我正在从旧的CentOS迁移到新的Ubuntu服务器。
我有一个在CentOS上工作的Postfix / Dovecot / PostfixAdmin / SpamAssassin / Clamav系统,我试图在新的服务器上简单地复制相同的设置。
我有POP3login与Dovecot和PostfixAdmin MySQL数据库。
但是,我无法获得SMTP身份validation发生。
目前,我还没有安装clamav或SpamAssassin,因为我只是想获得基本的电子邮件工作。
当我尝试从terminal进行SMTP身份validation时:
$ telnet 54.215.191.120 25 Trying 54.215.191.120... Connected to 54.215.191.120. Escape character is '^]'. 220 ip-172-31-0-22.us-west-1.compute.internal ESMTP Postfix (Ubuntu) ehlo craigfratelli.com 250-ip-172-31-0-22.us-west-1.compute.internal 250-PIPELINING 250-SIZE 10240000 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth plain AGluZm8uY29tAGFnbmVzMTkwNDA3 535 5.7.8 Error: authentication failed: 问题在日志文件输出中清楚:
SELECT username as user, password, '/var/spool/mail/virtual//info.com' as userdb_home, 'maildir:/var/spool/mail/virtual//info.com' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = 'info.com' AND active = '1' May 05 01:01:31 auth-worker(9654): Info: sql(info.com,76.91.191.145): unknown user
正如在Dovecot在日志文件中运行的SQL中所看到的,%d,%u和%n的值是错误的。 这里是SQL模板:
user_query = SELECT '/var/spool/mail/virtual/%d/%n' as home, 'maildir:/var/spool/mail/virtual/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1' password_query = SELECT username as user, password, '/var/spool/mail/virtual/%d/%n' as userdb_home, 'maildir:/var/spool/mail/virtual/%d/%n' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
这是输出不正确的SQL – 即“info.com”,而不是正确的“[email protected]”。
我正在使用以下来生成我的base64编码的string:
perl -MMIME::Base64 -e 'print encode_base64("[email protected]");' perl -MMIME::Base64 -e 'print encode_base64("<redacted>");'
这里有一些相关的configuration文件。
dovecot -n产量
auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes disable_plaintext_auth = no info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log login_greeting = Welcome to Aaron's mail server. mail_debug = yes mail_gid = 5000 mail_uid = 5000 passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } protocols = imap pop3 service auth-worker { user = virtual } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { mode = 0600 user = virtual } } service imap-login { chroot = login client_limit = 256 executable = /usr/lib/dovecot/imap-login inet_listener imap { address = * port = 143 } inet_listener imaps { address = * port = 993 } process_limit = 128 process_min_avail = 2 service_count = 1 } service imap { executable = /usr/lib/dovecot/imap } service pop3-login { chroot = login client_limit = 256 executable = /usr/lib/dovecot/pop3-login inet_listener pop3 { address = * port = 110 } inet_listener pop3s { address = * port = 995 } process_limit = 128 process_min_avail = 2 service_count = 1 } service pop3 { executable = /usr/lib/dovecot/pop3 } ssl_ca = </etc/postfix/ssl/smtpd.pem ssl_cert = </etc/postfix/ssl/smtpd.pem ssl_key = </etc/postfix/ssl/smtpd.pem userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep imap_max_line_length = 64 k mail_plugins = quota } protocol pop3 { pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv }
和我的main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no append_dot_mydomain = no readme_directory = no smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = ip-172-31-0-22.us-west-1.compute.internal alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = aaroncraig.com myorigin = aaroncraig.com mydestination = relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /var/spool/mail/virtual virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 5000 virtual_transport = virtual virtual_uid_maps = static:5000 smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = aaroncraig.com smtpd_sasl_type = dovecot smtpd_sasl_path = /var/spool/postfix/private/auth smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit smtpd_helo_required = yes unknown_local_recipient_reject_code = 550 disable_vrfy_command = yes smtpd_data_restrictions = reject_unauth_pipelining
最后,3个用于后缀的sql映射文件:
mysql_virtual_alias_maps.cf
hosts = localhost user = postfix password = [redacted] dbname = postfix table = alias select_field = goto where_field = address additional_conditions = and active = '1'
mysql_virtual_domains_maps.cf
hosts = localhost user = postfix password = [redacted] dbname = postfix table = domain select_field = domain where_field = domain additional_conditions = and backupmx = '0' and active = '1'
mysql_virtual_mailbox_maps.cf
hosts = localhost user = postfix password = [redacted] dbname = postfix table = mailbox select_field = maildir where_field = username additional_conditions = and active = '1'
经过一天的盯着看,我看不出有什么问题。 任何帮助表示赞赏!
在后缀/ dovecot方面,一切看起来都不错。 另一方面,基数为64的string看起来很可疑。 试图解码它利兹像“info.com agnes190407”,而我期望像“[email protected]”。 你使用ms像域名? 什么客户应该这样做?