使用 CentOS 8,我设置了 dovecot 和 postfix 并进行了测试:
- 我可以作为经过身份验证的用户登录
- 阅读电子邮件(IMAP)
- 将电子邮件发送到服务器上的相同/不同帐户
- 发送电子邮件至互联网邮件服务器
- 服务器不充当开放中继
我无法从外部(互联网)电子邮件服务器接收电子邮件。 我可以清楚地看到发送电子邮件的尝试。
在里面/var/log/maillog我看到以下几行(将主机名替换为<emailserver>:
Apr 25 22:27:48 <emailserver> postfix/submission/smtpd[565409]: warning: SASL: Connect to /var/spool/postfix/private/auth failed: No such file or directory
Apr 25 22:27:48 <emailserver> postfix/submission/smtpd[565409]: fatal: no SASL authentication mechanisms
日志的更大范围(打开调试后,00.00.0.000是我的电子邮件服务器的互联网 IP):
Apr 25 22:27:23 <emailserver> postfix/submission/smtpd[565409]: connect from unknown[00.00.0.000]
Apr 25 22:27:23 <emailserver> postfix/submission/smtpd[565409]: disconnect from unknown[00.00.0.000] ehlo=1 mail=0/1 quit=1 commands=2/3
Apr 25 22:27:48 <emailserver> postfix/submission/smtpd[565409]: connect from unknown[00.00.0.000]
Apr 25 22:27:48 <emailserver> postfix/submission/smtpd[565409]: Anonymous TLS connection established from unknown[00.00.0.000]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
Apr 25 22:27:48 <emailserver> postfix/submission/smtpd[565409]: warning: SASL: Connect to /var/spool/postfix/private/auth failed: No such file or directory
Apr 25 22:27:48 <emailserver> postfix/submission/smtpd[565409]: fatal: no SASL authentication mechanisms
Apr 25 22:27:49 <emailserver> postfix/master[404333]: warning: process /usr/libexec/postfix/smtpd pid 565409 exit status 1
Apr 25 22:30:32 <emailserver> postfix/smtpd[565512]: connect from <emailserver>.<tld>[00.00.0.000]
Apr 25 22:30:40 <emailserver> postfix/smtpd[565512]: SSL_accept error from <emailserver>.<tld>[00.00.0.000]: lost connection
Apr 25 22:30:40 <emailserver> postfix/smtpd[565512]: lost connection after CONNECT from <emailserver>.<tld>[00.00.0.000]
Apr 25 22:30:40 <emailserver> postfix/smtpd[565512]: disconnect from <emailserver>.<tld>[00.00.0.000] commands=0/0
Apr 25 22:32:02 <emailserver> postfix/smtpd[565532]: warning: hostname zg-0416a-115.stretchoid.com does not resolve to address 192.241.214.121: Name or service not known
Apr 25 22:32:02 <emailserver> postfix/smtpd[565532]: connect from unknown[192.241.214.121]
Apr 25 22:32:02 <emailserver> dovecot[403811]: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Apr 25 22:32:02 <emailserver> dovecot[403811]: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
Apr 25 22:32:02 <emailserver> dovecot[403811]: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
Apr 25 22:32:02 <emailserver> dovecot[403811]: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat
Apr 25 22:32:02 <emailserver> postfix/smtpd[565532]: fatal: no SASL authentication mechanisms
Apr 25 22:32:02 <emailserver> dovecot[403811]: auth: Debug: auth client connected (pid=0)
Apr 25 22:32:03 <emailserver> postfix/master[404333]: warning: process /usr/libexec/postfix/smtpd pid 565532 exit status 1
Apr 25 22:32:03 <emailserver> postfix/master[404333]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
Apr 25 22:33:43 <emailserver> postfix/anvil[565533]: statistics: max connection rate 1/60s for (smtp:192.241.214.121) at Apr 25 22:32:02
Apr 25 22:33:43 <emailserver> postfix/anvil[565533]: statistics: max connection count 1 for (smtp:192.241.214.121) at Apr 25 22:32:02
Apr 25 22:33:43 <emailserver> postfix/anvil[565533]: statistics: max cache size 1 at Apr 25 22:32:02
Apr 25 22:37:32 <emailserver> postfix/smtpd[565650]: connect from unknown[37.49.225.144]
Apr 25 22:37:32 <emailserver> dovecot[403811]: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Apr 25 22:37:32 <emailserver> dovecot[403811]: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
Apr 25 22:37:32 <emailserver> dovecot[403811]: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
Apr 25 22:37:32 <emailserver> dovecot[403811]: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat
Apr 25 22:37:32 <emailserver> dovecot[403811]: auth: Debug: auth client connected (pid=0)
Apr 25 22:37:32 <emailserver> postfix/smtpd[565650]: fatal: no SASL authentication mechanisms
Apr 25 22:37:33 <emailserver> postfix/master[404333]: warning: process /usr/libexec/postfix/smtpd pid 565650 exit status 1
