在 dovecot 中启用 mail_crypt 时出现问题 / SASL 身份验证失败

在 dovecot 中启用 mail_crypt 时出现问题 / SASL 身份验证失败

dovecot --版本 2.3.4.1 (f79e8e7e4)

好的,我尝试启用邮件加密,但出现问题。我正在使用https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/#ec-key

我跑了:

cd $HOME
openssl ecparam -name prime256v1 -genkey | openssl pkey -out ecprivkey.pem
openssl pkey -in ecprivkey.pem -pubout -out ecpubkey.pem

我将 dovecot 配置编辑为:

. . .
mail_max_userip_connections = 120
. . .
mail_plugins = $mail_plugins mail_crypt
plugin {
  mail_crypt_global_private_key = </home/ec2-user/ecprivkey.pem
  mail_crypt_global_public_key = </home/ec2-user/ecpubkey.pem
  mail_crypt_save_version = 2
}
. . .

我现在在日志中看到:

deliver       | Apr 15 02:43:29 ip-172-31-0-35 postfix/submission/smtpd[19059]: warning: inet-MY IP-1.bos.netblazr.com[MY IP]: SASL PLAIN authentication failed: generic failure
deliver       | Apr 15 02:43:29 ip-172-31-0-35 postfix/submission/smtpd[19059]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
deliver       | Apr 15 02:43:29 ip-172-31-0-35 postfix/submission/smtpd[19059]: warning: inet.MY IP.bos.netblazr.com[MY IP]: SASL LOGIN authentication failed: generic failure
. . .
deliver       | Apr 15 02:44:08 ip-172-31-0-35 postfix/smtpd[22684]: NOQUEUE: reject: RCPT from mail-qk1-f176.google.com[209.85.222.176]: 451 4.3.5 <MY EEMAIL>: Recipient address rejected: Server configuration problem; from=<[email protected]> to=<MY EMAIL> proto=ESMTP helo=<mail-qk1-f176.google.com>
deliver       | Apr 15 02:44:08 ip-172-31-0-35 postfix/smtpd[22684]: disconnect from mail-qk1-f176.google.com[209.85.222.176] ehlo=2 starttls=1 mail=1 rcpt=0/1 bdat=0/1 quit=1 commands=5/7

我想知道为什么现在启用 SASL 以使 postfix 能够工作/进行身份验证(如果我关闭 mail_crypt 则不会启用)。

我猜Server configuration problem问题就在这里...

有什么建议我应该去哪里看吗?

答案1

明白了——完全误解了将 mail_crypt 放在哪里。以下是我所做的:

services:
  mailserver:
    image: docker.io/mailserver/docker-mailserver:latest
    hostname: ${HOSTNAME}
    domainname: ${DOMAINNAME}
    container_name: ${CONTAINER_NAME}
    env_file: mailserver.env
    ports:
      - "25:25"
      - "143:143"
      - "587:587"
      - "993:993"
    volumes:
      - ./maildata:/var/mail
      - ./mailstate:/var/mail-state
      - ./maillogs:/var/log/mail
      - ./config/:/tmp/docker-mailserver/${SELINUX_LABEL}
      - ./config/dovecot:/etc/dovecot/conf.d
      - ./certs/:/certs
      - /etc/letsencrypt:/etc/letsencrypt
    restart: always
    cap_add: [ "NET_ADMIN", "SYS_PTRACE" ]

然后,我编辑了volumed ./config/dovecot/20-lmtp.conf而不是主dovecot配置,并添加:

protocol lmtp {
  # Space separated list of plugins to load (default is global mail_plugins).
  mail_plugins = $mail_plugins sieve mail_crypt
  plugin {
    mail_crypt_global_private_key = </certs/ecprivkey.pem
    mail_crypt_global_public_key = </certs/ecpubkey.pem
    mail_crypt_save_version = 2
  }
}

然后还编辑了20-imap.conf:

protocol imap {
    # allow IMAP clients to ask quota usage
    mail_plugins = $mail_plugins imap_quota mail_crypt
  plugin {
    mail_crypt_global_private_key = </certs/ecprivkey.pem
    mail_crypt_global_public_key = </certs/ecpubkey.pem
    mail_crypt_save_version = 2
  }
}

现在效果很好:)

相关内容