故事是這樣的:我有二十個CentOS 6.9虛擬機,透過VHD上傳遷移到微軟的Azure雲端。部署後,我發現 Azure 不允許直接從 VM 發送電子郵件 - 我應該使用外部中繼。微軟似乎建議 Sendgrid 並且他們有免費套餐,所以我註冊了,根據他們的說明配置了 Postfix(見下文),然後……什麼都沒有。我無法讓 Postfix 與中繼 SMTP 伺服器或任何其他外部中繼進行身份驗證,例如我自己的 gzo.com 伺服器(在 cPanel 上的 exim )或 aruba.it (義大利託管提供者)。
我使用所有這些中繼在連接埠 587、2525 和 465 上進行了各種嘗試,每次 postmap-ping SASL 密碼檔案並重新啟動 Postfix,但都失敗並出現以下錯誤:
Mar 14 11:17:34 Riprid postfix/postfix-script[6664]: stopping the Postfix mail system
Mar 14 11:17:34 Riprid postfix/master[60718]: terminating on signal 15
Mar 14 11:17:34 Riprid postfix/postfix-script[6736]: starting the Postfix mail system
Mar 14 11:17:34 Riprid postfix/master[6737]: daemon started -- version 2.6.6, configuration /etc/postfix
Mar 14 11:20:00 Riprid postfix/pickup[6739]: 90887634B3: uid=0 from=<root>
Mar 14 11:20:00 Riprid postfix/cleanup[6914]: 90887634B3: message-id=<[email protected]>
Mar 14 11:20:00 Riprid postfix/qmgr[6740]: 90887634B3: from=<[email protected]>, size=437, nrcpt=1 (queue active)
Mar 14 11:20:02 Riprid postfix/smtp[6916]: warning: SASL authentication failure: No worthy mechs found
Mar 14 11:20:02 Riprid postfix/smtp[6916]: 90887634B3: SASL authentication failed; cannot authenticate to server smtp.sendgrid.net[161.202.148.160]: no mechanism available
Mar 14 11:20:03 Riprid postfix/smtp[6916]: warning: SASL authentication failure: No worthy mechs found
Mar 14 11:20:03 Riprid postfix/smtp[6916]: 90887634B3: to=<[email protected]>, relay=smtp.sendgrid.net[169.38.103.39]:587, delay=3.2, delays=0.06/0.03/3.1/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.sendgrid.net[169.38.103.39]: no mechanism available)
使用者憑證是正確的:我確實設法透過 telnet 從 Linux shell 連接到所有三台伺服器,打開 SMTP 會話,透過 AUTH PLAIN 和 AUTH LOGIN 成功進行身份驗證,並手動向自己發送測試訊息。只是Postfix做不到。
更令人費解的是:我將完全相同的配置複製到克隆了雲端中虛擬機的原始虛擬機(本地的內部 Hyper-V),並且它們通過相同的伺服器連接和發送郵件,沒有錯誤。 Azure 上的電腦與本機電腦相同,除了在 Azure 上執行所需的修改之外正如微軟所列出的。
我在谷歌上發現了幾十個建議,我都嘗試過,但沒有效果。我的想法(和時間)已經用完了。請建議:我還該看哪裡?我還能嘗試什麼?
這是配置(用戶和密碼模糊):
[root@Riprid zeta]# uname -a
Linux Riprid 2.6.32-696.20.1.el6.centos.plus.x86_64 #1 SMP Sun Jan 28 07:56:00 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@Riprid zeta]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
header_size_limit = 4096000
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mynetworks_style = host
newaliases_path = /usr/bin/newaliases.postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
relayhost = [smtp.sendgrid.net]:587
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_generic_maps = hash:/etc/postfix/generic
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_tls_CAfile = /etc/postfix/gd_bundle-g2-g1.crt
smtp_tls_security_level = may
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_tls_auth_only = no
unknown_local_recipient_reject_code = 550
[root@Riprid zeta]# cat /etc/postfix/sasl_passwd
[smtp.sendgrid.net]:587 azure_260************[email protected]:OL***0***w**
[root@Riprid zeta]# cat /etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
[root@Riprid zeta]# service saslauthd status
saslauthd (pid 28917) is running...
[root@Riprid zeta]# postconf -A
cyrus
[root@Riprid zeta]# yum list postfix cyrus*
...
