看起来我没有SASL支持,但是我已经检查了我的configuration对所有的在线教程,这对我来说似乎很好。 我也检查了/var/log/mail.log ,里面没有“SASL”这个词。
telnet localhost 25 Trying ::1... Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 GOD ehlo localhost 250-mail.local 250-PIPELINING 250-SIZE 30720000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
虽然它也应该吐出这样的东西:
250-AUTH NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5 250-AUTH=NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
SASL守护进程已启动:
ps aux | grep sasl root 10219 0.0 0.2 77836 2368 ? Ss 04:56 0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
文件/ etc / default / saslauthd似乎没问题:
START=yes NAME="saslauthd" MECHANISMS="pam" THREADS=5 OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
/var/spool/postfix/var/run/saslauthd好看:
ls -l /var/spool/postfix/var/run/saslauthd -rw-rw---- 1 root sasl 0 Aug 22 04:56 cache.flock -rw-rw---- 1 root sasl 986112 Aug 22 05:08 cache.mmap srw-rw---- 1 root sasl 0 Aug 22 04:56 mux -rw-rw---- 1 root sasl 0 Aug 22 04:56 mux.accept -rw-rw---- 1 root sasl 6 Aug 22 04:56 saslauthd.pid
用户postfix是组sasl一部分:
getent group sasl sasl:x:45:postfix
/etc/postfix/sasl/smtpd.conf看起来不错:
pwcheck_method: saslauthd mech_list: plain login allow_plaintext: true auxprop_plugin: mysql sql_hostnames: 127.0.0.1 sql_user: mail sql_passwd: mail sql_database: mail sql_select: select password from users where email = '%u'
我的/etc/postfix/main.cf文件的一部分:
smtpd_use_tls = yes smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_tls_ask_ccert = yes smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_protocols = SSLv3, TLSv1 tls_random_source = dev:/dev/urandom smtp_use_tls = yes smtp_tls_cert_file = /etc/postfix/smtpd.cert smtp_tls_key_file = /etc/postfix/smtpd.key myhostname = mail.local smtpd_sasl_local_domain = $myhostname smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
我的/etc/postfix/master.cf的一部分:
smtp inet n - - - - smtpd -o cleanup_service_name=subcleanup -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o cleanup_service_name=subcleanup -o milter_macro_daemon_name=ORIGINATING -o smtpd_tls_wrappermode=yes
我的/etc/dovecot/dovecot.con文件的一部分:
disable_plaintext_auth = yes ssl = required auth default { user = root mechanisms = plain login passdb sql { args = /etc/dovecot/dovecot-sql.conf } userdb static { args = uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes } socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 user = vmail } client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } }
根据Postfix文档 , smtpd_tls_auth_only = yes表示您的smtpd将仅在启动TLS(使用STARTTLS )并执行握手之后提供AUTH。
要testing你的服务器,你可以使用openssl
openssl s_client -starttls smtp -crlf -connect 192.0.2.1:25