Postfix電子メールサーバーをセットアップしようとして、Postfixサービスのtelnetセッションでコマンド「auth login」を使用すると、次のエラーが発生しました。
535 5.7.8 Error: authentication failed: generic failure
warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
以下のリンクに従ってサービスをセットアップしました。
buntu 16.04でPostfixをインストールおよび設定する方法
コンピューターに「postmaster」と「yida」の2人のユーザーを作成しました。 「postmaster」はs-nailメールを使用してメールを受信できませんでしたが、「yida」に送信できましたが、「yida」は「postmaster」のようにローカルユーザーとのみメールを送受信できました。
メールログには次の問題があります。
postfix/smtp[3386]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c11::1a]:25: Network is unreachable
これは、自分のGmailアカウントにメールを送信しようとしたときに発生します。
興味深いのは、認証を断念し、テスト用のtelnetセッションで「mail from」コマンドを入力し続け、サーバーから「OK」応答が返されたことです。 Postfixは認証を必要としていないようです。
以下の関連ファイルをご覧ください。
/etc/postfix/master.cf
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
#submission inet n - y - - smtpd
-o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
/etc/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = server.sample.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, sample.com, server.sample.com, localhost.sample.com, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/
virtual_alias_maps = hash:/etc/postfix/virtual
# SASL SUPPORT FOR CLIENTS
#
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail clients.
smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_relay_domains
compatibility_level = 2
/etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
/etc/s-nail.rc
#@ s-nail.rc
#@ Configuration file for S-nail(1) v14.8.6
# S-nail(1): v14.8.6 / 2015-12-28
## The standard POSIX 2008/Cor 1-2013 mandates the following initial settings:
# (Keep in sync: ./main.c:_startup(), ./nail.rc, ./nail.1:"Initial settings"!)
# [a] noallnet, noappend, asksub, noaskbcc, noaskcc, noautoprint,
# [b-e] nobang, nocmd, nocrt, nodebug, nodot, escape="~",
# [f-i] noflipr, nofolder, header, nohold, noignore, noignoreeof,
# [j-o] nokeep, nokeepsave, nometoo, nooutfolder,
# [p-r] nopage, Prompt="? ", noquiet, norecord,
# [s] save, nosendwait, noshowto, nosign, noSign,
# [t-z] toplines="5"
# Notes:
# - no*onehop* doesn't exist in this implementation.
# (To pass options through to an MTA, either add them after a "--" separator
# on the command line or by setting the *sendmail-arguments* variable.)
# - *Prompt* is "\\& " by default, which will act POSIX-compliant
# unless the user would set *bsdcompat*
## The remaining content adjusts the standard-imposed default settings.
# Note that some of the following flags are specific to S-nail(1) and may thus
# not work with other Mail(1) / mailx(1) programs.
# Entries are marked [OPTION] if their availability is compile-time dependent
## Variables
# If threaded mode is activated, automatically collapse thread
set autocollapse
# Enter threaded mode automatically
#set autosort=thread
# Append rather than prepend when writing to mbox automatically.
# This has no effect unless *hold* is unset (it is set below)
set append
# Ask for a message subject.
set ask
# *bsdannounce* prints a header summary on folder change and thus complements
# *header* on a per-folder basis (it is meaningless unless *header* is set)
set bsdannounce
# Uncomment this in order to get coloured output in $PAGER.
# (Coloured output is only used if $TERM is either found in *colour-terms*
# or includes the string "color")
#set colour-pager
# Assume a CRT-like terminal and invoke a $PAGER
set crt
# Define date display in header summary
#set datefield="%R %m-%d" datefield-markout-older=" %g-%m-%d"
# When composing messages a line consisting of `.' finalizes a message
set dot
# Immediately start $EDITOR (or $VISUAL) when composing a message
#set editalong
# Startup into interactive mode even if the (given) mailbox is empty
#set emptystart
# When replying to or forwarding a message the comment and name parts of email
# addresses are removed unless this variable is set.
#set fullnames
# [OPTION] Add more entries to the history as is done by default
set history-gabby
# Do not forward to mbox by default since this is likely to be
# irritating for most users today; also see *keepsave*
set hold
# Quote the original message in replies by "> " as usual on the Internet
set indentprefix="> "
