我最近升级了我的服务器(Ubuntu 12.03),今天我注意到SMTP不再提供authentication。
我的设置是使用虚拟邮箱+ MySQL。
Telnet会话:
telnet mail.mydomain.net 25 Connected to mail.mydomain.net. Escape character is '^]'. 220 mail.mydomain.net ESMTP Postfix (Ubuntu) ehlo test-domain.com 250-mail.mydomain.net 250-PIPELINING 250-SIZE 402400000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN 但是,我无法确定在哪里debugging问题。 (编辑:幸运的是,中继仍然被禁止,我的testing是有缺陷的)。
我的相关后缀configuration:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtp_tls_note_starttls_offer = yes # Strip internal IPs and hostnames header_checks = regexp:/etc/postfix/header_checks smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_sender_login_mismatch, reject_unknown_sender_domain smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_sasl_authenticated, reject_unauth_destination, permit_mynetworks #virtual_create_maildirsize = yes #virtual_maildir_extended = yes proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps virtual_transport = dovecot dovecot_destination_recipient_limit = 1 content_filter = smtp-amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_tls_auth_only = yes smtpd_tls_received_header = yes smtpd_tls_mandatory_protocols = SSLv3, TLSv1 #smtpd_tls_mandatory_ciphers = medium tls_random_source = dev:/dev/urandom
和Dovecot(2.x)的相关部分:
ssl_cert_file = /etc/ssl/certs/dovecot.pem ssl_key_file = /etc/ssl/private/dovecot.pem auth_mechanisms = plain login service auth { user = root unix_listener /var/spool/postfix/private/auth { user = postfix group = postfix mode = 0660 } unix_listener auth-master { user = vmail mode = 0600 } } passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf } userdb { driver = static args = uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes }
在/ etc /默认/ saslauthd:
START=yes DESC="SASL Authentication Daemon" NAME="saslauthd" MECHANISMS="pam" MECH_OPTIONS="" THREADS=5 OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
/etc/pam.d/smtp:
auth required pam_mysql.so user=mailadmin passwd=PASSWORD host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1 account sufficient pam_mysql.so user=mailadmin passwd=PASSWORD host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
在Debian Wheezy虚拟机上,同样的设置工作,所以我不知道错误在哪里。 请注意,在IMAP /邮件服务器端validation完美。
原因是升级改变了我的configuration而不知道。
设置的东西
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_non_fqdn_hostname reject_invalid_hostname reject_unauth_pipelining reject_unknown_sender_domain reject_rbl_client bl.spamcop.net reject_rbl_client zen.spamhaus.org smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain check_sender_access hash:/etc/postfix/sender_access smtpd_tls_auth_only = yes smtpd_tls_security_level = encrypt
恢复了以前的行为(具体来说, permit_mynetworks中不再存在permit_mynetworks)。