比思論壇
標題:
Postfix SMTP 部分用户验证失败,修复!
[打印本頁]
作者:
lcmj44444444
時間:
2013-1-5 20:30
標題:
Postfix SMTP 部分用户验证失败,修复!
组件:Postfix+Dovecot+OpenLDAP
Postfix+Cyrus-SASL+OpenLDAP 验证SMTP
Dovecot+OpenLDAP 验证POP
Postfix Dovecot OpenLDAP 使用编译安装
Cyrus-SASL 使用RHL5.4 自带安装RPM包安装
POP和SMTP使用相同的数据库LDAP
问题:用户在发送邮件的时候,突然突出密码验证失败,日志显示 SASL LOGIN authentication failed: authentication failure,使用 testsaslauthd -uuser -ppassword依然验证失败。
登录phpLDAPadmin 登录,查看使用checkpassword 检查用户密码为正确的密码,排除用户更改密码的可能性。POP收取邮件正常,用户登录正常
问题是,这只是部分用户,没有大规模用户验证失败。
贴出配置:
Postfix main.cf
————————————————————————————————————————————————————————————
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = ********************
mydestination = $myhostname,localhost
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8,192.168.254.0/24
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no
virtual_mailbox_domains = ********************
virtual_mailbox_base = /mail
#virtual_alias_maps = ldap:/etc/postfix/ldapalias.cf.autoreply
#virtual_alias_maps = ldap:/etc/postfix/ldapalias.cf
virtual_alias_maps = ldap:/etc/postfix/ldapalias.cf.autoreply,ldap:/etc/postfix/ldapalias.cf
virtual_mailbox_maps = ldap:/etc/postfix/ldap-mailbox.cf
virtual_mailbox_limit = 0
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_maps = ldap:/etc/postfix/quota.cf
virtual_overquota_bounce = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
local_recipient_maps = proxy:unix:passwd.byname $alias_maps $virtual_mailbox_maps
smtpd_sasl_auth_enable = yes
#smtpd_sasl_path = smtp
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions =
permit_mynetworks
permit_auth_destination
permit_sasl_authenticated
reject
#broken_sasl_auth_clients = yes
transport_maps = hash:/etc/postfix/transport
virtual_transport = virtual
#relayhost = 192.168.254.173
#relayhost = 192.168.254.173
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/pki/tls/private/localhost.key
smtpd_tls_cert_file = /etc/pki/tls/certs/localhost.crt
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd__scache
#smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
#smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtpd_tls_loglevel = 1
bounce_queue_lifetime = 3d
maximal_queue_lifetime = 3d
[root@web postfix]# clear
[root@web postfix]# cat /etc/smtpd.conf
pwcheck_method: saslauthd
mech_list: login plain
[root@web postfix]# vim main.cf
[root@web postfix]# vim main.cf
[root@web postfix]# postfix reload
postfix/postfix-script: refreshing the Postfix mail system
[root@web postfix]# cat main.cf
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = ****************************
mydestination = $myhostname,localhost
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no
virtual_mailbox_domains = **************************
virtual_mailbox_base = /mail
virtual_alias_maps = ldap:/etc/postfix/ldapalias.cf.autoreply,ldap:/etc/postfix/ldapalias.cf
virtual_mailbox_maps = ldap:/etc/postfix/ldap-mailbox.cf
virtual_mailbox_limit = 0
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_maps = ldap:/etc/postfix/quota.cf
virtual_overquota_bounce = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
local_recipient_maps = proxy:unix:passwd.byname $alias_maps $virtual_mailbox_maps
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions =
permit_mynetworks
permit_auth_destination
permit_sasl_authenticated
reject
broken_sasl_auth_clients = yes
transport_maps = hash:/etc/postfix/transport
virtual_transport = virtual
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/pki/tls/private/localhost.key
smtpd_tls_cert_file = /etc/pki/tls/certs/localhost.crt
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd__scache
#smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
#smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtpd_tls_loglevel = 1
bounce_queue_lifetime = 3d
____________________________________________________________________________________
SASL 配置文件
——————————————————————————————————————————————————————
cat /etc/saslauthd.conf
ldap_servers: ldap://127.0.0.1
ldap_bind_dn: cn=root,o=sesc,c=cn
ldap_bind_pw: 123456
ldap_search_base: ou=People,o=sesc,c=cn
ldap_version: 3
ldap_auth_method: bind
ldap_filter: (virtualdomainuser=%u)
cat /etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: login plain
grep -Ev "^$|#" /etc/sysconfig/saslauthd
SOCKETDIR=/var/run/saslauthd
MECH=ldap
FLAGS=
歡迎光臨 比思論壇 (http://108.170.5.76/)
Powered by Discuz! X2.5