# Mark messages that have been answered
set markanswered
# Try to circumvent false or missing MIME Content-Type descriptions
# (Can be set to values for extended behaviour, please see the manual.)
set mime-counter-evidence
# Control loading of mime.types(5) file: the value may be a combination of the
# letters "s" and "u": if "u" is seen ~/.mime.types will be loaded if possible;
# "s" adds /etc/mime.types, if available; setting this without any value uses
# only a set of builtin mimetypes; the default behaviour equals "us".
# An extended syntax that allows loading of other, specified files is available
# if the value contains an equal sign "=", see the manual for more
#set mimetypes-load-control
# Do not remove empty mail folders.
# This may be relevant for privacy since other users could otherwise create
# them with different permissions
set keep
# Do not move `save'd or `write'n message to mbox by default since this is
# likely to be irritating for most users today; also see *hold*
set keepsave
# When writing mailbox files we strip Content-Length: and Lines: header fields
# from edited / changed messages, because S-nail doesn't deal with these
# (non-standard) fields -- and since other MUAs may rely on their content, if
# present, it seems more useful to strip them than to keep them, now that they
# became invalid; set this to include them nonetheless
#set keep-content-length
# A Nice Prompt for ISO 6429/ECMA-48 terminals
#set Prompt="\033[31m?\?[\$ \@]\& \033[0m"
# Automatically quote the text of the message that is responded to
set quote
# On group replies, specify only the sender of the original mail in To: and
# mention it's other recipients in the secondary Cc: instead of placing them
# all together in To:
set recipients-in-cc
# When responding to a message, try to answer in the same character set
#set reply-in-same-charset
# [OPTION] Outgoing messages are sent in UTF-8 if possible, otherwise LATIN1.
# Note: it is highly advisable to read the section "Character sets" of the
# manual in order to understand all the possibilities that exist to fine-tune
# charset usage (variables also of interest: *ttycharset*, *charset-8bit*,
# *sendcharsets-else-ttycharset*; and of course we inherit the $LC_CTYPE /
# $LC_ALL / $LANG environment variables and react upon them)
set sendcharsets=utf-8,iso-8859-1
# When sending a message wait until the MTA (including the builtin SMTP one)
# exits before accepting further commands. Only with this variable set errors
# reported by the MTA will be recognizable!
#set sendwait
# Display real sender names in header summaries instead of only addresses
set showname
# Show recipients of messages sent by the user himself in header summaries
set showto
## Commands
# Only include these selected header fields when forwarding messages
fwdretain subject date from to
# Only include the selected header fields when printing messages
retain date from to cc subject message-id mail-followup-to reply-to
## Some pipe-TYPE/SUBTYPE entries
# HTML as text, inline display via lynx(1)
#if $features !@ HTML-FILTER
# set pipe-text/html="lynx -stdin -dump -force_html"
#endif
# PDF display, asynchronous display via xpdf(1)
#set pipe-application/pdf="@&set -C;\
# : > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\
# trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" \
# EXIT INT QUIT PIPE TERM;\
# set +C;\
# cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\
# xpdf \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\""
# s-it-mode
#Added according to docs found in internet.
set emptystart
set folder=Maildir
set record=+sent
/ etc/default/saslauthd
#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#
# Should saslauthd run automatically on startup? (default: no)
START=yes
# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"
# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"
# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="shadow"
# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""
# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5
# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Example for non-chroot Postfix users: "-c -m /var/run/saslauthd"
#
# To know if your Postfix is running chroot, check /etc/postfix/master.cf.
# If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd"
# then your Postfix is running in a chroot.
# If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT
# running in a chroot.
OPTIONS="-c -m /var/run/saslauthd"
次の2つのことを達成したいと思います。1.「auth login」を正しく機能させます。 2.両方のユーザーが、Gmailアカウントなど、外部にメールを送信できるようにします。事前に助けてくれてありがとう。
postfix/smtp[3386]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c11::1a]:25: Network is unreachable
これは、IPv6が試行されるが、利用できないというヒントです。お使いのコンピューターはIPv6接続性を持っていると信じているようですが、実際にはIPv6接続性はありません。おそらく、IPv6を完全に無効にしてみてください:
/etc/sysctl.conf
に次の行を追加します。
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
そして再起動します。これにより、IPv6が無効になり、IPv4の使用が強制されます。その後、もう一度電子メールを送信してください。
さらに、postfixは認証なしでメールを受け入れますが、if宛先は設定されたドメインの1つではなく、設定で電子メールの中継を許可しないため、宛先を拒否します。これは重要!オープンリレーは即座にスパムソースに変わります...
これはラインで設定されます
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
認証の失敗に関しては、おそらくログインメソッドauth login
が設定に対して有効なsasl認証メカニズムではないためです。おそらくauth plain
を探しています。ほとんどの認証プロトコルをサポートするThunderbirdなどの電子メールクライアントからログインしてみてください。