postfix 이메일 서버를 설정하려고했는데 postfix 서비스와 함께 telnet 세션에서 "auth login"명령을 사용할 때 다음 오류가 발생했습니다.
535 5.7.8 Error: authentication failed: generic failure
warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
아래 링크를 따라 서비스를 설정했습니다.
Ubuntu 16.04에서 Postfix를 설치하고 구성하는 방법
내 컴퓨터에 "postmaster"와 "yida"라는 2 명의 사용자를 만들었습니다. "postmaster"는 s-nail 메일을 사용하여 이메일을받을 수 없지만 "yida"에게 보낼 수있는 반면 "yida"는 "postmaster"와 같은 로컬 사용자와 만 이메일을주고받을 수 있습니다.
메일 로그에 다음과 같은 문제가 있습니다.
postfix/smtp[3386]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c11::1a]:25: Network is unreachable
내 Gmail 계정으로 이메일을 보내려고 할 때 발생합니다.
흥미로운 점은 인증을 포기하고 테스트 텔넷 세션에서 "mail from"명령을 계속 입력했고 서버가 "OK"응답을 주었다는 것입니다. Postfix에 인증이 필요하지 않은 것 같습니다.
관련 파일은 아래를 참조하십시오.
/etc/postfix/master.cf
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
#submission inet n - y - - smtpd
-o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
/etc/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = server.sample.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, sample.com, server.sample.com, localhost.sample.com, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/
virtual_alias_maps = hash:/etc/postfix/virtual
# SASL SUPPORT FOR CLIENTS
#
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail clients.
smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_relay_domains
compatibility_level = 2
/etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
/etc/s-nail.rc
#@ s-nail.rc
#@ Configuration file for S-nail(1) v14.8.6
# S-nail(1): v14.8.6 / 2015-12-28
## The standard POSIX 2008/Cor 1-2013 mandates the following initial settings:
# (Keep in sync: ./main.c:_startup(), ./nail.rc, ./nail.1:"Initial settings"!)
# [a] noallnet, noappend, asksub, noaskbcc, noaskcc, noautoprint,
# [b-e] nobang, nocmd, nocrt, nodebug, nodot, escape="~",
# [f-i] noflipr, nofolder, header, nohold, noignore, noignoreeof,
# [j-o] nokeep, nokeepsave, nometoo, nooutfolder,
# [p-r] nopage, prompt="? ", noquiet, norecord,
# [s] save, nosendwait, noshowto, nosign, noSign,
# [t-z] toplines="5"
# Notes:
# - no*onehop* doesn't exist in this implementation.
# (To pass options through to an MTA, either add them after a "--" separator
# on the command line or by setting the *sendmail-arguments* variable.)
# - *prompt* is "\\& " by default, which will act POSIX-compliant
# unless the user would set *bsdcompat*
## The remaining content adjusts the standard-imposed default settings.
# Note that some of the following flags are specific to S-nail(1) and may thus
# not work with other Mail(1) / mailx(1) programs.
# Entries are marked [OPTION] if their availability is compile-time dependent
## Variables
# If threaded mode is activated, automatically collapse thread
set autocollapse
# Enter threaded mode automatically
#set autosort=thread
# Append rather than prepend when writing to mbox automatically.
# This has no effect unless *hold* is unset (it is set below)
set append
# Ask for a message subject.
set ask
# *bsdannounce* prints a header summary on folder change and thus complements
# *header* on a per-folder basis (it is meaningless unless *header* is set)
set bsdannounce
# Uncomment this in order to get coloured output in $PAGER.
# (Coloured output is only used if $TERM is either found in *colour-terms*
# or includes the string "color")
#set colour-pager
# Assume a CRT-like terminal and invoke a $PAGER
set crt
# Define date display in header summary
#set datefield="%R %m-%d" datefield-markout-older=" %g-%m-%d"
# When composing messages a line consisting of `.' finalizes a message
set dot
# Immediately start $EDITOR (or $VISUAL) when composing a message
#set editalong
# Startup into interactive mode even if the (given) mailbox is empty
#set emptystart
# When replying to or forwarding a message the comment and name parts of email
# addresses are removed unless this variable is set.
#set fullnames
# [OPTION] Add more entries to the history as is done by default
set history-gabby
# Do not forward to mbox by default since this is likely to be
# irritating for most users today; also see *keepsave*
set hold
# Quote the original message in replies by "> " as usual on the Internet
set indentprefix="> "
