           ├─1982 /usr/sbin/saslauthd -m /run/saslauthd -a pam -r
           └─1983 /usr/sbin/saslauthd -m /run/saslauthd -a pam -r

Nov 03 12:19:08 ns1.domain.com.br systemd[1]: Starting SASL authentication daemon....
Nov 03 12:19:08 ns1.domain.com.br saslauthd[1979]: detach_tty      : master pid is: 1979
Nov 03 12:19:08 ns1.domain.com.br saslauthd[1979]: ipc_init        : listening on socket: /run/saslauthd/mux
Nov 03 12:19:08 ns1.domain.com.br systemd[1]: Started SASL authentication daemon..

/etc/postfix/main.cf

# MY CONFIGS
myhostname = mail.domain.com.br
mydomain = domain.com.br
myorigin = $mydomain
inet_protocols = ipv4
mydestination = $myhostname, localhost, ns1.domain.com.br
mynetworks = 168.100.189.0/28, 127.0.0.0/8
relay_domains = $mydestination
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
recipient_bcc_maps = hash:/etc/postfix/bcc
queue_directory = /var/spool/postfix
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

# SASL
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_security_options = noanonymous noplaintext
smtpd_sasl_local_domain = domain.com.br
smtpd_recipient_restrictions = check_policy_service unix:/var/spool/postfix/postgrey/socket

# TLS
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/postfix/ssl/mail.domain.com.br.key
smtpd_tls_cert_file = /etc/postfix/ssl/mail.domain.com.br.crt
smtpd_tls_security_level=encrypt
smtpd_tls_auth_only = yes
smtpd_sasl_tls_security_options = noanonymous, noplaintext

/etc/postfix/master.cf

smtp      inet  n       -       n       -       -       smtpd

/etc/dovecot/dovecot.conf

protocols = imap pop3
listen = *

/etc/dovecot/10-auth.conf

disable_plaintext_auth = no
auth_mechanisms = plain login

/etc/dovecot/10-master.conf

service auth {
  unix_listener auth-userdb {
    #mode = 0660
    #user = postfix
    #group = postfix
  }

  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }

  # Auth process is run as this user.
  #user = $default_internal_user
}

谢谢您的关注。

@更新 01

这是日志文件:

Nov  6 11:02:35 ns1 postfix/smtpd[3950]: connect from mail-oi0-f47.google.com[209.85.218.47]
Nov  6 11:02:35 ns1 postfix/smtpd[3950]: fatal: no SASL authentication mechanisms
Nov  6 11:02:36 ns1 postfix/master[12735]: warning: process /usr/libexec/postfix/smtpd pid 3950 exit status 1
Nov  6 11:02:36 ns1 postfix/master[12735]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
Nov  6 11:04:16 ns1 postfix/anvil[3952]: statistics: max connection rate 1/60s for (smtp:209.85.218.47) at Nov  6 11:02:35
Nov  6 11:04:16 ns1 postfix/anvil[3952]: statistics: max connection count 1 for (smtp:209.85.218.47) at Nov  6 11:02:35
Nov  6 11:04:16 ns1 postfix/anvil[3952]: statistics: max cache size 1 at Nov  6 11:02:35

这是 postconf -n

[root@ns1 ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
html_directory = no
inet_protocols = ipv4
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
milter_default_action = accept
milter_protocol = 2
mydestination = $myhostname, localhost.$mydomain, $mydomain
mydomain = domain.com.br
myhostname = mail.domain.com.br
mynetworks = 168.100.189.0/28, 127.0.0.0/8
myorigin = domain.com.br
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:localhost:8891
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
recipient_bcc_maps = hash:/etc/postfix/bcc
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sender_bcc_maps = hash:/etc/postfix/bcc
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = check_policy_service unix:/var/spool/postfix/postgrey/socket permit_mynetworks permit_inet_interfaces
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous noplaintext
smtpd_sasl_tls_security_options = noanonymous, noplaintext
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = hash:/etc/postfix/virtual
smtpd_sender_restrictions = reject_sender_login_mismatch
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/mail.domain.com.br.crt
smtpd_tls_key_file = /etc/postfix/ssl/mail.domain.com.br.key
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_exchange_name = /var/lib/postfix/prng_exch
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual

以下是版本:

postfix-2.10.1-6.el7.x86_64 dovecot-2.2.10-5.el7.x86_64 CentOS Linux 7.2.1511 内核 x86_64 上的 Linux 4.8.5-1.el7.elrepo.x86_64

@更新 02

这是我的 doveconf -n:

[root@ns1 ~]# doveconf -n
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 4.8.5-1.el7.elrepo.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core                                                                                                                                                             )
auth_mechanisms = plain login
disable_plaintext_auth = no
listen = *
mail_location = maildir:~/Maildir
mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  driver = pam
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
}
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
  driver = passwd
}

答案1

您的$mydestination不包括您的$mydomain。当 Postfix 收到邮件时,它会查找域是否在 中$mydestination,如果不在,它会尝试验证发件人(因为它认为邮件是由客户端提交的,而不是由另一台服务器传递的)。

$mydomain将服务器托管的域或域列表添加至$mydestination

此外,您的 SASL 配置似乎已损坏。您启动了saslauthd,但配置 Postfix 以连接 Dovecot 进行身份验证:

smtpd_sasl_type = dovecot

由于您已经配置了 Dovecot,因此可以省略使用saslauthd。如果邮件提交失败,请确保dovecot在中列出postconf -a

相关内容