Всем добра.
Настроил почту в локальной сети, почта приходит уходит отлично и на сервер и с сервера.
Начал настраивать авторизацию для удаленных клиентов и как то не пошло.
При попытке добавления почтового ящика в Thunderbird находятся настройки без ошибок почта добавляется, но при попытке отправить письмо выдается запрос на ввод пароля, ввод безуспешный. В настройках Thunderbird пробовал ставить простой пароль и зашифрованный пароль результата нет.
В логе /var/log/mail.log
Feb 11 21:58:14 test3 postfix/smtpd[11611]: warning: hostname test2.0.168.192.in-addr.arpa does not resolve to address 192.168.0.159: Name or service not known
Feb 11 21:58:14 test3 postfix/smtpd[11611]: connect from unknown[192.168.0.159]
Feb 11 21:58:14 test3 postfix/smtpd[11611]: Anonymous TLS connection established from unknown[192.168.0.159]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)
Feb 11 21:58:14 test3 postfix/smtpd[11611]: warning: unknown[192.168.0.159]: SASL CRAM-MD5 authentication failed: authentication failure
doveconf -n
doveconf -n
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.19.0-6-amd64 x86_64 Debian 10.2 ext4
# Hostname: test3.lan
auth_default_realm = test.lan
auth_master_user_separator = *
auth_mechanisms = PLAIN LOGIN
debug_log_path = /var/log/dovecot/debug.log
first_valid_uid = 1001
info_log_path = /var/log/dovecot/info.log
last_valid_uid = 1001
listen = * [::]
log_path = /var/log/dovecot/main.log
mail_gid = 1001
mail_location = maildir:/var/mail/%d/%n/
mail_plugins = mailbox_alias acl
mail_uid = 1001
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace {
inbox = yes
location =
mailbox Archive {
auto = no
special_use = \Archive
}
mailbox Archives {
auto = no
special_use = \Archive
}
mailbox "Deleted Messages" {
auto = no
special_use = \Trash
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox "Junk E-mail" {
auto = no
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Items" {
auto = no
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
special_use = \Sent
}
mailbox Spam {
auto = no
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
type = private
}
namespace {
list = children
location = maildir:%%h:INDEX=%h/shared/%%u
prefix = Shared/%%u/
separator = /
subscriptions = yes
type = shared
}
passdb {
args = /etc/dovecot/dovecot-mysql.conf
driver = sql
}
plugin {
acl = vfile
acl_shared_dict = file:/var/mail/shared-folders/shared-mailboxes.db
auth_socket_path = /var/run/dovecot/auth-master
mailbox_alias_new = Sent Messages
mailbox_alias_new2 = Sent Items
mailbox_alias_old = Sent
mailbox_alias_old2 = Sent
sieve = /var/mail/sieve/%u.sieve
}
protocols = imap pop3 sieve lmtp
service auth {
unix_listener /var/spool/postfix/private/dovecot-auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-master {
group = vmail
mode = 0666
user = vmail
}
unix_listener auth-userdb {
group = vmail
mode = 0660
user = vmail
}
}
service imap-login {
process_limit = 500
service_count = 1
}
service lmtp {
inet_listener lmtp {
address = 127.0.0.1
port = 24
}
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service pop3-login {
service_count = 1
}
ssl = required
ssl_cert = </etc/postfix/certs/cert.pem
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
userdb {
args = /etc/dovecot/dovecot-mysql.conf
driver = sql
}
protocol lda {
auth_socket_path = /var/run/dovecot/auth-master
deliver_log_format = mail from %f: msgid=%m %$
info_log_path = /var/log/dovecot/lda-deliver.log
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
log_path = /var/log/dovecot/lda-errors.log
mail_plugins = mailbox_alias acl sieve
postmaster_address = root
}
protocol lmtp {
info_log_path = /var/log/dovecot/lmtp.log
lmtp_save_to_detail_mailbox = yes
mail_plugins = quota sieve
postmaster_address = postmaster
recipient_delimiter = +
}
protocol imap {
imap_client_workarounds = tb-extra-mailbox-sep
mail_max_userip_connections = 30
mail_plugins = mailbox_alias acl imap_acl
}
protocol pop3 {
mail_max_userip_connections = 30
mail_plugins = mailbox_alias acl
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = %08Xu%08Xv
}
postconf -n
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
compatibility_level = 2
disable_vrfy_command = yes
home_mailbox = /var/mail/
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mua_client_restrictions = permit_sasl_authenticated, reject
mua_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit
mua_sender_restrictions = permit_sasl_authenticated, reject
readme_directory = no
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc_maps
recipient_delimiter = +
relayhost =
sender_bcc_maps = hash:/etc/postfix/sender_bcc_maps
smtp_always_send_ehlo = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_multi_recipient_bounce
smtpd_delay_reject = yes
smtpd_discard_ehlo_keywords = etrn, silent-discard
smtpd_forbidden_commands = CONNECT GET POST
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname
smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_multi_recipient_bounce, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_restriction_classes = mua_sender_restrictions, mua_client_restrictions, mua_helo_restrictions
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/certs/cert.pem
smtpd_tls_key_file = /etc/postfix/certs/key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_gid_maps = static:1001
virtual_mailbox_base = /var/mail/
virtual_mailbox_domains = hash:/etc/postfix/virtual_mailbox_domain
virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_recipients.cf
virtual_uid_maps = static:1001
postconf -a
cyrus
dovecot
postconf -A
cyrus
файл /var/spool/postfix/usr/lib/sasl2/smtpd.conf имеет вид
но сомнения в правильности его составления и расположения
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
sql_engine: mysql
sql_hostnames: 127.0.0.1, 192.0.2.1
sql_user: postfix
sql_passwd: postfix123
sql_database: postfix
sql_select: SELECT password FROM mailbox WHERE user = '%u@%r'
как я понял postfix при отправке не может проверить пароль пользователя
пробовал добавить параметр
smtp_sasl_password_maps = mysql:/etc/postfix/mysql-sasl.cf
при проверки выдает
postmap -q 'my_test@test.lan' mysql:/etc/postfix/mysql-sasl.cf
$1$1f5fa377$0klm6ccibnmLlTTjOB1WQ.