我试图configuration我的家庭服务器来转发家庭iPhone的电子邮件。 为此,我在服务器的SASL数据库中创build了一个“用户”帐户,并configuration了sendmail以使用CRAM-MD5作为唯一的SASL机制。 在日志中(高度冗长)sendmail说:
AUTH: available mech=CRAM-MD5, allowed mech=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 当iPhone连接时,其authentication尝试似乎成功 (请参阅下面的交换)。 然而,电子邮件然后被拒绝,这完全困扰我…
<-- EHLO [192.168.1.171] --- 250-symbion.example.com Hello ... [...], pleased to meet you --- 250-ENHANCEDSTATUSCODES --- 250-PIPELINING --- 250-8BITMIME --- 250-SIZE --- 250-DSN --- 250-AUTH CRAM-MD5 --- 250-STARTTLS --- 250-DELIVERBY --- 250 HELP <-- AUTH CRAM-MD5 --- 334 PDEzOT....dG1hbi5jb20+ --- 235 2.0.0 OK Authenticated <-- MAIL FROM:<[email protected]> Authentication-Warning: symbion.example.com: Host ... [...] claimed to be [192.168.1.171] --- 403 4.7.0 authentication required ruleset=check_mail, arg1=<[email protected]>, relay=... [...], reject=403 4.7.0 authentication required <-- RCPT TO:<info@......> --- 503 5.0.0 Need MAIL before RCPT <-- DATA --- 503 5.0.0 Need MAIL command <-- QUIT --- 221 2.0.0 symbion.example.com closing connection
我的access数据库不大:
CERTISSUER:/MY/OWN/Certificate/Authority RELAY TLS_Clt:127.0.0.1 OK TLS_Clt:192.168.1 OK TLS_Clt: VERIFY:112 Try_TLS:127.0.0.1 NO Try_TLS:192.168.1 NO Connect:192.168.1 RELAY Connect:127.0.0.1 RELAY Srv_Features:127.0.0.1 SAV Srv_Features:192.168.1 SAV Srv_Features: sav
和本地调用的sendmail一样:
% sendmail -O LogLevel=14 -bs -Am 220 symbion.example.com ESMTP Sendmail 8.15.2/8.15.2; Fri, 27 Oct 2017 01:02:25 -0400 (EDT) AUTH CRAM-MD5 334 PDEwM....vbT4= cmlvc0BzeW1ia...JhYjU5 235 2.0.0 OK Authenticated MAIL FROM: mi@meow 403 4.7.0 authentication required
好的,这是罪魁祸首:
TLS_Clt: VERIFY:112
没有必要,实际上是有害的,因为愚蠢的iPhone不能被configuration为呈现客户端证书。 一旦我删除了上面的行,身份validation就开始同时工作,提供令人满意的证书, 并为CRAM-MD5提供预共享凭证。
( AUTH_OPTIONS部分被certificate是不相关的。)