Снабдите постфиксом голубятню PostgreSQL, аутентификация SASL приводит сервер Ubuntu 14.04LTS к сбою
Я ранее устанавливаю свой почтовый сервер с помощью Ubuntu 12.04LTS, и все хорошо работали (см. Постфиксную Голубятню, которую Аутентификация SASL не позволяла/работала серверу человечности 12.04), но я недавно переместил все в новый сервер и обновление Ubuntu 14.04 LTS, и я потерял что-то в Голубятне конфигурация SASL, потому что я не могу Аутентифицировать Голубятню использования SASL... Я получаю следующую ошибку
Jun 12 05:15:30 example dovecot: auth: Error: pgsql(192.168.1.11:3145): Connect failed to database mwdmail: could not translate host name "192.168.1.11:3145" to address: Name or service not known
Jun 12 05:15:30 example dovecot: auth: Error: pgsql(192.168.1.11:3145): Connect failed to database mwdmail: could not translate host name "192.168.1.11:3145" to address: Name or service not known
Jun 12 05:16:31 example dovecot: auth: Error: pgsql: Query timed out (no free connections for 61 secs): SELECT username as user, password, '/mwdmail/mbox/example.com/cmadm' as userdb_home, 'maildir:/mwdmail/mbox/example.com/cmadm' as userdb_mail, 3205 as userdb_uid, 3205 as userdb_gid FROM mailbox WHERE username='cmadm@example.com' AND active = true;
Jun 12 05:16:31 example dovecot: auth: Error: sql(cmadm@example.com,127.0.0.1,<tYikAKD74gB/AAAB>): Password query failed: Not connected to database
Jun 12 05:17:44 example dovecot: auth: Error: pgsql(192.168.1.11:3145): Connect failed to database mwdmail: could not translate host name "192.168.1.11:3145" to address: Name or service not known
Jun 12 05:17:44 example dovecot: auth: Error: pgsql(192.168.1.11:3145): Connect failed to database mwdmail: could not translate host name "192.168.1.11:3145" to address: Name or service not known
postconf-n (main.cf файл)
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
header_checks = regexp:/etc/postfix/header_checks
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps = $virtual_mailbox_maps
local_transport = virtual
mail_owner = mwdpost
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = example.com, localhost.com, localhost
mydomain = example.com
myhostname = example.com
mynetworks = 192.168.1.0/24, 127.0.0.0/8
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
recipient_delimiter = +
relay_domains = proxy:pgsql:/etc/postfix/pgsql/relay_domains.cf
relayhost =
setgid_group = mwdpdrop
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_relay_restrictions = reject_sender_login_mismatch, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = hash:/etc/postfix/sasl/controlled_envelope_senders
smtpd_sender_restrictions = permit_sasl_authenticated, reject_unknown_sender_domain, permit_mynetworks
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = proxy:pgsql:/etc/postfix/pgsql/virtual_alias_map.cf
virtual_gid_maps = static:3205
virtual_mailbox_base = /mwdmail/mbox
virtual_mailbox_domains = proxy:pgsql:/etc/postfix/pgsql/virtual_domain_map.cf
virtual_mailbox_limit = 512000000
virtual_mailbox_maps = proxy:pgsql:/etc/postfix/pgsql/virtual_mailbox_map.cf
virtual_minimum_uid = 3205
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:3205
postconf-M (master.cf файл)
#SMTP on port 25, unencrypted.
smtp inet n - - - - smtpd -v
smtpd pass - - - - - smtpd -v
# SMTP with TLS on port 587.
submission inet n - - - - smtpd -v
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_sender_login_maps=hash:/etc/postfix/sasl/controlled_envelope_senders
# -o smtpd_sender_login_maps=hash:/etc/postfix/virtual
-o smtpd_sender_restrictions=reject_sender_login_mismatch
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
# SMTP over SSL on port 465.
smtps inet n - - - - smtpd -v
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
-o smtpd_sasl_security_options=noanonymous,noplaintext
-o smtpd_sasl_tls_security_options=noanonymous
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
dovecot unix - n n - - pipe
flags=DRhu user=mwdvm:mwdvm argv=/usr/bin/vendor_perl/spamc -f -e /usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
