Постфиксная ошибка аутентификации, не может послать электронное письмо
Я пытался настроить свой постфиксный почтовый сервер и получил следующие ошибки при использовании команды "подлинный вход в систему" на встрече telnet с моим постфиксным сервисом:
535 5.7.8 Error: authentication failed: generic failure
warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Я следовал за ссылкой ниже для установки сервиса.
Как установить и настроить постфикс на Ubuntu 16.04
Я создал 2 пользователей, "администратора почты" и "yida" в моем компьютере. "администратор почты" не мог получить электронное письмо с помощью обычной почты, но мог отправить к "yida", в то время как "yida" мог отправить и получить электронное письмо, но только к и от локального пользователя, как "администратор почты".
Почтовый журнал имеет следующую проблему:
postfix/smtp[3386]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c11::1a]:25: Network is unreachable
Это происходит, когда я пытался послать электронную почту на свой собственный счет Gmail.
Интересная вещь состояла в том, что я сдался в аутентификации и продолжил вводить "почту от" команды в моем тестировании, сессия telnet и сервер дали мне ответ "OK". Похож на Постфикс, не требовал аутентификации.
Посмотрите ниже связанных файлов:
/etc/postfix/master.cf
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
#submission inet n - y - - smtpd
-o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
/etc/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = server.sample.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, sample.com, server.sample.com, localhost.sample.com, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/
virtual_alias_maps = hash:/etc/postfix/virtual
# SASL SUPPORT FOR CLIENTS
#
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail clients.
smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_relay_domains
compatibility_level = 2
/etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
/etc/s-nail.rc
#@ s-nail.rc
#@ Configuration file for S-nail(1) v14.8.6
# S-nail(1): v14.8.6 / 2015-12-28
## The standard POSIX 2008/Cor 1-2013 mandates the following initial settings:
# (Keep in sync: ./main.c:_startup(), ./nail.rc, ./nail.1:"Initial settings"!)
# [a] noallnet, noappend, asksub, noaskbcc, noaskcc, noautoprint,
# [b-e] nobang, nocmd, nocrt, nodebug, nodot, escape="~",
# [f-i] noflipr, nofolder, header, nohold, noignore, noignoreeof,
# [j-o] nokeep, nokeepsave, nometoo, nooutfolder,
# [p-r] nopage, prompt="? ", noquiet, norecord,
# [s] save, nosendwait, noshowto, nosign, noSign,
# [t-z] toplines="5"
# Notes:
# - no*onehop* doesn't exist in this implementation.
# (To pass options through to an MTA, either add them after a "--" separator
# on the command line or by setting the *sendmail-arguments* variable.)
# - *prompt* is "\\& " by default, which will act POSIX-compliant
# unless the user would set *bsdcompat*
## The remaining content adjusts the standard-imposed default settings.
# Note that some of the following flags are specific to S-nail(1) and may thus
# not work with other Mail(1) / mailx(1) programs.
# Entries are marked [OPTION] if their availability is compile-time dependent
## Variables
# If threaded mode is activated, automatically collapse thread
set autocollapse
# Enter threaded mode automatically
#set autosort=thread
# Append rather than prepend when writing to mbox automatically.
# This has no effect unless *hold* is unset (it is set below)
set append
# Ask for a message subject.
set ask
# *bsdannounce* prints a header summary on folder change and thus complements
# *header* on a per-folder basis (it is meaningless unless *header* is set)
set bsdannounce
# Uncomment this in order to get coloured output in $PAGER.
# (Coloured output is only used if $TERM is either found in *colour-terms*
# or includes the string "color")
#set colour-pager
# Assume a CRT-like terminal and invoke a $PAGER
set crt
# Define date display in header summary
#set datefield="%R %m-%d" datefield-markout-older=" %g-%m-%d"
# When composing messages a line consisting of `.' finalizes a message
set dot
# Immediately start $EDITOR (or $VISUAL) when composing a message
#set editalong
# Startup into interactive mode even if the (given) mailbox is empty
#set emptystart
# When replying to or forwarding a message the comment and name parts of email
# addresses are removed unless this variable is set.
#set fullnames
# [OPTION] Add more entries to the history as is done by default
set history-gabby
# Do not forward to mbox by default since this is likely to be
# irritating for most users today; also see *keepsave*
set hold
# Quote the original message in replies by "> " as usual on the Internet
set indentprefix="> "
