我使用 postfix(传入端口 25)+SpamPD(127.0.0.1:10025 中继主机:127.0.0.1:10026)过滤来自互联网的远程 MTA 传入电子邮件。包含虚拟域的 MTA 在单独的机器上运行。因此,对于用户身份验证,我使用带有 postfix 的 SpamPD 代理。
我在 Microsoft Outlook 2007 上使用 smtp 身份验证时遇到问题。但是 smtp 身份验证可以与 Outlook Express 配合使用。
postfix debug:
May 31 16:55:19 filter postfix/smtpd[17149]: connect from unknown[192.168.0.33]
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostname: unknown ~? 127.0.0.0/8
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostaddr: 192.168.0.33 ~? 127.0.0.0/8
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostname: unknown ~? 192.168.0.0/24
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostaddr: 192.168.0.33 ~? 192.168.0.0/24
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostname: unknown ~? 192.168.0.0/24
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostaddr: 192.168.0.33 ~? 192.168.0.0/24
May 31 16:55:19 filter postfix/smtpd[17149]: > unknown[192.168.0.33]: 220 filter.mydomain.local ESMTP Postfix
May 31 16:55:19 filter postfix/smtpd[17149]: watchdog_pat: 0x9883ba0
May 31 16:55:19 filter postfix/smtpd[17149]: < unknown[192.168.0.33]: EHLO mypc
May 31 16:55:19 filter postfix/smtpd[17149]: > unknown[192.168.0.33]: 250-filter.mydomain.local
May 31 16:55:19 filter postfix/smtpd[17149]: > unknown[192.168.0.33]: 250-PIPELINING
May 31 16:55:19 filter postfix/smtpd[17149]: > unknown[192.168.0.33]: 250-SIZE 10240000
May 31 16:55:19 filter postfix/smtpd[17149]: > unknown[192.168.0.33]: 250-VRFY
May 31 16:55:19 filter postfix/smtpd[17149]: match_list_match: unknown: no match
May 31 16:55:19 filter postfix/smtpd[17149]: match_list_match: 192.168.0.33: no match
May 31 16:55:19 filter postfix/smtpd[17149]: > unknown[192.168.0.33]: 250-ETRN
May 31 16:55:19 filter postfix/smtpd[17149]: > unknown[192.168.0.33]: 250-ENHANCEDSTATUSCODES
May 31 16:55:19 filter postfix/smtpd[17149]: > unknown[192.168.0.33]: 250-8BITMIME
May 31 16:55:19 filter postfix/smtpd[17149]: > unknown[192.168.0.33]: 250 DSN
May 31 16:55:19 filter postfix/smtpd[17149]: watchdog_pat: 0x9883ba0
May 31 16:55:19 filter postfix/smtpd[17149]: smtp_get: EOF
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostname: unknown ~? 127.0.0.0/8
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostaddr: 192.168.0.33 ~? 127.0.0.0/8
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostname: unknown ~? 192.168.0.0/24
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostaddr: 192.168.0.33 ~? 192.168.0.0/24
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostname: unknown ~? 192.168.0.0/24
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostaddr: 192.168.0.33 ~? 192.168.0.0/24
Postfix 主控文件
smtp inet n - - - 20 smtpd -v
-o smtpd_proxy_filter=127.0.0.1:10025
-o smtpd_client_connection_count_limit=10
# After-filter SMTP server. Receive mail from the content filter
# on localhost port 10026.
#
127.0.0.1:10026 inet n - n - - smtpd
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=
-o mynetworks=127.0.0.0/8
-o receive_override_options=no_unknown_recipient_checks
请在这方面提供帮助。
我对此进行了进一步的诊断。以下是使用 Outlook Express 进行的诊断。
created thread for connection
processing 4 on thread b7f66b90
accepted connection from 192.168.0.50
SERVER connected to 192.168.0.51
SERVER < 220-mydomain.com ESMTP
CLIENT > 220-mydomain.com ESMTP
CLIENT < EHLO mypc
SERVER > EHLO mypc
SERVER < 250-mydomain.com Hello virata [192.168.0.151], pleased to meet you.
