我在 ubuntu 22.04 上使用 saslauthd 和 postfix 配置客户端身份验证时遇到一些问题。问题是,尽管用户存在,但用户未经过身份验证。这是我第一次设置 postfix 和 saslauthd,因此对于一些服务器故障高手来说这可能是显而易见的。
使用 mail 命令发送电子邮件工作正常。使用 telnet 一切看起来都不错,但使用具有身份验证的远程 SMTP 客户端时,它不起作用。我已经深度学习了 6 个小时,几乎要放弃了(今天)。
从远程服务器进行 telnet:
telnet mail.mydomain.com 25
Trying IP...
Connected to mail.mydomain.com.
Escape character is '^]'.
220 mail.mydomain.com ESMTP Postfix (Ubuntu)
EHLO mydomain.com
250-mail.mydomain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH SCRAM-SHA-1 SCRAM-SHA-256 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING
421 4.4.2 mail.mydomain.com Error: timeout exceeded
Connection closed by foreign host.
验证我创建的用户是否确实存在
testsaslauthd -u lukas -p mypassword -r mydomain.com
0: OK "Success."
/var/log/mail.log(请注意,即使上面刚刚成功测试,验证也会失败。
Mar 9 04:36:42 postfix/smtpd[42026]: warning: SASL authentication failure: Password verification failed
Mar 9 04:36:42 postfix/smtpd[42026]: warning: IPbredband.3.dk[IP]: SASL PLAIN authentication failed: authentication failure
Mar 9 04:36:42 postfix/smtpd[42026]: lost connection after AUTH from IP.bredband.3.dk[IP]
Mar 9 04:36:42 postfix/smtpd[42026]: disconnect from IP.bredband.3.dk[IP] ehlo=2 starttls=1 auth=0/1 commands=3/4
我目前正在尝试通过 nodemailer 的 SMTP 模块登录(这不应该是问题 - 但安全总比抱歉好):
import nodemailer from "nodemailer"
const transporter = nodemailer.createTransport({
host: "mail.mydomain.com",
port: 25,
secure: false, // Use `true` for port 465, `false` for all other ports
auth: {
user: "[email protected]”,
pass: “myapassword
},
});
router.post('/', async (req, res) => {
const info = await transporter.sendMail({
from: '"Maddison Foo Koch 👻" <username@mydomain>', // sender address
to: "[email protected]”, // list of receivers
subject: "Hello!", // Subject line
text: "Hello world?", // plain text body
html: "<b>Hello world?</b>", // html body
});
console.log("Message sent: %s", info.messageId);
return res.status(200).json({ data:"ok", info: JSON.stringify(info) });
});
/etc/postfix/master.cf(启用 chroot)
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
/etc/postfix/main.cf(高度相信此文件中有问题)
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 3.6
# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.mydomain.com/privkey.pem
smtpd_tls_security_level=may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# auth
#smtpd_sasl_path = smtpd
smtpd_sasl_type = cyrus
smtpd_sasl_path = var/run/saslauthd/mux
#smtpd_sasl_path = var/run/saslauthd/saslauthd/mux
#smtpd_sasl_path = /var/spool/postfix/var/run/saslauthd/saslauthd
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.mydomain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, mydomain.com, localhost.com, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
/etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
/etc/默认/saslauthd
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="sasldb"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/run/saslauthd"
此外, /var/run/saslauthd 和 /var/spool/postfix/var/run/saslauthd 之间存在符号链接
非常感谢任何提示或帮助!
解决方案是添加修改以下文件 /etc/default/saslauthd