服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Trac通知(smtp)和Postfix
Intereting Posts
在一百台EC2服务器上部署/更新/控制Windows服务的最佳方式是什么? Apache2:400重写规则的错误请求,错误日志中没有任何内容? 我可以使用AWS ES与Graylog2集成吗? 在FreeBSD 10中改变CARP 如何知道是谁创build了Hyper-V guest? VPS托pipe没有操作系统? 冗余的独立备份解决scheme,适用于一小部分信息 Windows Server 2008 R2(集群) – 时间同步问题 Skype for Business Web客户端使用哪些端口? 为什么我在日志中得到这个错误? 如果用完内存并交换,会发生什么情况? 虚拟化的性能影响 木偶的自动生成的证书失败 Windows Server 2008 R2与龟SVN Apache SSL安装

Trac通知(smtp)和Postfix

我有两个独立的Ubuntu 12.04服务器。

  1. 运行Trac(homeserver / Dyndns)
  2. 运行后缀(VPS / staticIP)

我configurationtrac使用TLS并连接到postfix服务器。

Tracconfiguration: 

admit_domains = always_notify_owner = true always_notify_reporter = true always_notify_updater = true ambiguous_char_width = single email_sender = SmtpEmailSender ignore_domains = mime_encoding = base64 sendmail_path = sendmail smtp_always_bcc = smtp_always_cc = [email protected] smtp_default_domain = smtp_enabled = true smtp_from = [email protected] smtp_from_name = Trac smtp_password = randompassstring== smtp_port = 587 smtp_replyto = [email protected] smtp_server = vps.idev.ge smtp_subject_prefix = __default__ smtp_user = [email protected] ticket_subject_template = $prefix #$ticket.id: $summary use_public_cc = false use_short_addr = false use_tls = true

当我尝试发送通知时,Trac说: 

 ERROR: Failure sending notification on change to ticket #1: SMTPAuthenticationError: (535, '5.7.8 Error: authentication failed: authentication failure')

Postfix说: 

 Anonymous TLS connection established from unknown[78.139.167.29]: TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) warning: SASL authentication failure: incorrect digest response warning: unknown[78.139.167.29]: SASL CRAM-MD5 authentication failed: authentication failure

postconf -n输出是 

 alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix content_filter = amavis:[127.0.0.1]:10024 delay_warning_time = 4h disable_vrfy_command = yes inet_interfaces = all local_recipient_maps = mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 masquerade_domains = vps.idev.ge www.idev.ge !sub.idev.ge maximal_backoff_time = 8000s maximal_queue_lifetime = 7d minimal_backoff_time = 1000s mydestination = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mynetworks_style = host myorigin = vps.idev.ge proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps readme_directory = no recipient_delimiter = + relayhost = smtp_helo_timeout = 60s smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_tls_note_starttls_offer = yes smtp_tls_security_level = may smtpd_banner = $myhostname ESMTP $mail_name smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl smtpd_data_restrictions = reject_unauth_pipelining smtpd_delay_reject = yes smtpd_hard_error_limit = 12 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_recipient_limit = 16 smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:::1:10023, permit smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit smtpd_soft_error_limit = 3 smtpd_tls_CAfile = /etc/apache2/ssl/vps.idev.ge/PositiveSSLCA2.crt smtpd_tls_cert_file = /etc/apache2/ssl/vps.idev.ge/vps.idev.ge.crt smtpd_tls_key_file = /etc/apache2/ssl/vps.idev.ge/vps.idev.ge.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 450 virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /var/spool/mail/virtual virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf virtual_maildir_extended = yes virtual_maildir_limit_message = Sorry, the user's maildir has no space available in their inbox. virtual_overquota_bounce = yes virtual_uid_maps = static:5000

有什么想法发生在这里?

testing: 

 openssl s_client -starttls smtp -crlf -connect vps.idev.ge:587

AUTH PLAIN, AUTH LOGIN工作正常。 看来CRAM-MD5DIGEST-MD5不能正常工作。

Trac看到更好的方法是试图使用它们,但faild。 在trac中没有回退机制。

临时修复/etc/postfix/sasl/smtpd.con 

 #mech_list: plain login cram-md5 digest-md5 mech_list: plain login

显然这不是一个好的解决scheme。 好的一个是修复CRAM-MD5和DIGEST-MD5。 但这会暂时做。