ram khanal's questions

由于我一直在构建邮件服务器，因此我有另一个问题正在处理中，我无法在谷歌中找到，所以我期待我会在这里得到答案

所以更新是我创建了一个带有后缀的邮件服务器，使用 cyrus 使用 sasl 进行身份验证，现在我在其中附加了一个 imap 服务器，所以对于我使用 dovecot 的过程。

到目前为止，我发现我的 smtp 设置很好并且可以按我的意愿工作，但是 dovecot 是否存在一些错误

我的配置如下

postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = localhost, <interface ip>
inet_protocols = ipv4
local_recipient_maps = mysql:/etc/postfix/mysql-local.cf
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = ossnepal.com
myhostname = fqdn.mydomain.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/fqdn.mydomain.com/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/fqdn.mydomain.com/privkey.pem
smtpd_tls_security_level = encrypt
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-alias.cf, mysql:/etc/postfix/mysql-check_email.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-users.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp

百胜安装鸽舍*

鸽舍-n

# 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
    # Pigeonhole version 0.4.24 (124e06aa)
    # OS: Linux 3.10.0-1160.15.2.el7.x86_64 x86_64 CentOS Linux release 7.9.2009 (Core) xfs
    # Hostname: fqdn.mydomain.com
    auth_mechanisms = plain login
    first_valid_uid = 1000
    mail_gid = vmail
    mail_location = maildir:/var/vmail/%d/%n
    mail_privileged_group = vmail
    mail_uid = vmail
    managesieve_notify_capability = mailto
    managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
    mbox_write_locks = fcntl
    namespace inbox {
      inbox = yes
      location = 
      mailbox Drafts {
        special_use = \Drafts
      }
      mailbox Junk {
        special_use = \Junk
      }
      mailbox Sent {
        special_use = \Sent
      }
      mailbox "Sent Messages" {
        special_use = \Sent
      }
      mailbox Trash {
        special_use = \Trash
      }
      prefix = 
    }
    passdb {
      driver = pam
    }
    passdb {
      args = /etc/dovecot/dovecot-sql.conf.ext
      driver = sql
    }
    plugin {
      sieve = file:~/sieve;active=~/.dovecot.sieve
    }
    service auth-worker {
      user = vmail
    }
    service auth {
      unix_listener /var/spool/postfix/private/auth {
        group = postfix
        mode = 0600
        user = postfix
      }
      unix_listener auth-userdb {
        mode = 0600
        user = vmail
      }
      user = dovecot
    }
    service imap-login {
      inet_listener imaps {
        port = 993
        ssl = yes
      }
    }
    service lmtp {
      unix_listener /var/spool/postfix/private/dovecot-lmtp {
        group = postfix
        mode = 0600
        user = postfix
      }
    }
    service pop3-login {
      inet_listener pop3s {
        port = 995
        ssl = yes
      }
    }
    ssl = required
    ssl_cert = </etc/letsencrypt/live/fqdn.mydomain.com/fullchain.pem
    ssl_key =  # hidden, use -P to show it
    userdb {
      driver = passwd
    }
    userdb {
      args = uid=vmail gid=vmail home=/var/vmail/%d/%n allow_all_users=yes
      driver = static
    }

猫 /etc/dovecot/dovecot-sql.conf.ext

driver = mysql
connect = host=127.0.0.1 dbname=mailserver user=user password=secret
default_pass_scheme = SHA512-CRYPT
password_query = SELECT email as user, password FROM users WHERE email='%u';

tail -f /var/log/maillog

Feb 12 16:02:42 fqdn postfix/smtpd[9116]: connect from unknown[212.70.149.71]
Feb 12 16:02:43 fqdn postfix/smtpd[9116]: disconnect from unknown[212.70.149.71]
Feb 12 16:03:14 fqdn postfix/smtpd[9135]: connect from unknown[192.168.1.1]
Feb 12 16:03:14 fqdn postfix/smtpd[9131]: connect from unknown[192.168.1.1]
Feb 12 16:03:14 fqdn postfix/smtpd[9147]: connect from unknown[192.168.1.1]
Feb 12 16:03:14 fqdn postfix/smtpd[9137]: connect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9116]: connect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9136]: connect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn dovecot: imap-login: Aborted login (no auth attempts in 1 secs): user=<>, rip=192.168.1.1, lip=111.11.11.22, session=</BNE9CC7qOl0WuTK>
Feb 12 16:03:15 fqdn postfix/smtpd[9135]: improper command pipelining after EHLO from unknown[192.168.1.1]: QUIT\r\n
Feb 12 16:03:15 fqdn postfix/smtpd[9131]: improper command pipelining after EHLO from unknown[192.168.1.1]: QUIT\r\n
Feb 12 16:03:15 fqdn postfix/smtpd[9131]: disconnect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9135]: disconnect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn dovecot: imap-login: Aborted login (no auth attempts in 1 secs): user=<>, rip=192.168.1.1, lip=111.11.11.22, session=<LBZE9CC7qul0WuTK>
Feb 12 16:03:15 fqdn postfix/smtpd[9137]: improper command pipelining after EHLO from unknown[192.168.1.1]: QUIT\r\n
Feb 12 16:03:15 fqdn postfix/smtpd[9147]: improper command pipelining after EHLO from unknown[192.168.1.1]: QUIT\r\n
Feb 12 16:03:15 fqdn postfix/smtpd[9136]: improper command pipelining after EHLO from unknown[192.168.1.1]: QUIT\r\n
Feb 12 16:03:15 fqdn postfix/smtpd[9116]: improper command pipelining after EHLO from unknown[192.168.1.1]: QUIT\r\n
Feb 12 16:03:15 fqdn postfix/smtpd[9147]: disconnect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9136]: disconnect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9137]: disconnect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9116]: disconnect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9135]: connect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9148]: connect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn dovecot: pop3-login: Aborted login (no auth attempts in 1 secs): user=<>, rip=192.168.1.1, lip=111.11.11.22, session=<xxxE9CC7qel0WuTK>
Feb 12 16:03:15 fqdn postfix/smtpd[9135]: lost connection after CONNECT from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9148]: lost connection after CONNECT from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9135]: disconnect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9148]: disconnect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn dovecot: pop3-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.1.1, lip=111.11.11.22, session=<ME1E9CC7q+l0WuTK>



