|簡體中文

比思論壇

 找回密碼
 按這成為會員
搜索



查看: 809|回復: 1
打印 上一主題 下一主題

Postfix SMTP 部分用户验证失败,修复!

[複製鏈接]

41

主題

0

好友

352

積分

中學生

Rank: 3Rank: 3

  • TA的每日心情
    奮斗
    2019-5-13 14:36
  • 簽到天數: 68 天

    [LV.6]常住居民II

    推廣值
    0
    貢獻值
    0
    金錢
    902
    威望
    352
    主題
    41
    樓主
    發表於 2013-1-5 20:30:47
    组件:Postfix+Dovecot+OpenLDAP

    Postfix+Cyrus-SASL+OpenLDAP   验证SMTP
    Dovecot+OpenLDAP  验证POP

    Postfix Dovecot OpenLDAP 使用编译安装

    Cyrus-SASL 使用RHL5.4 自带安装RPM包安装


    POP和SMTP使用相同的数据库LDAP

    问题:用户在发送邮件的时候,突然突出密码验证失败,日志显示 SASL LOGIN authentication failed: authentication failure,使用 testsaslauthd -uuser -ppassword依然验证失败。
    登录phpLDAPadmin 登录,查看使用checkpassword 检查用户密码为正确的密码,排除用户更改密码的可能性。POP收取邮件正常,用户登录正常
    问题是,这只是部分用户,没有大规模用户验证失败。
    贴出配置:
    Postfix  main.cf

    ————————————————————————————————————————————————————————————

    alias_database = hash:/etc/postfix/aliases
    alias_maps = hash:/etc/postfix/aliases
    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/libexec/postfix
    mail_owner = postfix
    myhostname = ********************
    mydestination = $myhostname,localhost
    unknown_local_recipient_reject_code = 550
    mynetworks = 127.0.0.0/8,192.168.254.0/24


    debug_peer_level = 2
    debugger_command =
             PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
             xxgdb $daemon_directory/$process_name $process_id & sleep 5
    sendmail_path = /usr/sbin/sendmail
    newaliases_path = /usr/bin/newaliases
    mailq_path = /usr/bin/mailq
    setgid_group = postdrop
    html_directory = no
    manpage_directory = /usr/local/man
    sample_directory = /etc/postfix
    readme_directory = no
    virtual_mailbox_domains = ********************
    virtual_mailbox_base = /mail
    #virtual_alias_maps = ldap:/etc/postfix/ldapalias.cf.autoreply
    #virtual_alias_maps = ldap:/etc/postfix/ldapalias.cf
    virtual_alias_maps = ldap:/etc/postfix/ldapalias.cf.autoreply,ldap:/etc/postfix/ldapalias.cf
    virtual_mailbox_maps = ldap:/etc/postfix/ldap-mailbox.cf
    virtual_mailbox_limit = 0

    virtual_mailbox_limit_inbox = no
    virtual_mailbox_limit_maps = ldap:/etc/postfix/quota.cf
    virtual_overquota_bounce = yes
    virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.




    virtual_uid_maps     = static:1000
    virtual_gid_maps     = static:1000
    local_recipient_maps = proxy:unix:passwd.byname $alias_maps $virtual_mailbox_maps




    smtpd_sasl_auth_enable = yes
    #smtpd_sasl_path = smtp
    smtpd_sasl_security_options = noanonymous
    smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
    smtpd_sasl_local_domain = $myhostname
    smtpd_recipient_restrictions =
    permit_mynetworks
    permit_auth_destination
    permit_sasl_authenticated
    reject
    #broken_sasl_auth_clients = yes

    transport_maps = hash:/etc/postfix/transport
    virtual_transport = virtual
    #relayhost = 192.168.254.173
    #relayhost = 192.168.254.173

    smtpd_use_tls = yes
    smtpd_tls_key_file = /etc/pki/tls/private/localhost.key
    smtpd_tls_cert_file = /etc/pki/tls/certs/localhost.crt
    smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd__scache
    #smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
    #smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache

    smtpd_tls_loglevel = 1
    bounce_queue_lifetime = 3d
    maximal_queue_lifetime = 3d