# The next two entries integrate with Amavis for anti-virus/spam checks.
amavis unix - - - - 3 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=192.168.1.0/32,127.0.0.0/8
# -o mynetworks=0.0.0.0
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
#
#
##############
# Integration with Dovecot - hand mail over to it for local delivery, and
# run the process under the vmail user and mail group.
dovecot unix - n n - - pipe
flags=DRhu user=mwdvm:mwdvm argv=/usr/lib/dovecot/dovecot-lda -d $(recipient)
АУТЕНТИФИКАЦИЯ SASL включена на проверку telnet
root@example:~# telnet 192.168.1.11 25
Trying 192.168.1.11...
Connected to 192.168.1.11.
Escape character is '^]'.
220 example.com ESMTP Postfix
ehlo example.com
250-example.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
doveconf-n
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-29-generic x86_64 Ubuntu 14.04 LTS
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
first_valid_uid = 3205
last_valid_uid = 3205
mail_gid = mwdvm
mail_location = maildir:~/Maildir
mail_uid = mwdvm
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
namespace inbox {
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
postmaster_address = postmaster@example.com
protocols = imap pop3 sieve
service auth-worker {
user = $default_internal_user
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = mwdpost
mode = 0660
user = mwdpost
}
unix_listener /var/spool/postfix/private/dovecot-auth {
#group = postfix
group = mwdpost
mode = 0660
#user = postfix
user = mwdpost
}
unix_listener auth-userdb {
group = mwdvm
mode = 0600
user = mwdvm
}
user = dovecot
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = mwdpost
mode = 0600
user = mwdpost
}
}
ssl_cert = </etc/dovecot/dovecot.pem
ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
ssl_key = </etc/dovecot/private/dovecot.pem
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol imap {
imap_client_workarounds = delay-newmail
mail_max_userip_connections = 10
}
protocol pop3 {
mail_max_userip_connections = 10
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
auth_socket_path = /var/run/dovecot/auth-master
deliver_log_format = msgid=%m: %$
log_path = /var/log/dovecot-lda.log
mail_plugins = sieve
postmaster_address = postmaster
quota_full_tempfail = yes
rejection_reason = Your message to <%t> was automatically rejected:%n%r
}
файл аутентификации голубятни:
