web-dev-qa-db-ja.com

CourierへのExim4SMTP認証

最近、Courierを使用してUbuntu10.04サーバーにExim4をセットアップしました。ローカルメール配信ではすべてが正常に機能しています。不足しているのはSMTP認証だけです。 Courierのサーバーにアカウントを設定していますが、ホストに送信しようとすると、認証のプロンプトが表示されず、次のように報告されます。

Error while Sending message.

RCPT TO <[email protected]> failed: relay not permitted

「スーパーデバッグモード」でeximを実行し、次のメッセージを受け取りました。

Exim version 4.71 uid=0 gid=0 pid=28644 D=fbb95cfd
Berkeley DB: Berkeley DB 4.8.24: (August 14, 2009)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
GnuTLS compile-time version: 2.8.5
GnuTLS runtime version: 2.8.5
changed uid/gid: forcing real = effective
  uid=0 gid=0 pid=28644
  auxiliary group list: <none>
seeking password data for user "uucp": cache not available
getpwnam() succeeded uid=10 gid=10
configuration file is /var/lib/exim4/config.autogenerated
log selectors = 00000ffc 00612001
cwd=/etc/exim4 5 args: exim -d+acl+auth -oX 588 -bd
trusted user
admin user
seeking password data for user "mail": cache not available
getpwnam() succeeded uid=8 gid=8
seeking password data for user "mail": using cached result
getpwnam() succeeded uid=8 gid=8
user name "root" extracted from gecos field "root"
originator: uid=0 gid=0 login=root name=root
28644 daemon_smtp_port overridden by -oX:
28644   <: 588
28644 listening on 205.186.156.60 port 588
28644 changed uid/gid: running as a daemon
28644   uid=111 gid=113 pid=28644
28644   auxiliary group list: 113
28644 LOG: MAIN
28644   exim 4.71 daemon started: pid=28644, no queue runs, listening for SMTP on [205.186.156.60]:588
28644 set_process_info: 28644 daemon: no queue runs, listening for SMTP on [205.186.156.60]:588
28644 daemon running with uid=111 gid=113 euid=111 egid=113
28644 Listening...
28644 Connection request from 173.66.235.14 port 32994
28644 search_tidyup called
28644 1 SMTP accept process running
28644 Listening...
31812 sender_fullhost = [173.66.235.14]
31812 sender_rcvhost = [173.66.235.14]
31812 Process 31812 is handling incoming connection from [173.66.235.14]
31812 Host in Host_lookup? no (option unset)
31812 set_process_info: 31812 handling incoming connection from [173.66.235.14]
31812 Host in Host_reject_connection? no (option unset)
31812 Host in sender_unqualified_hosts? no (option unset)
31812 Host in recipient_unqualified_hosts? no (option unset)
31812 Host in helo_verify_hosts? no (option unset)
31812 Host in helo_try_verify_hosts? no (option unset)
31812 Host in helo_accept_junk_hosts? no (option unset)
31812 SMTP>> 220 dagobah.seacrow.org ESMTP Exim 4.71 Sat, 13 Nov 2010 22:20:22 -0500
31812 Process 31812 is ready for new message
31812 smtp_setup_msg entered
31812 SMTP<< EHLO [192.168.1.6]
31812 [192.168.1.6] in helo_lookup_domains? no (end of list)
31812 sender_fullhost = ([192.168.1.6]) [173.66.235.14]
31812 sender_rcvhost = [173.66.235.14] (helo=[192.168.1.6])
31812 set_process_info: 31812 handling incoming connection from ([192.168.1.6]) [173.66.235.14]
31812 Host in pipelining_advertise_hosts? yes (matched "*")
31812 Host in auth_advertise_hosts? yes (matched "*")
31812 Host in tls_advertise_hosts? no (option unset)
31812 SMTP>> 250-dagobah.seacrow.org Hello [192.168.1.6] [173.66.235.14]
31812 250-SIZE 52428800
31812 250-PIPELINING
31812 250 HELP
31812 SMTP<< MAIL FROM:<[email protected]>
31812 using ACL "acl_check_mail"
31812 processing "accept"
31812 accept: condition test succeeded
31812 SMTP>> 250 OK
31812 SMTP<< RCPT TO:<[email protected]>
31812 using ACL "acl_check_rcpt"
31812 processing "accept"
31812 check hosts = :
31812 Host in ":"? no (end of list)
31812 accept: condition test failed
31812 processing "deny"
31812 check domains = +local_domains
31812 search_open: dsearch "/etc/valiases"
31812 search_find: file="/etc/valiases"
31812   key="gmail.com" partial=-1 affix=NULL starflags=0
31812 LRU list:
31812   4/etc/valiases
31812   End
31812 internal_search_find: file="/etc/valiases"
31812   type=dsearch key="gmail.com"
31812 file lookup required for gmail.com
31812   in /etc/valiases
31812 lookup failed
31812 search_open: dsearch "/var/mail/virtual"
31812 search_find: file="/var/mail/virtual"
31812   key="gmail.com" partial=-1 affix=NULL starflags=0
31812 LRU list:
31812   4/var/mail/virtual
31812   4/etc/valiases
31812   End
31812 internal_search_find: file="/var/mail/virtual"
31812   type=dsearch key="gmail.com"
31812 file lookup required for gmail.com
31812   in /var/mail/virtual
31812 lookup failed
31812 gmail.com in "@:localhost:dsearch;/etc/valiases:dsearch;/var/mail/virtual"? no (end of list)
31812 gmail.com in "+local_domains"? no (end of list)
31812 deny: condition test failed
31812 processing "deny"
31812 check domains = !+local_domains
31812 cached no match for +local_domains
31812 cached lookup data = NULL
31812 gmail.com in "!+local_domains"? yes (end of list)
31812 check local_parts = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
31812 marco.ceppi.use in "^[./|] : ^.*[@%!`#&?] : ^.*/\.\./"? no (end of list)
31812 deny: condition test failed
31812 processing "accept"
31812 check local_parts = postmaster
31812 marco.ceppi.use in "postmaster"? no (end of list)
31812 accept: condition test failed
31812 processing "deny"
31812 check !acl = acl_local_deny_exceptions
31812 using ACL "acl_local_deny_exceptions"
31812 processing "accept"
31812 check hosts = ${if exists{/etc/exim4/Host_local_deny_exceptions}{/etc/exim4/Host_local_deny_exceptions}{}}
31812 Host in ""? no (end of list)
31812 accept: condition test failed
31812 processing "accept"
31812 check senders = ${if exists{/etc/exim4/sender_local_deny_exceptions}{/etc/exim4/sender_local_deny_exceptions}{}}
31812 [email protected] in ""? no (end of list)
31812 accept: condition test failed
31812 processing "accept"
31812 check hosts = ${if exists{/etc/exim4/local_Host_whitelist}{/etc/exim4/local_Host_whitelist}{}}
31812 Host in ""? no (end of list)
31812 accept: condition test failed
31812 processing "accept"
31812 check senders = ${if exists{/etc/exim4/local_sender_whitelist}{/etc/exim4/local_sender_whitelist}{}}
31812 [email protected] in ""? no (end of list)
31812 accept: condition test failed
31812 end of ACL "acl_local_deny_exceptions": implicit DENY
31812 check senders = ${if exists{/etc/exim4/local_sender_callout}{/etc/exim4/local_sender_callout}{}}
31812 [email protected] in ""? no (end of list)
31812 deny: condition test failed
31812 processing "accept"
31812 check hosts = +relay_from_hosts
31812 Host in ": 127.0.0.1 : ::::1"? no (end of list)
31812 Host in "+relay_from_hosts"? no (end of list)
31812 accept: condition test failed
31812 processing "accept"
31812 check authenticated = *
31812 accept: condition test failed
31812 processing "require"
31812 check domains = +local_domains : +relay_to_domains
31812 cached no match for +local_domains
31812 cached lookup data = NULL
31812 gmail.com in "empty"? no (end of list)
31812 gmail.com in "+local_domains : +relay_to_domains"? no (end of list)
31812 require: condition test failed
31812 SMTP>> 550 relay not permitted
31812 LOG: MAIN REJECT
31812   H=([192.168.1.6]) [173.66.235.14] F=<[email protected]> rejected RCPT <[email protected]>: relay not permitted
31812 SMTP<< QUIT
31812 SMTP>> 221 dagobah.seacrow.org closing connection
31812 LOG: smtp_connection MAIN
31812   SMTP connection from ([192.168.1.6]) [173.66.235.14] closed by QUIT
31812 search_tidyup called
28644 child 31812 ended: status=0x0
28644 0 SMTP accept processes now running
28644 Listening...

