我想在我的 nagios 服务器上设置 postfix 以将电子邮件中继到我们的 Microsoft Exchange 服务器,但在使用 Microsoft Exchange 进行身份验证时遇到了问题。
具体来说,我收到了这个错误:
警告:SASL 身份验证失败:GSSAPI 错误:未提供凭据,或者凭据不可用或无法访问(没有可用的 Kerberos 凭据(默认缓存:KCM:))
我已经安装了 cyrus-sasl 包
[root@nag postfix]# yum list installed | grep sas
cyrus-sasl.x86_64 2.1.27-17.el9 @baseos
cyrus-sasl-gssapi.x86_64 2.1.27-17.el9 @anaconda
cyrus-sasl-lib.x86_64 2.1.27-17.el9 @anaconda
cyrus-sasl-md5.x86_64 2.1.27-17.el9 @appstream
cyrus-sasl-plain.x86_64 2.1.27-17.el9 @anaconda
[root@nag postfix]# postconf -df | grep sasl
broken_sasl_auth_clients = no
cyrus_sasl_config_path =
lmtp_sasl_auth_cache_name =
lmtp_sasl_auth_cache_time = 90d
lmtp_sasl_auth_enable = no
lmtp_sasl_auth_soft_bounce = yes
lmtp_sasl_mechanism_filter =
lmtp_sasl_password_maps =
lmtp_sasl_path =
lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
lmtp_sasl_type = cyrus
$lmtp_sasl_password_maps $lmtp_tls_policy_maps $mailbox_command_maps
$smtp_pix_workaround_maps $smtp_sasl_password_maps $smtp_tls_policy_maps
proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name
send_cyrus_sasl_authzid = no
smtp_sasl_auth_cache_name =
smtp_sasl_auth_cache_time = 90d
smtp_sasl_auth_enable = no
smtp_sasl_auth_soft_bounce = yes
smtp_sasl_mechanism_filter =
smtp_sasl_password_maps =
smtp_sasl_path =
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_sasl_type = cyrus
{permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}}
smtpd_sasl_auth_enable = no
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_response_limit = 12288
smtpd_sasl_security_options = noanonymous
smtpd_sasl_service = smtp
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus
主配置文件
compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = host.domain.tld
mydomain = domain.tld
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks = 0.0.0.0/24, 1.1.1.0/24
relayhost = [relayhost.domain.tld]:587
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix/samples
readme_directory = /usr/share/doc/postfix/README_FILES
smtpd_tls_security_level = may
smtp_tls_CApath = /etc/pki/tls/certs
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix
myhostname = host.domain.tld
relayhost = [relayhost.domain.tld]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
[root@nag postfix]# systemctl status postfix
postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2021-12-14 14:05:42 NST; 8min ago
Process: 29028 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
Process: 29030 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
Process: 29031 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
Main PID: 29099 (master)
Tasks: 4 (limit: 11100)
Memory: 4.9M
CPU: 331ms
CGroup: /system.slice/postfix.service
├─29099 /usr/libexec/postfix/master -w
├─29100 pickup -l -t unix -u
├─29101 qmgr -l -t unix -u
└─29148 tlsmgr -l -t unix -u
Dec 14 14:07:02 host.domain.tld postfix/pickup[29100]: C4AF631A2671: uid=0 from=<[email protected]>
Dec 14 14:07:02 host.domain.tld postfix/trivial-rewrite[29146]: warning: /etc/postfix/main.cf, line 758: overriding earlier entry: myhostname=host.domain.tld
Dec 14 14:07:02 host.domain.tld postfix/cleanup[29145]: C4AF631A2671: message-id=<20211214173702.OJWqL%[email protected]>
Dec 14 14:07:02 host.domain.tld postfix/qmgr[29101]: C4AF631A2671: from=<[email protected]>, size=330, nrcpt=1 (queue active)
Dec 14 14:07:02 host.domain.tld postfix/smtp[29147]: warning: /etc/postfix/main.cf, line 758: overriding earlier entry: myhostname=host.domain.tld
Dec 14 14:07:02 host.domain.tld postfix/tlsmgr[29148]: warning: /etc/postfix/main.cf, line 758: overriding earlier entry: myhostname=host.domain.tld
Dec 14 14:07:03 host.domain.tld postfix/smtp[29147]: warning: SASL authentication failure: GSSAPI Error: No credentials were supplied, or the credentials were unavailable or inaccessible (No Kerberos credentials available (default cache: KCM:))
Dec 14 14:07:03 host.domain.tld postfix/bounce[29150]: warning: /etc/postfix/main.cf, line 758: overriding earlier entry: myhostname=host.domain.tld
Dec 14 14:07:03 host.domain.tld postfix/smtp[29147]: C4AF631A2671: to=<[email protected]>, relay=mail.domain.tld[1.1.1.2]:587, delay=0.29, delays=0.01/0.07/0.21/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server mail.domain.tld[1.1.1.2]: generic failure)
Dec 14 14:07:25 host.domain.tld postfix/showq[29198]: warning: /etc/postfix/main.cf, line 758: overriding earlier entry: myhostname=host.domain.tld
sasl 密码
[relayhost.domain.tld]:587 [email protected]:bestpassword
[root@nag postfix]# mailq
mailq: warning: /etc/postfix/main.cf, line 758: overriding earlier entry: myhostname=host.domain.tld
postqueue: warning: /etc/postfix/main.cf, line 758: overriding earlier entry: myhostname=host.domain.tld
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
C4AF631A2671 330 Tue Dec 14 14:07:02 [email protected]
(SASL authentication failed; cannot authenticate to server relayhost.domain.tld[1.1.1.2]: generic failure)
[email protected]
编辑
我找到了问题所在。这个问题回答了这个问题如何配置 Postfix 客户端中继到 Exchange 2010 服务器
我补充道smtp_sasl_mechanism_filter = !gssapi, !ntlm, 静态:休息到主配置文件