# This file is opened as root, so it should be owned by root and mode 0600.
#
# http://wiki2.dovecot.org/AuthDatabase/SQL
#
# For the sql passdb module, you'll need a database with a table that
# contains fields for at least the username and password. If you want to
# use the user@domain syntax, you might want to have a separate domain
# field as well.
#
# If your users all have the same uig/gid, and have predictable home
# directories, you can use the static userdb module to generate the home
# dir based on the username and domain. In this case, you won't need fields
# for home, uid, or gid in the database.
#
# If you prefer to use the sql userdb module, you'll want to add fields
# for home, uid, and gid. Here is an example table:
#
# CREATE TABLE users (
# username VARCHAR(128) NOT NULL,
# domain VARCHAR(128) NOT NULL,
# password VARCHAR(64) NOT NULL,
# home VARCHAR(255) NOT NULL,
# uid INTEGER NOT NULL,
# gid INTEGER NOT NULL,
# active CHAR(1) DEFAULT 'Y' NOT NULL
# );
# Database driver: mysql, pgsql, sqlite
#driver =
driver = pgsql
# Database connection string. This is driver-specific setting.
#
# HA / round-robin load-balancing is supported by giving multiple host
# settings, like: host=sql1.host.org host=sql2.host.org
#
# pgsql:
# For available options, see the PostgreSQL documention for the
# PQconnectdb function of libpq.
# Use maxconns=n (default 5) to change how many connections Dovecot can
# create to pgsql.
#
# mysql:
# Basic options emulate PostgreSQL option names:
# host, port, user, password, dbname
#
# But also adds some new settings:
# client_flags - See MySQL manual
# ssl_ca, ssl_ca_path - Set either one or both to enable SSL
# ssl_cert, ssl_key - For sending client-side certificates to server
# ssl_cipher - Set minimum allowed cipher security (default: HIGH)
# option_file - Read options from the given file instead of
# the default my.cnf location
# option_group - Read options from the given group (default: client)
#
# You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
# Note that currently you can't use spaces in parameters.
#
# sqlite:
# The path to the database file.
#
# Examples:
# connect = host=192.168.1.1 dbname=users
# connect = host=sql.example.com dbname=virtual user=virtual password=blarg
# connect = /etc/dovecot/authdb.sqlite
#
#connect =
connect = host=192.168.1.11:3145 dbname=mwdmail user=mwdmlusr password=t1mim@1l
# Default password scheme.
#
# List of supported schemes is in
# http://wiki2.dovecot.org/Authentication/PasswordSchemes
#
#default_pass_scheme = MD5
default_pass_scheme = SHA516-CRYPT
# passdb query to retrieve the password. It can return fields:
# password - The user's password. This field must be returned.
# user - user@domain from the database. Needed with case-insensitive lookups.
# username and domain - An alternative way to represent the "user" field.
#
# The "user" field is often necessary with case-insensitive lookups to avoid
# e.g. "name" and "nAme" logins creating two different mail directories. If
# your user and domain names are in separate fields, you can return "username"
# and "domain" fields instead of "user".
#
# The query can also return other fields which have a special meaning, see
# http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
#
# Commonly used available substitutions (see http://wiki2.dovecot.org/Variables
# for full list):
# %u = entire user@domain
# %n = user part of user@domain
# %d = domain part of user@domain
#
# Note that these can be used only as input to SQL query. If the query outputs
# any of these substitutions, they're not touched. Otherwise it would be
# difficult to have eg. usernames containing '%' characters.
#
# Example:
# password_query = SELECT userid AS user, pw AS password \
# FROM users WHERE userid = '%u' AND active = 'Y'
#
#password_query = \
# SELECT username, domain, password \
# FROM users WHERE username = '%n' AND domain = '%d'
password_query = \
SELECT username as user, password, '/mwdmail/mbox/%d/%n' as userdb_home, 'maildir:/mwdmail/mbox/%d/%n' as userdb_mail, 3205 as userdb_uid, 3205 as userdb_gid \
FROM mailbox WHERE username='%u' AND active = true;
# userdb query to retrieve the user information. It can return fields:
# uid - System UID (overrides mail_uid setting)
# gid - System GID (overrides mail_gid setting)
# home - Home directory
# mail - Mail location (overrides mail_location setting)
#
# None of these are strictly required. If you use a single UID and GID, and
# home or mail directory fits to a template string, you could use userdb static
# instead. For a list of all fields that can be returned, see
# http://wiki2.dovecot.org/UserDatabase/ExtraFields
#
# Examples:
# user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
# user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u'
# user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
#
#user_query = \
# SELECT home, uid, gid \
# FROM users WHERE username = '%n' AND domain = '%d'
user_query = \
SELECT '/mwdmail/mbox/%d/%n' as home, 'maildir:/mwdmail/mbox/%d/%n' as mail, 3205 AS uid, 3205 AS gid, 'dirsize:storage=' || quota AS quota FROM mailbox WHERE username = '%u' AND active = true