Apr 25 22:37:33 <emailserver> postfix/master[404333]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
Apr 25 22:38:33 <emailserver> postfix/smtpd[565666]: connect from unknown[00.00.0.000]
Apr 25 22:38:33 <emailserver> postfix/smtpd[565666]: fatal: no SASL authentication mechanisms
Apr 25 22:38:33 <emailserver> dovecot[403811]: auth: Debug: auth client connected (pid=0)
Apr 25 22:38:34 <emailserver> postfix/master[404333]: warning: process /usr/libexec/postfix/smtpd pid 565666 exit status 1
Apr 25 22:38:34 <emailserver> postfix/master[404333]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
Apr 25 22:39:35 <emailserver> postfix/smtpd[565697]: connect from unknown[185.220.205.196]
我可以清楚地看到该目录存在:
[root@emailserver ~]# ls -lZ /var/spool/postfix/private/auth
srw-rw----. 1 postfix postfix system_u:object_r:postfix_private_t:s0 0 Apr 18 23:58 /var/spool/postfix/private/auth
也没有 SELinux 拒绝/错误...
[root@emailserver ~]# grep "denied" /var/log/audit/audit.log
[root@emailserver ~]# grep "SELinux is preventing" /var/log/messages
[root@emailserver ~]#
检查了 dovecot 配置连接到 private/auth 失败:没有此文件或目录:
[root@<emailserver> ~]# dovecot -n
# 2.3.8 (9df20d2db): /etc/dovecot/dovecot.conf
# OS: Linux 4.18.0 x86_64 CentOS Linux release
# Hostname: <emailserver>.<tld>
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_username_format = %n
first_valid_uid = 1000
mail_location = maildir:~/Maildir
mail_privileged_group = mail
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = create
special_use = \Drafts
}
mailbox Junk {
auto = create
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
auto = create
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = postfix
mode = 0666
user = postfix
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl_ca = </etc/pki/tls/certs/<emailserver>.<tld>.ca-bundle
ssl_cert = </etc/pki/tls/certs/<emailserver>_<tld>.crt
ssl_cipher_list = PROFILE=SYSTEM
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
protocol lmtp {
hostname = <emailserver>.<tld>
postmaster_address = postmaster@<emailserver>.<tld>
}
后缀配置(我认为‘noanonymous’与我的问题有关?):
[root@<emailserver> ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_transport = lmtp:unix:private/dovecot-lmtp
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
meta_directory = /etc/postfix
mydestination = <emailserver>.<tld>, $myhostname, localhost.$mydomain, localhost
mydomain = <emailserver>.<tld>
myorigin = <emailserver>.<tld>
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix/README_FILES
sample_directory = /usr/share/doc/postfix/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib64/postfix
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_CApath = /etc/pki/tls/certs/
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/pki/tls/certs/<emailserver>.<tld>.crt
smtpd_tls_key_file = /etc/pki/tls/private/<emailserver>_<tld>.pem
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtputf8_enable = no
unknown_local_recipient_reject_code = 550
virtual_transport = dovecot
[root@<emailserver> ~]#
文件/etc/postfix/master.cf:
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_sender=yes
#-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o broken_sasl_auth_clients=yes
-o smtpd_sasl_path=/var/spool/postfix/private/auth
smtps inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_sender=yes
-o smtpd_tls_wrappermode=yes
#-o smtpd_recipient_restrictions=reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o broken_sasl_auth_clients=yes
-o smtpd_sasl_path=/var/spool/postfix/private/auth
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
#-o smtpd_sender_login_maps=hash:/etc/postfix/virtual
-o smtpd_sender_restrictions=reject_sender_login_mismatch
# -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
-o smtpd_sasl_type=dovecot
#-o smtpd_sasl_path=private/auth
#smtps inet n - n - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
按照另一SF 问题sasl 包已安装:
[root@emailserver ~]# dnf install cyrus-sasl-plain
Last metadata expiration check: 0:59:13 ago on ... PM CDT.
Package cyrus-sasl-plain-2.1.27-5.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@emailserver ~]#
如能提供任何帮助解决此问题,我们将不胜感激。