经过大约 6 个小时的搜索,我决定在这里寻求帮助
我已经尝试设置 postfix,一切正常
然后我决定用 Thunderbolt 来收发电子邮件,但没用
因此我发现我必须设置 SASL 身份验证,所以我这样做了(或者至少,我认为我已经将其设置为使用“AUTH PLAIN”进行 telnet 回复)
好的,现在您已经有了大致的了解,以下是我的配置:
/etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# TLS parameters
smtpd_tls_cert_file = /etc/letsencrypt/live/randomdevs.org/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/randomdevs.org/privkey.pem
smtpd_tls_security_level = may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
myhostname = randomdevs.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $mydomain, $myhostname, localhost.$myhostname, , localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/
mydomain = randomdevs.org
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_sasl_authenticated_header = yes
virtual_alias_domains = $mydomain
virtual_alias_maps = hash:/etc/postfix/virtual
/etc/postfix/master.cf
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd -v
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp -v
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
maildrop unix - n n - - pipe
flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
/etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = yes
auth_mechanisms = plain login
!include auth-system.conf.ext
/etc/dovecot/conf.d/10-master.conf
service imap-login {
inet_listener imap {
port = 143
}
}
service pop3-login {
inet_listener pop3 {
port = 110
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
Telnet 输出
Trying 207.180.254.22...
Connected to randomdevs.org.
Escape character is '^]'.
220 randomdevs.org ESMTP Postfix
EHLO $hostname
250-randomdevs.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING
AUTH PLAIN
334
xxxxxxxx **HERE, I'VE USED A BASE64 STRING ENCODED LIKE SO: echo -ne "\000username\000password" | openssl base64
535 5.7.8 Error: authentication failed:
AUTH LOGIN
334 VXNlcm5hbWU6
root **IM NOT SURE HERE IF IT IS THE RIGHT THING TO WRITE, IN FACT, I DON'T KNOW**
如您所见,我无法登录。
这怎么可能?有人能帮我吗?
提前致谢,祝您有美好的一天!
编辑:我编辑了 Telnet 输出以更好地解释我所做的事情,当我谈论雷鸟时,“没有工作”的意思是:[雷鸟设置][1] [使用的用户][2]
附言:请不要否决这个问题,我真的搜索了所有我能搜索到的东西,6/7 小时后我放弃了,并尝试在这里提问。请保持礼貌,这是我第一次使用 postfix
经过这些设置,thunderbird 仍然说找不到我的电子邮件帐户的设置。[1]:https://i.stack.imgur.com/Ra92L.png [2]:https://i.stack.imgur.com/uM4kX.png
答案1
在线登录凭证不是以原始形式呈现的,而是以 base64 编码呈现的,就像它向您呈现单词“用户名”和“密码”一样。因此,例如,用户名将root
作为 发送cm9vdA==
。
PLAIN 身份验证使用序列化为单个字符串的用户名和密码,该字符串再次采用 base64 编码:base64('\0' | login | '\0' | password)
,其中|
表示连接,'\0'
是文字零八位字节(ASCII NUL 字符)。以这种方式编码的字符串在334
消息后回复,或直接放入身份验证命令中。第一个 NUL 之前可能还有其他内容,但目前不必关心,如果您关心,请阅读RFC4616。
例如,这里了解详情。
需要注意的是:切勿在没有 SSL/TLS 层的情况下启用 LOGIN 或 PLAIN 机制,因为任何可以捕获流量的人都可以在线上观察这些 base64 字符串,对其进行解码并提取凭据。