intercepting host response
CLIENT > 250-smtp.passthru
SERVER < 250-ENHANCEDSTATUSCODES
CLIENT > 250-ENHANCEDSTATUSCODES
SERVER < 250-SIZE
CLIENT > 250-SIZE
SERVER < 250-EXPN
CLIENT > 250-EXPN
SERVER < 250-ETRN
CLIENT > 250-ETRN
SERVER < 250-ATRN
CLIENT > 250-ATRN
SERVER < 250-DSN
CLIENT > 250-DSN
SERVER < 250-CHECKPOINT
filtered ESMTP feature CHECKPOINT
SERVER < 250-8BITMIME
CLIENT > 250-8BITMIME
SERVER < 250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
CLIENT > 250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
SERVER < 250-AUTH=LOGIN
CLIENT > 250-AUTH=LOGIN
SERVER < 250-STARTTLS
filtered ESMTP feature STARTTLS
SERVER < 250 HELP
CLIENT > 250 HELP
CLIENT < AUTH LOGIN
SERVER > AUTH LOGIN
SERVER < 334 VXNlcm5hbWU6
CLIENT > 334 VXNlcm5hbWU6
CLIENT < YXNpbUBnYWxpbGVvLm5leGxpbngubmV0LnBr
SERVER > YXNpbUBnYWxpbGVvLm5leGxpbngubmV0LnBr
SERVER < 334 UGFzc3dvcmQ6
CLIENT > 334 UGFzc3dvcmQ6
CLIENT < MTIzNDU2
SERVER > MTIzNDU2
SERVER < 235 2.0.0 Authentication successful
Client authenticated successfully
CLIENT > 235 2.0.0 Authentication successful
CLIENT < MAIL FROM <[email protected]>
SERVER > MAIL FROM <[email protected]>
SERVER < 250 2.1.0 <[email protected]>... Sender ok
CLIENT > 250 2.1.0 <[email protected]>... Sender ok
CLIENT < RCPT TO <[email protected]>
SERVER > RCPT TO <[email protected]>
SERVER < 250 2.1.5 <[email protected]>... Recipient ok; will forward
CLIENT > 250 2.1.5 <[email protected]>... Recipient ok; will forward
CLIENT < DATA
CLIENT > 354 Start mail input; end with <CRLF>.<CRLF>
executed filter command /usr/local/bin/spamassassin.sh (pid 22927)
created cache file /tmp/.Os81QA
以下是使用 Microsoft Outlook 2007 进行的诊断。
created thread for connection
processing 4 on thread b7f92b90
accepted connection from: 192.168.0.33
SERVER connected to: 192.168.0.82
SERVER < 220-mydomain.com ESMTP
CLIENT > 220-mydomain.com ESMTP
CLIENT < EHLO mypc
SERVER > EHLO mypc
SERVER < 250-mydomain.com Hello mypc [192.168.0.151], pleased to meet you.
intercepting host response
CLIENT > 250-smtp.passthru
SERVER < 250-ENHANCEDSTATUSCODES
CLIENT > 250-ENHANCEDSTATUSCODES
SERVER < 250-SIZE
CLIENT > 250-SIZE
SERVER < 250-EXPN
CLIENT > 250-EXPN
SERVER < 250-ETRN
CLIENT > 250-ETRN
SERVER < 250-ATRN
CLIENT > 250-ATRN
SERVER < 250-DSN
CLIENT > 250-DSN
SERVER < 250-CHECKPOINT
filtered ESMTP feature: CHECKPOINT
SERVER < 250-8BITMIME
CLIENT > 250-8BITMIME
SERVER < 250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
CLIENT > 250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
SERVER < 250-AUTH=LOGIN
CLIENT > 250-AUTH=LOGIN
SERVER < 250-STARTTLS
filtered ESMTP feature: STARTTLS
SERVER < 250 HELP
CLIENT > 250 HELP
CLIENT < AUTH DIGEST-MD5
SERVER > AUTH DIGEST-MD5
SERVER < 334 mVhbG09ImdhbGlsZW8ubmV4bGlueC5uZXQucGsiLG5vbmNlPSJPVGMxTkdaaFlXWmlZalE0Iix
CLIENT > 334 mVhbG09ImdhbGlsZW8ubmV4bGlueC5uZXQucGsiLG5vbmNlPSJPVGMxTkdaaFlXWmlZalE0Iix
CLIENT < XNlcm5hbWU9ImFzaW0iLHJlYWxtPSJnYWxpbGVvLm5leGxpbngubmV0LnBrIixub25jZT0iT1RjMU5
SERVER > XNlcm5hbWU9ImFzaW0iLHJlYWxtPSJnYWxpbGVvLm5leGxpbngubmV0LnBrIixub25jZT0iT1RjMU5
SERVER < 501 5.7.0 Authentication failed