Feb 12 16:03:56 fqdn dovecot: imap-login: Disconnected (auth failed, 3 attempts in 20 secs): user=<user>, method=PLAIN, rip=192.168.1.1, lip=111.11.11.22, TLS, session=<KPmR9SC7tOl0WuTK>
Feb 12 16:04:16 fqdn dovecot: imap-login: Disconnected (auth failed, 3 attempts in 20 secs): user=<[email protected]>, method=PLAIN, rip=192.168.1.1, lip=111.11.11.22, TLS, session=<BRG99iC7tel0WuTK>

我已允许数据库 993,995,143,80,443,25,587,465,110 中的每个必需端口.....

我的表结构与此站点一样

http://blog.vettore.org/centos-7-or-rhel-very-simple-configuration-of-a-mailserver-with-postfix-dovecot-mysql-part-1/

我已按照本文进行设置

https://www.linode.com/docs/guides/email-with-postfix-dovecot-and-mariadb-on-centos-7/

所以我一直在构建一个邮件服务器，我已经设置了 postfix 和一个数据库，现在我想要的是 cyrus 应该从我已经设置了一个数据库的数据库中验证我的邮件服务器用户，现在我遇到了一些问题

yum -y install cyrus-sasl*

我的后缀 -n 看起来像这样

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
cyrus_sasl_config_path = /etc/sasl2/
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = localhost, 192.168.1.1
inet_protocols = ipv4
local_recipient_maps = mysql:/etc/postfix/mysql-local.cf
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = domain.com
myhostname = my.domain.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
smtpd_tls_key_file = /etc/postfix/ssl/server.key
smtpd_tls_security_level = may
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-aliases.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-users.cf

我的 postconf -M 看起来像这样

smtp       inet  n       -       n       -       -       smtpd
submission inet  n       -       n       -       -       smtpd 
-o smtpd_sasl_security_options=noanonymous
 -o smtpd_sasl_auth_enable=yes 
-o broken_sasl_auth_clients=yes 
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject 
-o milter_macro_daemon_name=ORIGINATING
smtps      inet  n       -       n       -       -       smtpd
 -o smtpd_sasl_security_options=noanonymous 
-o smtpd_sasl_auth_enable=yes 
-o broken_sasl_auth_clients=yes 
-o syslog_name=postfix/smtps 
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject 
-o milter_macro_daemon_name=ORIGINATING
pickup     unix  n       -       n       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache

}

猫 /etc/sasl2/smtpd.conf

{

pwcheck_method: saslauthd
auxprop_plugin: mysql
mech_list: PLAIN LOGIN
sql_engine: mysql
sql_hostnames: 127.0.0.1, localhost
sql_user: postfix
sql_passwd: password
sql_database: server
sql_select: SELECT password FROM users WHERE email = '%u'

}

现在的问题是当我尝试从 mysql 时，我无法验证数据库的用户

猫 /etc/imapd.conf

configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN
allowplaintext: no
defaultdomain: mail
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
# uncomment this if you're operating in a DSCP environment (RFC-4594)
# qosmarking: af13

猫 /etc/cyrus.conf

# standard standalone server implementation

START {
  # do not delete this entry!
  recover       cmd="ctl_cyrusdb -r"

  # this is only necessary if using idled for IMAP IDLE
  idled         cmd="idled"
}

# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
  # add or remove based on preferences
  imap          cmd="imapd" listen="imap" prefork=5
  imaps         cmd="imapd -s" listen="imaps" prefork=1
  pop3          cmd="pop3d" listen="pop3" prefork=3
  pop3s         cmd="pop3d -s" listen="pop3s" prefork=1
  sieve         cmd="timsieved" listen="sieve" prefork=0

  # these are only necessary if receiving/exporting usenet via NNTP
#  nntp         cmd="nntpd" listen="nntp" prefork=3
#  nntps                cmd="nntpd -s" listen="nntps" prefork=1

  # at least one LMTP is required for delivery
#  lmtp         cmd="lmtpd" listen="lmtp" prefork=0
  lmtpunix      cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1

  # this is only necessary if using notifications
#  notify       cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1
}

EVENTS {
  # this is required
  checkpoint    cmd="ctl_cyrusdb -c" period=30

  # this is only necessary if using duplicate delivery suppression,
  # Sieve or NNTP
  delprune      cmd="cyr_expire -E 3" at=0400

  # this is only necessary if caching TLS sessions
  tlsprune      cmd="tls_prune" at=0400
}

所以任何人都可以让我摆脱这个问题谢谢....