postfix中sasl tls不可用

rgw2qe

问题描述：
当我第一次编译好postfix的时候，添加进去了sasl和tls
第一次配置：测试postfix是支持sasl和tls的

1 2 3 4 5 6 7 8 9 10

[iyunv@node01 ~]# vim /etc/sasl2/smtpd.conf pwcheck_method: auxprop auxprop_plugin:sql mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM sql_engine: mysql sql_hostnames:localhost sql_user: extmail sql_passwd: extmail sql_database: extmail sql_select: SELECT password FROM mailbox WHERE username = '%u@%r'

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

[iyunv@node01 ~]# vim /etc/postfix/main.cf readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:800 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_uid_maps = static:800 smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_cache #smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,permit tls clientcerts,reject unauth destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = smtpd smtpd_sasl_type = cyrus smtpd_tls_CApath = /etc/pki/tls/certs smtpd_tls_received_header = yes smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth destination smtpd_tls_auth_only = yes

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

[iyunv@node1 sasl2]# telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. ehlo localhost 220 node1.mah.com ESMTP Postfix 250-node1.mah.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN CRAM-MD5 DIGEST-MD5 PLAIN    250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN

第二次：于是我继续安装了MailScanner：结果没有了

1	250-AUTH LOGIN CRAM-MD5 DIGEST-MD5 PLAIN

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

[iyunv@node01 ~]# telnet localhost smtp Trying ::1... Connected to localhost. Escape character is '^]'. 220 node01.mah.com ESMTP Postfix ehlo localhost 250-node01.mah.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN

第二次配置时：

1 2 3 4 5 6 7 8 9 10

[iyunv@node01 ~]# vim /etc/sasl2/smtpd.conf pwcheck_method: auxprop auxprop_plugin:sql mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM sql_engine: mysql sql_hostnames: localhost sql_user: extmail sql_passwd: extmail sql_database: extmail sql_select: SELECT password FROM mailbox WHERE username = '%u@%r'

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

[iyunv@node01 ~]# vim /etc/postfix/main.cf html_directory = no # manpage_directory: The location of the Postfix on-line manual pages. # manpage_directory = /usr/share/man # sample_directory: The location of the Postfix sample configuration files. # This parameter is obsolete as of Postfix 2.1. # sample_directory = /usr/share/doc/postfix-2.6.6/samples # readme_directory: The location of the Postfix README files. # readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:800 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_uid_maps = static:800 smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_cache #smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,permit tls clientcerts,reject unauth destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = smtpd smtpd_sasl_type = cyrus smtpd_tls_CApath = /etc/pki/tls/certs smtpd_tls_received_header = yes smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth destination smtpd_tls_auth_only = yes

这是我安装MailScanner +clamav+spammasassin时候的主要操作：   

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37

yum install spamassassin sa-compile -D freshclam /etc/init.d/clamd start [iyunv@node1 MailScanner]# pwd /etc/MailScanner [iyunv@node1 MailScanner]# ls archives.filename.rules.conf  country.domains.conf  MailScanner.conf         phishing.safe.sites.conf  spam.assassin.prefs.conf archives.filetype.rules.conf  filename.rules.conf   mcp                      reports                   spam.lists.conf conf.d                        filetype.rules.conf   phishing.bad.sites.conf  rules                     virus.scanners.conf [iyunv@node1 MailScanner]# vim MailScanner.conf Run As User = postfix     #将MailScanner运行程序的用户身份设置成postfix Run As Group = postfix    #将MailScanner运行程序的用户组身份设置成postfix MTA = postfix    #Virus Scanners = auto Virus Scanners = clamd     #使用clamd作为扫描程序 #Clamd Socket = /tmp/clamd.socket Clamd Socket = /var/run/clamav/clamd.sock Incoming Work User = clamav       Incoming Work Group = clamav   #Incoming Work Permissions = 0600   #修改此行 Incoming Work Permissions = 0640 #Spam Actions = deliver header "X-Spam-Status: Yes"    #将此行注释并添加，也许不应该将这行注释，对于6分以上10分一下的垃圾邮件依然投递，只是会在这个邮件header中添加一个垃圾的标记，这样发给收件人，由收件人判断是不是垃圾邮件 #如果判断是垃圾，动作：delete Spam Actions = delete               #High Scoring Spam Actions = store      #修改此行如下面 #如果判断是高分的垃圾，动作：delete High Scoring Spam Actions = delete    #设置待过滤处理的邮件队列目录，MailScanner负责过滤所有的邮件，当MailScanner接收到一个邮件的时候，首先，将邮件放入等待过滤目录中； #Incoming Queue Dir = /var/spool/mqueue.in Incoming Queue Dir = /var/spool/postfix/hold    #设置过滤处理后的邮件队列目录； #MailScanner过滤后，将得分不高的，被认为不是垃圾邮件的邮件，放入incoming队列中，等待寄送，当系统资源空闲的时候，将邮件从incomming队列放入active队列中，active将邮件寄送，寄送失败的话，就将邮件从active队列中寄送到defferred队列中，如果，等待了很久很久（具体我已经不清楚查资料）后，邮件仍无法寄出，那么就将邮件放入bounce队列中，等待返回给发送者； #Outgoing Queue Dir = /var/spool/mqueue     #修改 Outgoing Queue Dir = /var/spool/postfix/incoming

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

[iyunv@node1 ~]# telnet localhost smtp Trying ::1... Connected to localhost. Escape character is '^]'. 220 node1.mah.com ESMTP Postfix ehlo localhost 250-node1.mah.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from:<bill> 250 2.1.0 Ok rcpt to:<muahao> 250 2.1.5 Ok data 354 End data with <CR><LF>.<CR><LF> Today is fun! . 250 2.0.0 Ok: queued as DD8BB42DFD ^] telnet> q Connection closed.

1 2 3 4 5 6 7

[iyunv@node1 log]# tail -40 /var/log/maillog    Apr  2 15:20:40 node1 postfix/smtpd[26273]: connect from localhost[::1] Apr  2 15:21:13 node1 postfix/smtpd[26273]: DD8BB42DFD: client=localhost[::1] Apr  2 15:21:33 node1 postfix/cleanup[26280]: DD8BB42DFD: hold: header Received: from localhost (localhost [IPv6:::1])??by node1.mah.com (Postfix) with ESMTP id DD8BB42DFD??for <muahao>; Thu,  2 Apr 2015 15:21:02 +0800 (CST) from localhost[::1]; from=<bill@mah.com> to=<muahao@mah.com> proto=ESMTP helo=<localhost> Apr  2 15:21:33 node1 postfix/cleanup[26280]: DD8BB42DFD: message-id=<20150402072113.DD8BB42DFD@node1.mah.com> Apr  2 15:21:37 node1 postfix/smtpd[26273]: disconnect from localhost[::1]