我们的Zimbra服务器从昨天开始不适用于传出的外部邮件。 星期五,我安装了一些更新(壳震动和内核更新),重新启动,它工作正常。 但是自从昨天发送邮件到外部收件人停止工作。 内部邮件(不使用relay-MTA)工作。
由于我没有改变任何设置,我用swaks检查了远程服务器(Strato),结果如下: swaks -s smtp.strato.de -tls -p 587 -f [email protected] -t [email protected] -a -au [email protected] -ap xxxxxx
在/ opt / zimbra / conf / relay_password中列出了与-au和-ap列出的凭据相同的凭据
当通过Zimbra发送邮件时,我从/var/log/zimbra.log获得以下内容:
Oct 2 09:00:10 server postfix/smtp[8144]: 3952465A24A: to=<[email protected]>, relay=smtp.strato.de[81.169.145.133]:587, delay=0.55, delays=0.27/0.01/0.26/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.strato.de[81.169.145.133]: bad protocol / cancel)
Zimbra main.cf
mail_owner = postfix bounce_notice_recipient = postmaster content_filter = smtp-amavis:[127.0.0.1]:10024 smtp_sasl_security_options = noanonymous relayhost = smtp.strato.de:587 virtual_alias_expansion_limit = 10000 smtpd_sasl_authenticated_header = no smtp_helo_name = $myhostname broken_sasl_auth_clients = yes minimal_backoff_time = 300s sender_canonical_maps = proxy:ldap:/opt/zimbra/conf/ldap-scm.cf always_add_missing_headers = yes smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key smtpd_helo_required = yes virtual_transport = error sendmail_path = /opt/zimbra/postfix/sbin/sendmail smtpd_sasl_security_options = noanonymous smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_mynetworks, reject_unlisted_recipient, reject_non_fqdn_sender, permit smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_reject_unlisted_recipient = no bounce_queue_lifetime = 5d smtp_sasl_mechanism_filter = local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated smtpd_data_restrictions = reject_unauth_pipelining smtpd_milters = smtpd_tls_security_level = may smtpd_sender_restrictions = check_sender_access regexp:/opt/zimbra/postfix/conf/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, check_sender_access regexp:/opt/zimbra/postfix/conf/tag_as_foreign.re lmtp_host_lookup = dns delay_warning_time = 0h header_checks = queue_run_delay = 300s virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf notify_classes = resource,software command_directory = /opt/zimbra/postfix/sbin smtpd_client_restrictions = reject_unauth_pipelining smtpd_tls_auth_only = yes virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf mailq_path = /opt/zimbra/postfix/sbin/mailq smtpd_banner = $myhostname ESMTP $mail_name mynetworks = 127.0.0.0/8 192.168.117.0/24 [::1]/128 [fe80::]/64 lmtp_connection_cache_time_limit = 4s transport_maps = proxy:ldap:/opt/zimbra/conf/ldap-transport.cf virtual_alias_domains = proxy:ldap:/opt/zimbra/conf/ldap-vad.cf smtpd_sasl_auth_enable = yes smtpd_tls_loglevel = 1 maximal_backoff_time = 4000s virtual_mailbox_domains = proxy:ldap:/opt/zimbra/conf/ldap-vmd.cf inet_protocols = ipv4 non_smtpd_milters = daemon_directory = /opt/zimbra/postfix/libexec smtp_tls_security_level = alias_maps = hash:/etc/aliases setgid_group = postdrop smtp_cname_overrides_servername = no mydestination = localhost smtpd_end_of_data_restrictions = import_environment = myhostname = mail.example.com message_size_limit = 1048576000 recipient_delimiter = in_flow_delay = 1s smtpd_sasl_tls_security_options = $smtpd_sasl_security_options queue_directory = /opt/zimbra/data/postfix/spool propagate_unmatched_extensions = canonical manpage_directory = /opt/zimbra/postfix/man smtp_fallback_relay = smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt smtp_sasl_password_maps = hash:/opt/zimbra/conf/relay_password lmtp_connection_cache_destinations = newaliases_path = /opt/zimbra/postfix/sbin/newaliases smtp_sasl_auth_enable = yes mailbox_size_limit = 0 disable_dns_lookups = no
这是Zimbra 8.04。 任何提示?
编辑:发送邮件后更高的日志级别,这是我从zimbra.log得到:
Oct 2 09:26:51 server postfix/smtp[21000]: warning: SASL authentication failure: ServerSignature expected in SCRAM-SHA-1 input
正如其他人指出你的SMTP中继可能已经改变了一些东西。 看起来他们改变了广告的身份validation机制。
我不知道swaks告诉你它在输出中使用了哪种authentication机制,但你可以尝试指定一个authenticationtypes,看看你是否通过了。
digest-md5的参数是:
swaks -s smtp.strato.de -tls -p 587 -f [email protected] -t [email protected] -a digest-md5 -au [email protected] -ap xxxxxx
请参阅swaks 手册页以获取其他authenticationtypes(如SCRAM-SHA1)。
在Zimbra main.cf中,你可以通过设置下面的参数来指定auth-type(在你的configuration中是空的):
smtp_sasl_mechanism_filter = digest-md5
如果这没有帮助,也许你错过了你的系统上的一个软件包 。