CLIENT > 501 5.7.0 Authentication failed
CLIENT < AUTH LOGIN
SERVER > AUTH LOGIN
SERVER < 334 VXNlcm5hbWU6
CLIENT > 334 VXNlcm5hbWU6
CLIENT < YXNpbUBnYWxpbGVvLm5leGxpbngubmV0LnBr
SERVER > YXNpbUBnYWxpbGVvLm5leGxpbngubmV0LnBr
SERVER < 334 UGFzc3dvcmQ6
CLIENT > 334 UGFzc3dvcmQ6
CLIENT < MTIzNDU2
SERVER > MTIzNDU2
SERVER < 235 2.0.0 Authentication successful
Client authenticated successfully
CLIENT > 235 2.0.0 Authentication successful
CLIENT < MAIL FROM: <[email protected]>
SERVER > MAIL FROM: <[email protected]>
SERVER < 250 2.1.0 <[email protected]>... Sender ok
CLIENT > 250 2.1.0 <[email protected]>... Sender ok
CLIENT < RCPT TO: <[email protected]>
SERVER > RCPT TO: <[email protected]>
SERVER < 250 2.1.5 <[email protected]>... Recipient ok; will forward
CLIENT > 250 2.1.5 <[email protected]>... Recipient ok; will forward
CLIENT < DATA
CLIENT > 354 Start mail input; end with <CRLF>.<CRLF>
created cache file: /tmp/bixHC8
wrote 2440 bytes to filter, read 0 bytes
filter exit code: 127
CLIENT > 550 Content Rejected; sh: From:: command not found
SERVER > RSET
SERVER < 250 2.0.0 Reset state
client=192.168.0.33, [email protected], [email protected], status=sh: From:: command not found
CLIENT < RSET
SERVER > RSET
SERVER < 250 2.0.0 Reset state
CLIENT > 250 2.0.0 Reset state
CLIENT < MAIL FROM: <[email protected]>
SERVER > MAIL FROM: <[email protected]>
SERVER < 250 2.1.0 <[email protected]>... Sender ok
CLIENT > 250 2.1.0 <[email protected]>... Sender ok
CLIENT < RCPT TO: <[email protected]>
SERVER > RCPT TO: <[email protected]>
SERVER < 250 2.1.5 <[email protected]>... Recipient ok; will forward
CLIENT > 250 2.1.5 <[email protected]>... Recipient ok; will forward
CLIENT < DATA
CLIENT > 354 Start mail input; end with <CRLF>.<CRLF>
created cache file: /tmp/Jh3Ic7
wrote 2437 bytes to filter, read 0 bytes
filter exit code: 127
CLIENT > 550 Content Rejected; sh: From:: command not found
SERVER > RSET
SERVER < 250 2.0.0 Reset state
client=192.168.0.33, [email protected], [email protected], status=sh: From:: command not found
CLIENT < QUIT
SERVER > QUIT
CLIENT connection closed
SERVER connection closed
waiting for threads to quit
cleaning up completed thread
两种诊断的区别如下。
客户端 < AUTH DIGEST-MD5 服务器 > AUTH DIGEST-MD5 服务器 < 334 cmVhbG09ImdhbGlsZW8ubmV4bGlueC5uZXQucGsiLG5vbmNlPSJPVGMxTkdaaFlXWmlZalE0Iix 客户端 > 334 cmVhbG09ImdhbGlsZW8ubmV4bGlueC5uZXQucGsiLG5vbmNlPSJPVGMxTkdaaFlXWmlZalE0Iix 客户端 < dXNlcm5hbWU9ImFzaW0iLHJlYWxtPSJnYWxpbGVvLm5leGxpbngubmV0LnBrIixub25jZT0iT1RjMU5 服务器 > dXNlcm5hbWU9ImFzaW0iLHJlYWxtPSJnYWxpbGVvLm5leGxpbngubmV0LnBrIixub25jZT0iT1RjMU5 服务器 < 501 5.7.0 身份验证失败 客户端 > 501 5.7.0 身份验证失败
这意味着 Microsoft Outlook 首先尝试身份验证方法“DIGEST-MD5”,这导致了问题。请提供任何帮助...
答案1
我看不出你的问题。你的服务器(不管是什么,但不是 Postfix)宣布250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN。允许所有给定的身份验证方法。当 Outlook 尝试以 DIGEST-MD5 加密形式发送密码时,你的身份验证服务器会拒绝此(密码或方法)。因此 Outlook 尝试下一个可能性,将其发送为成功。由于 ,AUTH LOGINOutlook Express 直接使用。这是有缺陷的 Outlook Express 的解决方法。AUTH LOGIN250-AUTH=LOGIN
然后您的过滤器会拒绝该邮件,因为它配置错误,因为它找不到扫描邮件所需的程序或文件(550 Content Rejected; sh: From:: command not found)
这是不是根本不是 Postfix 的问题。也不是 Outlook 或 Outlook Express 的问题。