出力の上部にあるAuthenticators行に宅配便がリストされていないことに気付きました。私が直面している問題はこれだと私は信じています。宅配便を探す方法がわかりません。オーセンティケーターセクションに次のものがあります。

begin authenticators

plain_courier_authdaemon:
  driver = plaintext
  public_name = PLAIN
  server_condition = \
    ${extract {ADDRESS} \
              {${readsocket{/var/run/courier/authdaemon/socket} \
              {AUTH ${strlen:exim\nlogin\n$auth2\n$auth3\n}\nexim\nlogin\n$auth2\n$auth3\n} }} \
              {yes} \
              fail}
  server_set_id = $auth2
  .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
  server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
  .endif

login_courier_authdaemon:
  driver = plaintext
  public_name = LOGIN
  server_prompts = Username:: : Password::
  server_condition = \
    ${extract {ADDRESS} \
              {${readsocket{/var/run/courier/authdaemon/socket} \
              {AUTH ${strlen:exim\nlogin\n$auth1\n$auth2\n}\nexim\nlogin\n$auth1\n$auth2\n} }} \
              {yes} \
              fail}
  server_set_id = $auth1
  .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
  server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
  .endif


cram_md5:
  driver = cram_md5
  public_name = CRAM-MD5
  client_name = ${extract{1}{:}{${lookup{$Host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
  client_secret = ${extract{2}{:}{${lookup{$Host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}

PASSWDLINE=${sg{\
                ${lookup{$Host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
            }\
            {\\N[\\^]\\N}\
            {^^}\
        }

plain:
  driver = plaintext
  public_name = PLAIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
  client_send = "<; ${if !eq{$tls_cipher}{}\
                    {^${extract{1}{:}{PASSWDLINE}}\
             ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
           }fail}"
.else
  client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
            ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif

login:
  driver = plaintext
  public_name = LOGIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
  client_send = "<; ${if and{\
                          {!eq{$tls_cipher}{}}\
                          {!eq{PASSWDLINE}{}}\
                         }\
                      {}fail}\
                 ; ${extract{1}{::}{PASSWDLINE}}\
         ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.else
  client_send = "<; ${if !eq{PASSWDLINE}{}\
                      {}fail}\
                 ; ${extract{1}{::}{PASSWDLINE}}\
         ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif

(コメントは出力から削除されました)

1
Marco Ceppi

もちろん、尋ねてから数分後、そして尋ねる前に何時間も検索して、私はそれを理解しました。このメールサーバーでは(まだ)TLSを使用していないため、exim4.conf.templateファイルの先頭にAUTH_SERVER_ALLOW_NOTLS_PASSWORDS = trueを追加する必要がありました。

1
Marco Ceppi