ste*_*boy 9 email-server postfix roundcube tls
我与一个后缀/达夫科特/ Roundcube安装工作,力争虚拟用户的邮件系统,可以通过互联网发送邮件,如记录在这里。
一切似乎都运行良好;Dovecote 显示没有问题,我可以 telnet 到我所有的端口;但是,每当我尝试通过 Roundcube 发送邮件时,都会出现错误:
SMTP Error (220): Authentication failed.
从日志中:
[17-Jan-2015 05:27:31 +0000]: SMTP Error: SMTP error: Authentication failure: STARTTLS failed (Code: ) in /usr/share/webapps/roundcubemail/program/lib/Roundcube/rcube.php on line 1505 (POST /roundcube/?_task=mail&_unlock=loading1421472451594&_lang=en_US&_framed=1?_task=mail&_action=send)
我想既然 Postfix 负责 SMTP,它一定是罪魁祸首。在我的 Postfix 日志中,我看到:
Jan 16 21:14:35 steelhorse postfix/smtpd[18426]: disconnect from localhost.localdomain[127.0.0.1]
Jan 16 21:14:35 steelhorse postfix/smtpd[18426]: lost connection after STARTTLS from localhost.localdomain[127.0.0.1]
Jan 16 21:14:35 steelhorse postfix/smtpd[18426]: warning: TLS library problem: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1293:SSL alert number
Jan 16 21:14:35 steelhorse postfix/smtpd[18426]: SSL_accept error from localhost.localdomain[127.0.0.1]: 0
我的 SSL 证书使用 localhost 作为 CN 签名,因为这解决了我遇到的另一个问题。Postfix 使用 $myhostname 参数设置为 mail.[mydomain] 并使用 Afraid DynDNS 我为 mail.mydomain 设置了 A 记录以及类似于 1:mail.[mydomain] 的 MX 记录。我尝试将这些全部设置为 [mydomain],但它不起作用。telnet 会话如下所示:
telnet [mydomain] 587
Trying [myip]...
Connected to [mydomain].
Escape character is '^]'.
220 [mydomain] ESMTP Postfix
ehlo [mydomain]
250-[mydomain]
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
我的 Postfix main.cf(不包括大部分默认行):
#soft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/bin
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
#default_privs = nobody
myhostname = [mydomain]
#myhostname = virtual.domain.tld
mydomain = [mydomain]
#myorigin = $myhostname
myorigin = $mydomain
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
#mydestination = $myhostname, localhost.$mydomain, localhost
...
#local_recipient_maps = unix:passwd.byname $alias_maps
unknown_local_recipient_reject_code = 550
#mynetworks_style = class
#mynetworks_style = subnet
mynetworks_style = host
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
#relay_domains = $mydestination
#relayhost = $mydomain
...
relay_domains = *
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf
virtual_mailbox_base = /home/vmail
virtual_mailbox_limit = 512000000
virtual_minimum_uid = 5000
virtual_transport = virtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps
transport_maps = hash:/etc/postfix/transport
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/private/server.crt
smtpd_tls_key_file = /etc/ssl/private/server.key
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes
smtpd_tls_loglevel = 1
我还尝试按照此处将 Roundcube smtp_conn_options 设置为 null 。我真的不确定问题是否出在 DNS 记录、SSL 证书或其他方面。任何和所有的帮助将不胜感激!
更新
将我的 Roundcube conf.inc.php 设置为 verify_peer(_name) = false 后
/* Local configuration for Roundcube Webmail */
$config['db_dsnw'] = 'mysql://roundcube_user:steelcube@localhost/roundcube_db';
$config['default_host'] = 'ssl://localhost/';
$config['default_port'] = 993;
$config['smtp_server'] = 'tls://localhost/';
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['smtp_auth_type'] = 'LOGIN';
$config['smtp_conn_options'] = null;
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verfify_peer_name' => false,
),
);
$config['smtp_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
),
);
$config['smtp_port'] = 587;
$config['support_url'] = '';
$config['des_key'] = '[secret]';
$config['plugins'] = array('archive', 'zipdownload');
$config['mime_types'] = '/etc/httpd/conf/mime.types';
这给了我SMTP Error (535): Authentication failed发送电子邮件时的新错误。这里是roundcube error的内容
[18-Jan-2015 02:58:06 UTC] PHP Deprecated: Non-static method PEAR::raiseError() should not be called statically, assuming $this from incompatible context in /usr/share/webapps/roundcubemail/program/lib/Net/SMTP.php on line 371
[18-Jan-2015 02:58:06 UTC] PHP Deprecated: Non-static method PEAR::raiseError() should not be called statically, assuming $this from incompatible context in /usr/share/webapps//roundcubemail/program/lib/Net/SMTP.php on line 371
[18-Jan-2015 02:58:06 +0000]: SMTP Error: SMTP error: Failed to set sender /roundcubemail/program/lib/Net/SMTP.php on line 371'[username]@[mydomain]' in /usr/share/webapps/roundcubemail/program/lib/Roundcube/rcube.php on line 1505 (POST /roundcube/?_task=mail&_unlock=loading1421549886598&_lang=en_US&_framed=1?_task=mail&_action=send)
和邮件日志条目
Jan 18 20:18:21 steelhorse postfix/smtpd[1942]: connect from localhost.localdomain[127.0.0.1]
Jan 18 20:18:21 steelhorse postfix/smtpd[1942]: Anonymous TLS connection established from localhost.localdomain[127.0.0.1]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128
Jan 18 20:18:21 steelhorse postfix/smtpd[1942]: warning: localhost.localdomain[127.0.0.1]: SASL LOGIN authentication failed: Invalid authentication mechanism
Jan 18 20:18:21 steelhorse postfix/smtpd[1942]: disconnect from localhost.localdomain[127.0.0.1]
根据聊天中的要求,这是输出dovecot -a | grep auth_mechanism
auth_mechanisms = plain
好的,看起来您的 postfix、roundcube 和 dovecot 配置中存在太多不匹配。让我们一一分解。
这个日志行
warning: TLS library problem: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1293:SSL alert number
表示 PHP 无法验证对等证书,因为未知 CA。这是这个问题的完全重复问题:Roundcube & Postfix SMTP: SSLroutines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c。从你已经通过在圆立方体中添加这些行来解决的问题
$config['smtp_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
),
);
为此,我们必须查看 postfix 和 roundcube 日志以识别问题。真正的消息是在 postfix 日志文件中捕获的
Jan 18 20:18:21 steelhorse postfix/smtpd[1942]: warning: localhost.localdomain[127.0.0.1]: SASL LOGIN authentication failed: Invalid authentication mechanism
现在因为 postfix SASL 机制是由 dovecot 提供的,所以你应该检查 dovecot 提供的机制 run dovecot -a | grep auth_mechanism。
通过查看 roundcube$config['smtp_auth_type']和 dovecotauth_mechanisms配置,您可以看到这两者之间的不匹配。Dovecot 只提供 PLAIN 机制。但是圆形立方体被配置为使用登录机制。
解决方案可以是这些之一或两者
通过添加从 dovecot 端提供登录机制
auth_mechanisms = plain login
在 dovecot 配置中。
通过将参数更改为将 PLAIN login 设置为 roundcube side
$config['smtp_auth_type'] = 'PLAIN';