mysql 无法通过 cyrus 进行 postfix 身份验证

mysql 无法通过 cyrus 进行 postfix 身份验证

所以我一直在构建一个邮件服务器,我已经设置了 postfix 和一个数据库,现在我想要的是 cyrus 应该从数据库中验证我的邮件服务器用户,我已经设置了一个数据库,现在我遇到了一些问题

yum -y install cyrus-sasl*

我的 postfix -n 看起来像这样

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
cyrus_sasl_config_path = /etc/sasl2/
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = localhost, 192.168.1.1
inet_protocols = ipv4
local_recipient_maps = mysql:/etc/postfix/mysql-local.cf
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = domain.com
myhostname = my.domain.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
smtpd_tls_key_file = /etc/postfix/ssl/server.key
smtpd_tls_security_level = may
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-aliases.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-users.cf

我的 postconf -M 看起来像这样

smtp       inet  n       -       n       -       -       smtpd
submission inet  n       -       n       -       -       smtpd 
-o smtpd_sasl_security_options=noanonymous
 -o smtpd_sasl_auth_enable=yes 
-o broken_sasl_auth_clients=yes 
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject 
-o milter_macro_daemon_name=ORIGINATING
smtps      inet  n       -       n       -       -       smtpd
 -o smtpd_sasl_security_options=noanonymous 
-o smtpd_sasl_auth_enable=yes 
-o broken_sasl_auth_clients=yes 
-o syslog_name=postfix/smtps 
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject 
-o milter_macro_daemon_name=ORIGINATING
pickup     unix  n       -       n       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache

}

猫/etc/sasl2/smtpd.conf

{

pwcheck_method: saslauthd
auxprop_plugin: mysql
mech_list: PLAIN LOGIN
sql_engine: mysql
sql_hostnames: 127.0.0.1, localhost
sql_user: postfix
sql_passwd: password
sql_database: server
sql_select: SELECT password FROM users WHERE email = '%u'

}

现在的问题是,当我尝试从 mysql

猫/etc/imapd.conf

configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN
allowplaintext: no
defaultdomain: mail
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
# uncomment this if you're operating in a DSCP environment (RFC-4594)
# qosmarking: af13

猫/etc/cyrus.conf

# standard standalone server implementation

START {
  # do not delete this entry!
  recover       cmd="ctl_cyrusdb -r"

  # this is only necessary if using idled for IMAP IDLE
  idled         cmd="idled"
}

# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
  # add or remove based on preferences
  imap          cmd="imapd" listen="imap" prefork=5
  imaps         cmd="imapd -s" listen="imaps" prefork=1
  pop3          cmd="pop3d" listen="pop3" prefork=3
  pop3s         cmd="pop3d -s" listen="pop3s" prefork=1
  sieve         cmd="timsieved" listen="sieve" prefork=0

  # these are only necessary if receiving/exporting usenet via NNTP
#  nntp         cmd="nntpd" listen="nntp" prefork=3
#  nntps                cmd="nntpd -s" listen="nntps" prefork=1

  # at least one LMTP is required for delivery
#  lmtp         cmd="lmtpd" listen="lmtp" prefork=0
  lmtpunix      cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1

  # this is only necessary if using notifications
#  notify       cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1
}

EVENTS {
  # this is required
  checkpoint    cmd="ctl_cyrusdb -c" period=30

  # this is only necessary if using duplicate delivery suppression,
  # Sieve or NNTP
  delprune      cmd="cyr_expire -E 3" at=0400

  # this is only necessary if caching TLS sessions
  tlsprune      cmd="tls_prune" at=0400
}

所以有人能帮我解决这个问题吗谢谢......

答案1

问题可能在于/etc/sasl2/smtpd.conf

pwcheck_method = auxprop

如果saslauthd使用,它将查看 pam 方法数据库并忽略指向 sql 的所有其他设置。此外,如果您只是尝试发送邮件而不设置 imap,那么您无法从邮件客户端连接,因为邮件客户端需要完全设置邮件服务器,因此您需要手动设置邮件客户端并使用 StartTLS 端口 587 提供 smtp,标准密码验证确保在邮件客户端询问您时输入正确的密码。

基本上,如果您想采用saslauthd机制,最好安装pam_mysql模块并设置/etc.pam.d/smtp以查找 mysql 数据库。

希望这可以帮助

相关内容