    [root@web postfix]# clear
    [root@web postfix]# cat /etc/smtpd.conf
    pwcheck_method: saslauthd
    mech_list: login plain
    [root@web postfix]# vim main.cf
    [root@web postfix]# vim main.cf
    [root@web postfix]# postfix reload
    postfix/postfix-script: refreshing the Postfix mail system
    [root@web postfix]# cat main.cf
    alias_database = hash:/etc/postfix/aliases
    alias_maps = hash:/etc/postfix/aliases
    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/libexec/postfix
    mail_owner = postfix
    myhostname = ****************************
    mydestination = $myhostname,localhost
    unknown_local_recipient_reject_code = 550
    mynetworks = 127.0.0.0/8


    debug_peer_level = 2
    debugger_command =
             PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
             xxgdb $daemon_directory/$process_name $process_id & sleep 5
    sendmail_path = /usr/sbin/sendmail
    newaliases_path = /usr/bin/newaliases
    mailq_path = /usr/bin/mailq
    setgid_group = postdrop
    html_directory = no
    manpage_directory = /usr/local/man
    sample_directory = /etc/postfix
    readme_directory = no

    virtual_mailbox_domains = **************************
    virtual_mailbox_base = /mail
    virtual_alias_maps = ldap:/etc/postfix/ldapalias.cf.autoreply,ldap:/etc/postfix/ldapalias.cf
    virtual_mailbox_maps = ldap:/etc/postfix/ldap-mailbox.cf
    virtual_mailbox_limit = 0
    virtual_mailbox_limit_inbox = no
    virtual_mailbox_limit_maps = ldap:/etc/postfix/quota.cf
    virtual_overquota_bounce = yes
    virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
    virtual_uid_maps     = static:1000
    virtual_gid_maps     = static:1000
    local_recipient_maps = proxy:unix:passwd.byname $alias_maps $virtual_mailbox_maps

    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
    smtpd_sasl_local_domain = $myhostname
    smtpd_recipient_restrictions =
    permit_mynetworks
    permit_auth_destination
    permit_sasl_authenticated
    reject
    broken_sasl_auth_clients = yes

    transport_maps = hash:/etc/postfix/transport
    virtual_transport = virtual

    smtpd_use_tls = yes
    smtpd_tls_key_file = /etc/pki/tls/private/localhost.key
    smtpd_tls_cert_file = /etc/pki/tls/certs/localhost.crt
    smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd__scache
    #smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
    #smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache

    smtpd_tls_loglevel = 1
    bounce_queue_lifetime = 3d
    ____________________________________________________________________________________

    SASL 配置文件
    ——————————————————————————————————————————————————————
    cat /etc/saslauthd.conf
    ldap_servers: ldap://127.0.0.1
    ldap_bind_dn: cn=root,o=sesc,c=cn
    ldap_bind_pw: 123456
    ldap_search_base: ou=People,o=sesc,c=cn
    ldap_version: 3
    ldap_auth_method: bind
    ldap_filter: (virtualdomainuser=%u)


    cat /etc/sasl2/smtpd.conf
    pwcheck_method: saslauthd
    mech_list: login plain


    grep -Ev "^$|#" /etc/sysconfig/saslauthd
    SOCKETDIR=/var/run/saslauthd
    MECH=ldap
    FLAGS=

    重要聲明:本論壇是以即時上載留言的方式運作,比思論壇對所有留言的真實性、完整性及立場等,不負任何法律責任。而一切留言之言論只代表留言者個人意見,並非本網站之立場,讀者及用戶不應信賴內容,並應自行判斷內容之真實性。於有關情形下,讀者及用戶應尋求專業意見(如涉及醫療、法律或投資等問題)。 由於本論壇受到「即時上載留言」運作方式所規限,故不能完全監察所有留言,若讀者及用戶發現有留言出現問題,請聯絡我們比思論壇有權刪除任何留言及拒絕任何人士上載留言 (刪除前或不會作事先警告及通知 ),同時亦有不刪除留言的權利,如有任何爭議,管理員擁有最終的詮釋權。用戶切勿撰寫粗言穢語、誹謗、渲染色情暴力或人身攻擊的言論,敬請自律。本網站保留一切法律權利。

    手機版| 廣告聯繫

    GMT+8, 2024-11-1 10:27 , Processed in 0.014542 second(s), 16 queries , Gzip On, Memcache On.

    Powered by Discuz! X2.5

    © 2001-2012 Comsenz Inc.

    回頂部