# Mark messages that have been answered
set markanswered
# Try to circumvent false or missing MIME Content-Type descriptions
# (Can be set to values for extended behaviour, please see the manual.)
set mime-counter-evidence
# Control loading of mime.types(5) file: the value may be a combination of the
# letters "s" and "u": if "u" is seen ~/.mime.types will be loaded if possible;
# "s" adds /etc/mime.types, if available; setting this without any value uses
# only a set of builtin mimetypes; the default behaviour equals "us".
# An extended syntax that allows loading of other, specified files is available
# if the value contains an equal sign "=", see the manual for more
#set mimetypes-load-control
# Do not remove empty mail folders.
# This may be relevant for privacy since other users could otherwise create
# them with different permissions
set keep
# Do not move `save'd or `write'n message to mbox by default since this is
# likely to be irritating for most users today; also see *hold*
set keepsave
# When writing mailbox files we strip Content-Length: and Lines: header fields
# from edited / changed messages, because S-nail doesn't deal with these
# (non-standard) fields -- and since other MUAs may rely on their content, if
# present, it seems more useful to strip them than to keep them, now that they
# became invalid; set this to include them nonetheless
#set keep-content-length
# A nice prompt for ISO 6429/ECMA-48 terminals
#set prompt="\033[31m?\?[\$ \@]\& \033[0m"
# Automatically quote the text of the message that is responded to
set quote
# On group replies, specify only the sender of the original mail in To: and
# mention it's other recipients in the secondary Cc: instead of placing them
# all together in To:
set recipients-in-cc
# When responding to a message, try to answer in the same character set
#set reply-in-same-charset
# [OPTION] Outgoing messages are sent in UTF-8 if possible, otherwise LATIN1.
# Note: it is highly advisable to read the section "Character sets" of the
# manual in order to understand all the possibilities that exist to fine-tune
# charset usage (variables also of interest: *ttycharset*, *charset-8bit*,
# *sendcharsets-else-ttycharset*; and of course we inherit the $LC_CTYPE /
# $LC_ALL / $LANG environment variables and react upon them)
set sendcharsets=utf-8,iso-8859-1
# When sending a message wait until the MTA (including the builtin SMTP one)
# exits before accepting further commands. Only with this variable set errors
# reported by the MTA will be recognizable!
#set sendwait
# Display real sender names in header summaries instead of only addresses
set showname
# Show recipients of messages sent by the user himself in header summaries
set showto
## Commands
# Only include these selected header fields when forwarding messages
fwdretain subject date from to
# Only include the selected header fields when printing messages
retain date from to cc subject message-id mail-followup-to reply-to
## Some pipe-TYPE/SUBTYPE entries
# HTML as text, inline display via lynx(1)
#if $features !@ HTML-FILTER
# set pipe-text/html="lynx -stdin -dump -force_html"
#endif
# PDF display, asynchronous display via xpdf(1)
#set pipe-application/pdf="@&set -C;\
# : > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\
# trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" \
# EXIT INT QUIT PIPE TERM;\
# set +C;\
# cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\
# xpdf \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\""
# s-it-mode
#Added according to docs found in internet.
set emptystart
set folder=Maildir
set record=+sent
/etc/default/saslauthd
#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#
# Should saslauthd run automatically on startup? (default: no)
START=yes
# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"
# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"
# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="shadow"
# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""
# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5
# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Example for non-chroot Postfix users: "-c -m /var/run/saslauthd"
#
# To know if your Postfix is running chroot, check /etc/postfix/master.cf.
# If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd"
# then your Postfix is running in a chroot.
# If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT
# running in a chroot.
OPTIONS="-c -m /var/run/saslauthd"
Я хотел бы достигнуть двух вещей: 1. Заставьте "подлинный вход в систему" работать правильно. 2. Заставьте обоих пользователей смочь послать электронное письмо стороне, любить в мою учетную запись Gmail. Спасибо за справку заранее.
1
задан Yida Zhang
4 May 2018 в 20:08
поделиться
1 ответ
postfix/smtp[3386]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c11::1a]:25: Network is unreachable
Это - подсказка, что IPv6 предпринят, но не доступный. Похоже, что Ваш компьютер полагает, что это имеет возможность соединения IPv6, в то время как это в действительности не имеет его. Необходимо, вероятно, попытаться отключить IPv6 полностью:
Добавьте следующие строки к /etc/sysctl.conf:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
и перезагрузка. Это отключит IPv6, вынуждая Вас использовать IPv4. Затем попытайтесь послать электронное письмо снова.
Кроме того, постфикс примет почту без аутентификации, но если место назначения не является одним из доменов, это настроено для, это отклонит его, поскольку это не позволяет передавать электронную почту в Вашей конфигурации. Это важно! Открытое реле будет немедленно превращено в источник спама...
Это настроено со строкой
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
Относительно ошибки аутентификации это, вероятно, потому что метод входа в систему auth login не допустимый sasl механизм аутентификации для Вашей конфигурации. Вы, вероятно, ищете auth plain. Попробуйте вход в систему от почтового клиента как тандерберд, который поддерживает большинство протоколов аутентификации.
1
ответ дан vidarlo
7 December 2019 в 15:20
поделиться