我可能会在这里完全错误地吠叫,但我仍然会问。
我已经按照教程在Ubuntu 14.04上安装了Postfix,dovecot和mysql。
现在我已经设置了mailgun来以安全/可靠的方式处理发送电子邮件 (又名relayhost)。
我的问题是我的现有电子邮件帐户的用户名/密码由于某种原因停止工作(从CLI发送电子邮件仍然在服务器上工作),我想知道是否有可能以某种方式configuration邮件凭据不会干扰现有的用户/密码。
这是继电器之前我的master.cf模型
# See /usr/share/postfix/main.cf.dist for a commented, more complete version # The first text sent to a connecting process. smtpd_banner = $myhostname ESMTP $mail_name biff = no # appending .domain is the MUA's job. append_dot_mydomain = no readme_directory = no # --------------------------------- # SASL parameters # --------------------------------- # Use Dovecot to authenticate. smtpd_sasl_type = dovecot # Referring to /var/spool/postfix/private/auth smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = smtpd_sasl_authenticated_header = yes # --------------------------------- # TLS parameters # --------------------------------- # The default snakeoil certificate. Comment if using a purchased # SSL certificate. smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key # Uncomment if using a purchased SSL certificate. # smtpd_tls_cert_file=/etc/ssl/certs/example.com.crt # smtpd_tls_key_file=/etc/ssl/private/example.com.key # The snakeoil self-signed certificate has no need for a CA file. But # if you are using your own SSL certificate, then you probably have # a CA certificate bundle from your provider. The path to that goes # here. # smtpd_tls_CAfile=/etc/ssl/certs/ca-bundle.crt # Ensure we're not using no-longer-secure protocols. smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3 smtp_tls_note_starttls_offer = yes smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom #smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache #smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # Note that forcing use of TLS is going to cause breakage - most mail servers # don't offer it and so delivery will fail, both incoming and outgoing. This is # unfortunate given what various governmental agencies are up to these days. # # Enable (but don't force) all incoming smtp connections to use TLS. smtpd_tls_security_level = may # Enable (but don't force) all outgoing smtp connections to use TLS. smtp_tls_security_level = may # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. # --------------------------------- # TLS Updates relating to Logjam SSL attacks. # See: https://weakdh.org/sysadmin.html # --------------------------------- smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3- SHA smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem # --------------------------------- # SMTPD parameters # --------------------------------- # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h # will it be a permanent error or temporary unknown_local_recipient_reject_code = 450 # how long to keep message on queue before return as failed. # some have 3 days, I have 16 days as I am backup server for some people # whom go on holiday with their server switched off. maximal_queue_lifetime = 7d # max and min time in seconds between retries if connection failed minimal_backoff_time = 1000s maximal_backoff_time = 8000s # how long to wait when servers connect before receiving rest of data smtp_helo_timeout = 60s # how many address can be used in one message. # effective stopper to mass spammers, accidental copy in whole address list # but may restrict intentional mail shots. smtpd_recipient_limit = 16 # how many error before back off. smtpd_soft_error_limit = 3 # how many max errors before blocking it. smtpd_hard_error_limit = 12 # This next set are important for determining who can send mail and relay mail # to other servers. It is very important to get this right - accidentally producing # an open relay that allows unauthenticated sending of mail is a Very Bad Thing. # # You are encouraged to read up on what exactly each of these options accomplish. # Requirements for the HELO statement smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit # Requirements for the sender details smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit # Requirements for the connecting server smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl # Requirement for the recipient address. Note that the entry for # "check_policy_service inet:127.0.0.1:10023" enables Postgrey. smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit smtpd_data_restrictions = reject_unauth_pipelining # This is a new option as of Postfix 2.10, and is required in addition to # smtpd_recipient_restrictions for things to work properly in this setup. smtpd_relay_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit # require proper helo at connections smtpd_helo_required = yes # waste spammers time before rejecting them smtpd_delay_reject = yes disable_vrfy_command = yes # --------------------------------- # General host and delivery info # ---------------------------------- myhostname = mail.example.com myorigin = /etc/hostname # Some people see issues when setting mydestination explicitly to the server # subdomain, while leaving it empty generally doesn't hurt. So it is left empty here. # mydestination = mail.example.com, localhost mydestination = # If you have a separate web server that sends outgoing mail through this # mailserver, you may want to add its IP address to the space-delimited list in # mynetworks, eg as 10.10.10.10/32. mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all mynetworks_style = host # This specifies where the virtual mailbox folders will be located. virtual_mailbox_base = /var/vmail # This is for the mailbox location for each user. The domainaliases # map allows us to make use of Postfix Admin's domain alias feature. virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf # and their user id virtual_uid_maps = static:150 # and group id virtual_gid_maps = static:8 # This is for aliases. The domainaliases map allows us to make # use of Postfix Admin's domain alias feature. virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/mysql_virtual_alias_domainaliases_maps.cf # This is for domain lookups. virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf # --------------------------------- # Integration with other packages # --------------------------------------- # Tell postfix to hand off mail to the definition for dovecot in master.cf virtual_transport = dovecot dovecot_destination_recipient_limit = 1 # Use amavis for virus and spam scanning content_filter = amavis:[127.0.0.1]:10024 # --------------------------------- # Header manipulation # -------------------------------------- # Getting rid of unwanted headers. See: https://posluns.com/guides/header-removal/ header_checks = regexp:/etc/postfix/header_checks # getting rid of x-original-to enable_original_recipient = no 这是我已经添加到postfix的master.cf通过mailgun中继
relayhost = smtp.mailgun.org smtp_sasl_auth_enable = yes smtp_sasl_password_maps = static:[email protected]:password smtp_sasl_security_options = noanonymous
只有其他改变的是通过letsencrypt.org生成的证书
总结:有没有一种方法可以保护用户的凭据,并使用mailgun发送邮件? (无需通过CLI创build每个帐户)
感谢先进的任何帮助,请让我知道,如果有什么不清楚,或者如果需要更多的信息。
更新添加错误消息 :
Dec 14 19:24:47 mail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=190.18.xx, lip=172.31.xx, mpid=24023, TLS, session=<ak1PoOAmqQC+EoSW> Dec 14 19:24:48 mail postfix/smtpd[24014]: Anonymous TLS connection established from unknown[190.18.xx]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) Dec 14 19:24:50 mail postfix/smtpd[24014]: warning: unknown[190.18.xx]: SASL PLAIN authentication failed: Dec 14 19:24:50 mail postfix/smtpd[24014]: lost connection after AUTH from unknown[190.18.xx] Dec 14 19:24:50 mail postfix/smtpd[24014]: disconnect from unknown[190.18.xx]
在添加smtp中继之前,用户可以使用带有生成凭据的imap / smtp。 我最好的猜测是后缀正尝试使用该用户:通过configuration为中继。