Installed Packages
cyrus-sasl.x86_64 2.1.23-15.el6_6.2 @updates
cyrus-sasl-devel.x86_64 2.1.23-15.el6_6.2 @updates
cyrus-sasl-lib.x86_64 2.1.23-15.el6_6.2 @updates
cyrus-sasl-md5.x86_64 2.1.23-15.el6_6.2 @base
cyrus-sasl-ntlm.x86_64 2.1.23-15.el6_6.2 @base
cyrus-sasl-plain.x86_64 2.1.23-15.el6_6.2 @base
postfix.x86_64 2:2.6.6-8.el6.centos.plus @centosplus
最後,這是 saslfinger 的輸出:
[root@Riprid zeta]# saslfinger -c
saslfinger - postfix Cyrus sasl configuration Wed Mar 14 11:17:38 CET 2018
version: 1.0.2
mode: client-side SMTP AUTH
-- basics --
Postfix: 2.6.6
System: CentOS release 6.9 (Final)
-- smtp is linked to --
libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00007f79ea3db000)
-- active SMTP AUTH and TLS parameters for smtp --
relayhost = [smtp.sendgrid.net]:587
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_tls_CAfile = /etc/postfix/gd_bundle-g2-g1.crt
smtp_tls_security_level = may
-- listing of /usr/lib64/sasl2 --
total 640
drwxr-xr-x. 2 root root 4096 Mar 12 22:49 .
dr-xr-xr-x. 68 root root 45056 Mar 14 03:25 ..
-rwxr-xr-x. 1 root root 18776 Mar 25 2015 libanonymous.so
-rwxr-xr-x. 1 root root 18776 Mar 25 2015 libanonymous.so.2
-rwxr-xr-x. 1 root root 18776 Mar 25 2015 libanonymous.so.2.0.23
-rwxr-xr-x. 1 root root 22936 Mar 25 2015 libcrammd5.so
-rwxr-xr-x. 1 root root 22936 Mar 25 2015 libcrammd5.so.2
-rwxr-xr-x. 1 root root 22936 Mar 25 2015 libcrammd5.so.2.0.23
-rwxr-xr-x. 1 root root 52088 Mar 25 2015 libdigestmd5.so
-rwxr-xr-x. 1 root root 52088 Mar 25 2015 libdigestmd5.so.2
-rwxr-xr-x. 1 root root 52088 Mar 25 2015 libdigestmd5.so.2.0.23
-rwxr-xr-x. 1 root root 18808 Mar 25 2015 liblogin.so
-rwxr-xr-x. 1 root root 18808 Mar 25 2015 liblogin.so.2
-rwxr-xr-x. 1 root root 18808 Mar 25 2015 liblogin.so.2.0.23
-rwxr-xr-x. 1 root root 35376 Mar 25 2015 libntlm.so
-rwxr-xr-x. 1 root root 35376 Mar 25 2015 libntlm.so.2
-rwxr-xr-x. 1 root root 35376 Mar 25 2015 libntlm.so.2.0.23
-rwxr-xr-x. 1 root root 18808 Mar 25 2015 libplain.so
-rwxr-xr-x. 1 root root 18808 Mar 25 2015 libplain.so.2
-rwxr-xr-x. 1 root root 18808 Mar 25 2015 libplain.so.2.0.23
-rwxr-xr-x. 1 root root 22784 Mar 25 2015 libsasldb.so
-rwxr-xr-x. 1 root root 22784 Mar 25 2015 libsasldb.so.2
-rwxr-xr-x. 1 root root 22784 Mar 25 2015 libsasldb.so.2.0.23
-- listing of /etc/sasl2 --
total 20
drwxr-xr-x. 2 root root 4096 Sep 19 15:39 .
drwxr-xr-x. 110 root root 12288 Mar 14 03:23 ..
-rw-r--r--. 1 root root 49 Feb 21 16:39 smtpd.conf
-- permissions for /etc/postfix/sasl_passwd --
-rw-------. 1 root root 90 Mar 14 11:17 /etc/postfix/sasl_passwd
-- permissions for /etc/postfix/sasl_passwd.db --
-rw-------. 1 root root 12288 Mar 14 11:17 /etc/postfix/sasl_passwd.db
/etc/postfix/sasl_passwd.db is up to date.
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
-- mechanisms on [smtp.sendgrid.net]:587 --
-- end of saslfinger output --
答案1
我在 Red Hat Enterprise Linux Server 6.9 版(聖地牙哥)中遇到了相同的問題,這與缺少 rpm 函式庫有關(賽勒斯-sasl-plain-2.1.23-15.el6_6.2.x86_64),安裝後我已經解決了這個問題。
請檢查您的系統中是否正確安裝了以下所有 rpm,以避免 SASL 驗證出現其他問題:
賽勒斯-sasl-gssapi-2.1.23-15.el6_6.2.x86_64 賽勒斯-sasl-2.1.23-15.el6_6.2.x86_64 賽勒斯-sasl-lib-2.1.23-15. el6_6.2.x86_64 賽勒斯-sasl-plain-2.1.23-15.el6_6.2.x86_64