# If you wish to avoid two SQL lookups (passdb + userdb), you can use
# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
# also have to return userdb fields in password_query prefixed with "userdb_"
# string. For example:
#password_query = \
# SELECT userid AS user, password, \
# home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \
# FROM users WHERE userid = '%u'
# Query to get a list of all usernames.
#iterate_query = SELECT username AS user FROM users
Я могу сделать следующее:
- пошлите электронное письмо внешнему адресу из корневой учетной записи командной строки
- Пошлите электронное письмо локальным почтовым ящикам и виртуальным почтовым ящикам из корневой учетной записи командной строки
- Получите электронное письмо к виртуальному почтовому ящику от внешних почтовых ящиков *
Я НЕ могу сделать следующего:
- Получите электронное письмо к виртуальному почтовому ящику от внешних почтовых ящиков (*THIS, ФИКСИРУЕТСЯ),
- Войдите в виртуальный почтовый ящик от удаленного клиента как тандерберд или roundcube
Я знаю, что должна быть некоторая конфигурация я пропавшие без вести или спутывание. Помогите.Спасибо
* ** ОБНОВИЛ *** 13.06.2014 ******* На @clement, я обновил сообщение с файлами и при выполнении голубятни-n. Я заметил, что у меня была несправедливость userid/groupid в файле,/etc/dovecot/conf.d/99-mail-stack-delivery.conf.ext исправил его, и затем ошибка ушла. Я также могу получить электронное письмо от счетов по внешним расчетам, но я получаю новую ошибку и когда я пытаюсь соединиться через тандерберд, или roundcube та же ошибка (отправленный выше появляется),
Новая ошибка (из системного журнала)
Jun 13 12:48:59 example amavis[1636]: (01636-01) Connecting to SQL database server
Jun 13 12:48:59 example amavis[1636]: (01636-01) connect_to_sql: 'DBI:Pg:database=mwdmail;host=192.168.1.11;port=3145' succeeded
Jun 13 12:48:59 example amavis[1636]: (01636-01) ESMTP::10024 /var/lib/amavis/tmp/amavis-20140613T124859-01636-8zgfTr8G: <myemailid@gmail.com> -> <cmadm@example.com> SIZE=1994 Received: from example.com ([127.0.0.1]) by localhost (example.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <cmadm@example.com>; Fri, 13 Jun 2014 12:48:59 -0400 (EDT)
Jun 13 12:48:59 example amavis[1636]: (01636-01) body hash: 3c1b1ba2edc70e49703dfd1f314cbf88
Jun 13 12:48:59 example amavis[1636]: (01636-01) dkim: FAILED Author+Sender+MailFrom signature by d=gmail.com, From: <myemailid@gmail.com>, a=rsa-sha256, c=relaxed/relaxed, s=20120113, i=@gmail.com, fail (message has been altered)
Jun 13 12:48:59 example amavis[1636]: (01636-01) Checking: ir664hlqxaJx [209.85.128.170] <myemailid@gmail.com> -> <cmadm@example.com>
Jun 13 12:48:59 example amavis[1636]: (01636-01) 2822.From: <myemailid@gmail.com>
Jun 13 12:48:59 example amavis[1636]: (01636-01) p001 1 Content-Type: text/plain, size: 769 B, name:
Jun 13 12:49:00 example amavis[1636]: (01636-01) Checking for banned types and filenames
Jun 13 12:49:00 example amavis[1636]: (01636-01) collect banned table[0]: cmadm@example.com, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x2541dc0)
Jun 13 12:49:00 example amavis[1636]: (01636-01) p.path cmadm@example.com: "P=p001,L=1,M=text/plain,T=asc"
Jun 13 12:49:00 example amavis[1636]: (01636-01) run_av Using (ClamAV-clamd): (code) CONTSCAN /var/lib/amavis/tmp/amavis-20140613T124859-01636-8zgfTr8G/parts\n
Jun 13 12:49:00 example amavis[1636]: (01636-01) ClamAV-clamd: Connecting to socket /var/run/clamav/clamd.ctl
Jun 13 12:49:00 example amavis[1636]: (01636-01) new socket by IO::Socket::UNIX to /var/run/clamav/clamd.ctl, timeout 10
Jun 13 12:49:00 example amavis[1636]: (01636-01) ClamAV-clamd: Sending CONTSCAN /var/lib/amavis/tmp/amavis-20140613T124859-01636-8zgfTr8G/parts\n to socket /var/run/clamav/clamd.ctl
Jun 13 12:49:00 example amavis[1636]: (01636-01) rw_loop read: got eof
Jun 13 12:49:00 example amavis[1636]: (01636-01) run_av (ClamAV-clamd): CLEAN
Jun 13 12:49:00 example amavis[1636]: (01636-01) run_av (ClamAV-clamd) result: clean
0
задан Community
13 April 2017 в 15:24
поделиться
1 ответ
@clement.. это разрешено. Я переустановил все снова и тщательно обновил весь мой постфикс и файлы голубятни. У меня было несколько опечаток и новый идентификатор пользователя и идентификатор Группы, который я создал для постфикса, и постотбрасывание не имело корректных полномочий везде. Я имею другую проблему, но сообщу об этом относительно другого сообщения.
Спасибо.
0
ответ дан Cmweb
13 April 2017 в 15:24
поделиться