各位好,最近在測試SENDMAIL + cyrus-sasl SMTP認證
一直無法在CLIENT端成功認證...找了網上相關資料設定方式都差不多,但試了很久還是不行
安裝環境
OS fedora 9
未架設DNS做解析,直接打IP
套件l:
sendmail-cf-8.14.2-4.fc9.i386
sendmail-8.14.2-4.fc9.i386
cyrus-sasl-lib-2.1.22-13.fc9.i386
cyrus-sasl-md5-2.1.22-13.fc9.i386
cyrus-sasl-2.1.22-13.fc9.i386
cyrus-sasl-plain-2.1.22-13.fc9.i386
dovecot.i386 1:1.0.13-6.fc9
設定內容
sendmail.mc
TRUST_AUTH_MECH(EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(
confAUTH_MECHANISMS', EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl DAEMON\_OPTIONS(
Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
修改以上其餘保留預設值
[root@mail mail]# m4 sendmail.mc > sendmail.cf
[root@mail mail]# vi /usr/lib/sasl2/Sendmail.conf
pwcheck_method:saslauthd 保預原內容
[root@mail mail]# vi /etc/sysconfig/saslauthd
MECH=pam 修改為MECH=shadow
[root@mail mail]# vi /etc/dovecot.conf
protocols = pop3
[root@mail mail]# /etc/init.d/saslauthd restart
[root@mail mail]# /etc/init.d/dovecot restart
[root@mail mail]# /etc/init.d/sendmail restart
測試
使用本機COM
[root@mail mail]# testsaslauthd -u yaojie -p yaojie
0: NO "authentication failed"
認證還是失敗 = =
log記錄
/var/log/message
Jul 18 02:53:35 mail saslauthd[3198]: do_auth : auth failure: [user=yaojie] [service=imap] [realm=] [mech=shadow] [reason=Unknown]
Client 郵件設定
使用OUTLOOK寄信測試,一直跳出要求輸入帳密....快瘋了 = =
/var/log/message
Jul 18 02:57:58 mail saslauthd[3201]: do_auth : auth failure: [user=yaojie] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
/var/log/maillog
Jul 18 02:57:58 mail sendmail[3313]: p6HIvw4A003313: [192.168.3.11] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
看了很多,大家作法都一樣,怎我一直都試不成功,希望有那位前輩可以指點指點一下..
sendmail.mc 一定要有這三行,你好像缺了第一行
define(confAUTH\_OPTIONS',
A')dnl
TRUST_AUTH_MECH(CRAM-MD5 DIGEST-MD5 LOGIN PLAIN')dnl define(
confAUTH_MECHANISMS',`CRAM-MD5 DIGEST-MD5 LOGIN PLAIN')dnl
/etc/sysconfig/saslauthd 不必把 MECH=pam 修改為MECH=shadow
用telnet測試
指令
telnet localhost 25
ehlo localhost
應該會有類似下列字串跑出,注意是否有250-AUTH那一行,有則表示設定ok。
250-local.sendmail.ORG Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-DSN
250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
250 HELP
建議執行指令「 testsaslauthd -u USER -p PASS -s smtp 」能得到「 0: OK "Success." 」的結果後,再進行client端的設定。謝謝。
雖然我很久沒用sendmail,但後來我比較喜歡用Postfix加上你用的認證方式。