我取消了/etc/postfix/master.cf的“提交”部分的注释,并且我的防火墙在端口587上打开。
尝试使用TLS通过端口587提交消息时出现以下错误:
Sep 30 13:41:05 mailer postfix/smtpd[7577]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory Sep 30 13:41:05 mailer postfix/smtpd[7577]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory Sep 30 13:41:05 mailer postfix/smtpd[7577]: warning: SASL authentication failure: no secret in database Sep 30 13:41:05 mailer postfix/smtpd[7577]: warning: unknown[66.109.xxx.xxx]: SASL CRAM-MD5 authentication failed: authentication failure
我有saslauthd工作正常的端口25.这里是/etc/postfix/sasl/smtpd.conf的内容:
pwcheck_method: saslauthd auxprop_plugin: sasldb saslauthd_path: /var/run/saslauthd/mux mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
我以为我应该复制这个文件到另一个在同一个目录中,并将其称为submission.conf ,但似乎没有做任何事情。
我已经重新启动saslauthd和后缀没有任何效果。
这是我的/etc/postfix/main.cf :
# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = mailer.domain.com #mydomain = mailer.domain.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = mailer.domain.com relayhost = mynetworks = 66.109.xxx.xxx, 127.0.0.0/8, 66.45.29.0/24, 66.9.31.0/24 mailbox_size_limit = 0 #smtpd_client_restrictions = permit_mynetworks, reject #smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination recipient_delimiter = + inet_interfaces = all notify_classes = bounce, 2bounce, delay, policy protocol, resource, software smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous,noplaintext smtpd_sasl_application_name = smtpd smtpd_sasl_local_domain = mailer.rdny.com broken_sasl_auth_clients = no smtpd_recipient_restrictions = permit_mynetworks,reject_unlisted_recipient,reject_non_fqdn_sender,reject_unknown_sender_domain,permit_sasl_authenticated,reject_unauth_destination,check_policy_service inet:127.0.0.1:60000,reject
理想情况下,我希望saslauthd在25和587端口上工作。任何人都可以给我一些指导,告诉我如何做到这一点?
编辑:这是我的master.cf以及。
# # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - - - - smtpd submission inet n - - - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING #smtps inet n - - - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - - 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - - - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - nn - - local virtual unix - nn - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - nn - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # See the Postfix UUCP_README file for configuration details. # uucp unix - nn - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - nn - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - nn - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - nn - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - nn - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} ### dkimproxy filter - see http://dkimproxy.sourceforge.net/postfix-outbound-howto.html # # modify the default submission service to specify a content filter # and restrict it to local clients and SASL authenticated clients only # smtp inet n - n - - smtpd -o smtpd_etrn_restrictions=reject -o smtpd_sasl_auth_enable=yes -o content_filter=dksign:[127.0.0.1]:10028 -o receive_override_options=no_address_mappings -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject # specify the location of the DKIM signing proxy # Note: the smtp_discard_ehlo_keywords option requires a recent version of # Postfix. Leave it off if your version does not support it. dksign unix - - n - 10 smtp -o smtp_send_xforward_command=yes -o smtp_discard_ehlo_keywords=8bitmime,starttls # service for accepting messages FROM the DKIM signing proxy 127.0.0.1:10029 inet n - n - 10 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8
您的SASL身份validation可能无法正常工作:日志摘录显示源IP为66.109.xy,而且这个mynetworks也位于mynetworks 。 由于在您的smtpd_recipient_restrictions中,您的smtpd_recipient_restrictions在permit_mynetworks之前,您的testing客户端可能永远permit_sasl_authenticatedvalidation自己。
请设置第五列提交,在master.cf中将smtpd设置为“n”,以删除这两个服务的chroot并重新启动(不重新加载!)Postfix – 在validation/etc/sasldb2存在并且postfix用户可以读取它(并确保它包含有效的login数据!)。
如果你在提交的时候跳过所有的-o smptd_的东西,它是否工作? 即使您可能暂时是一个开放的继电器,我也会在没有这些设置的情况下testing中继。 一旦你知道你实际上可以在587端口上传递,我会一次添加一个。
您可能还想在main.cf中设置smtpd_tls_loglevel = 3。 记得稍后再发表评论。