# Mark messages that have been answered
set markanswered
# Try to circumvent false or missing MIME Content-Type descriptions
# (Can be set to values for extended behaviour, please see the manual.)
set mime-counter-evidence
# Control loading of mime.types(5) file: the value may be a combination of the
# letters "s" and "u": if "u" is seen ~/.mime.types will be loaded if possible;
# "s" adds /etc/mime.types, if available; setting this without any value uses
# only a set of builtin mimetypes; the default behaviour equals "us".
# An extended syntax that allows loading of other, specified files is available
# if the value contains an equal sign "=", see the manual for more
#set mimetypes-load-control
# Do not remove empty mail folders.
# This may be relevant for privacy since other users could otherwise create
# them with different permissions
set keep
# Do not move `save'd or `write'n message to mbox by default since this is
# likely to be irritating for most users today; also see *hold*
set keepsave
# When writing mailbox files we strip Content-Length: and Lines: header fields
# from edited / changed messages, because S-nail doesn't deal with these
# (non-standard) fields -- and since other MUAs may rely on their content, if
# present, it seems more useful to strip them than to keep them, now that they
# became invalid; set this to include them nonetheless
#set keep-content-length
# A nice prompt for ISO 6429/ECMA-48 terminals
#set prompt="\033[31m?\?[\$ \@]\& \033[0m"
# Automatically quote the text of the message that is responded to
set quote
# On group replies, specify only the sender of the original mail in To: and
# mention it's other recipients in the secondary Cc: instead of placing them
# all together in To:
set recipients-in-cc
# When responding to a message, try to answer in the same character set
#set reply-in-same-charset
# [OPTION] Outgoing messages are sent in UTF-8 if possible, otherwise LATIN1.
# Note: it is highly advisable to read the section "Character sets" of the
# manual in order to understand all the possibilities that exist to fine-tune
# charset usage (variables also of interest: *ttycharset*, *charset-8bit*,
# *sendcharsets-else-ttycharset*; and of course we inherit the $LC_CTYPE /
# $LC_ALL / $LANG environment variables and react upon them)
set sendcharsets=utf-8,iso-8859-1
# When sending a message wait until the MTA (including the builtin SMTP one)
# exits before accepting further commands. Only with this variable set errors
# reported by the MTA will be recognizable!
#set sendwait
# Display real sender names in header summaries instead of only addresses
set showname
# Show recipients of messages sent by the user himself in header summaries
set showto
## Commands
# Only include these selected header fields when forwarding messages
fwdretain subject date from to
# Only include the selected header fields when printing messages
retain date from to cc subject message-id mail-followup-to reply-to
## Some pipe-TYPE/SUBTYPE entries
# HTML as text, inline display via lynx(1)
#if $features !@ HTML-FILTER
# set pipe-text/html="lynx -stdin -dump -force_html"
#endif
# PDF display, asynchronous display via xpdf(1)
#set pipe-application/pdf="@&set -C;\
# : > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\
# trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" \
# EXIT INT QUIT PIPE TERM;\
# set +C;\
# cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\
# xpdf \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\""
# s-it-mode
#Added according to docs found in internet.
set emptystart
set folder=Maildir
set record=+sent
/ etc / default / saslauthd
#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#
# Should saslauthd run automatically on startup? (default: no)
START=yes
# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"
# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"
# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="shadow"
# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""
# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5
# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Example for non-chroot Postfix users: "-c -m /var/run/saslauthd"
#
# To know if your Postfix is running chroot, check /etc/postfix/master.cf.
# If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd"
# then your Postfix is running in a chroot.
# If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT
# running in a chroot.
OPTIONS="-c -m /var/run/saslauthd"
두 가지를 달성하고 싶습니다. 1. "인증 로그인"이 올바르게 작동하도록합니다. 2. 두 사용자 모두 내 Gmail 계정과 같은 외부로 이메일을 보낼 수 있도록합니다. 미리 도움을 주셔서 감사합니다.
postfix/smtp[3386]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c11::1a]:25: Network is unreachable
이것은 IPv6이 시도되었지만 사용할 수 없다는 힌트입니다. 컴퓨터가 IPv6 연결이 있다고 생각하지만 실제로는 그렇지 않은 것 같습니다. IPv6을 완전히 비활성화해야합니다.
에 다음 행을 추가하십시오 /etc/sysctl.conf.
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
재부팅하십시오. 이렇게하면 IPv6이 비활성화되어 IPv4를 사용해야합니다. 그런 다음 이메일을 다시 보내십시오.
또한 postfix는 인증없이 메일을 수락하지만 대상이 구성된 도메인 중 하나가 아닌 경우 구성에서 전자 메일 릴레이를 허용하지 않으므로 메일을 거부합니다. 이건 중요하다! 오픈 릴레이는 즉시 스팸 소스로 바뀝니다.
이것은 라인으로 구성됩니다.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
인증 실패와 관련하여 로그인 방법 auth login이 구성에 유효한 sasl 인증 메커니즘이 아니기 때문일 수 있습니다. 당신은 아마도 auth plain. 대부분의 인증 프로토콜을 지원하는 thunderbird와 같은 이메일 클라이언트에서 로그인을 시도하십시오.
이 기사는 인터넷에서 수집됩니다. 재 인쇄 할 때 출처를 알려주십시오.
침해가 발생한 경우 연락 주시기 바랍니다[email protected] 삭제
몇 마디 만하겠습니다