Eu tinha uma configuração de postfix / dovecot funcionando em uma máquina Ubuntu Server 14.04 LTS. Então fiz uma atualização para 16.04.2 usando do-release-upgrade . Tudo parecia funcionar além do meu serviço de correio.
Antes da atualização tudo funcionou, mas agora eu tenho um comportamento estranho. Quando eu conecto da LAN interna, nenhum erro ocorre no lado do cliente, mas nenhum email é exibido, também não há pastas, etc., parece que o servidor de email está vazio. Mas quando tento me conectar de fora (ou seja, mxtoolbox) eu recebo You hung up on us after we connected. Please whitelist us. (connection lost) .
No syslog ocorre o seguinte:
postfix/smtpd[26657]: connect from pws3.mxtoolbox.com[64.20.227.134]
dovecot: auth: Warning: sql: Ignoring changed user_query in /etc/dovecot/dovecot-sql.conf.ext, because us$
postfix/smtpd[26657]: fatal: no SASL authentication mechanisms
postfix/master[21009]: warning: process /usr/lib/postfix/sbin/smtpd pid 26657 exit status 1
postfix/master[21009]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
Já verifiquei o erro no SASL, mas não consegui encontrar o problema. libsasl2-modules está instalado e o serviço saslauthd está em execução, não alterei nada na configuração antes ou depois da atualização.
Estou usando o banco de dados postfix, dovecot e mysql para o sistema de e-mails.
postconf -n
append_dot_mydomain = no
biff = no
dovecot_destination_recipient_limit = 1
inet_interfaces = all
inet_protocols = all
local_recipient_maps = $virtual_mailbox_maps
mailbox_size_limit = 51200000
message_size_limit = 51200000
mydestination =
myhostname = mymaildomain.tld
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client sbl.spamhaus.org, check_client_access cidr:/etc/postfix/ip-block, permit
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client sbl.spamhaus.org, check_client_access cidr:/etc/postfix/ip-block
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noplaintext
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_cert_file = /etc/letsencrypt/live/koehnkenet.de/fullchain.pem
smtpd_tls_ciphers = high
smtpd_tls_key_file = /etc/letsencrypt/live/koehnkenet.de/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual/mysql-aliases.cf, proxy:mysql:/etc/postfix/virtual/mysql_virtual_alias_domain_maps.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual/mysql-domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual/mysql-maps.cf, proxy:mysql:/etc/postfix/virtual/mysql_virtual_alias_domain_mailbox_maps.cf, proxy:mysql:/etc/postfix/virtual/mysql_virtual_alias_domain_catchall_maps.cf
virtual_transport = dovecot
status do systemctl dovecot -l
dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
Active: active (running) since Di 2017-05-02 00:59:41 CEST; 10h ago
Docs: man:dovecot(1)
http://wiki2.dovecot.org/
Process: 21507 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS)
Process: 21512 ExecStart=/usr/sbin/dovecot (code=exited, status=0/SUCCESS)
Main PID: 21515 (dovecot)
CGroup: /system.slice/dovecot.service
├─21515 /usr/sbin/dovecot
├─21516 dovecot/anvil
├─21517 dovecot/log
├─21542 dovecot/config
├─26588 dovecot/imap-login
├─26592 dovecot/imap
├─26662 dovecot/imap-login
├─26666 dovecot/imap
├─26679 dovecot/auth
├─26680 dovecot/ssl-params
└─26685 dovecot/auth -w
postfix de status do systemctl -l
postfix.service - LSB: Postfix Mail Transport Agent
Loaded: loaded (/etc/init.d/postfix; bad; vendor preset: enabled)
Drop-In: /run/systemd/generator/postfix.service.d
└─50-postfix-$mail-transport-agent.conf
Active: active (running) since Di 2017-05-02 00:28:49 CEST; 11h ago
Docs: man:systemd-sysv-generator(8)
Process: 20854 ExecStop=/etc/init.d/postfix stop (code=exited, status=0/SUCCESS)
Process: 20883 ExecStart=/etc/init.d/postfix start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/postfix.service
├─21009 /usr/lib/postfix/sbin/master
├─21011 qmgr -l -t fifo -u
├─21015 tlsmgr -l -t unix -u -c
└─25923 pickup -l -t fifo -u -c
systemctl status saslauthd -l
saslauthd.service - LSB: saslauthd startup script
Loaded: loaded (/etc/init.d/saslauthd; bad; vendor preset: enabled)
Active: active (running) since Di 2017-05-02 00:27:59 CEST; 11h ago
Docs: man:systemd-sysv-generator(8)
Process: 20756 ExecStop=/etc/init.d/saslauthd stop (code=exited, status=0/SUCCESS)
Process: 20775 ExecStart=/etc/init.d/saslauthd start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/saslauthd.service
├─20799 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5
├─20800 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5
├─20801 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5
├─20802 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5
└─20803 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5
Mai 02 00:27:59 Mydomain systemd[1]: Starting LSB: saslauthd startup script...
Mai 02 00:27:59 Mydomain saslauthd[20775]: * Starting SASL Authentication Daemon saslauthd
Mai 02 00:27:59 Mydomain saslauthd[20799]: detach_tty : master pid is: 20799
Mai 02 00:27:59 Mydomain saslauthd[20799]: ipc_init : listening on socket: /var/run/saslauthd/mux
Mai 02 00:27:59 Mydomain saslauthd[20775]: ...done.
Mai 02 00:27:59 Mydomain systemd[1]: Started LSB: saslauthd startup script.
/etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/mydomain.tld/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mydomain.tld/privkey.pem
smtpd_use_tls=yes
# Disable SSLv2/3 as they are vulnerable
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_ciphers = high
smtpd_tls_loglevel = 1
myhostname = mydomain.tld
myorigin = /etc/mailname
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 51200000
message_size_limit = 51200000
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
###### SASL Auth ######
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noplaintext
###### Use Dovecot LMTP Service to deliver Mails to Dovecot ######
#virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_transport = dovecot
dovecot_destination_recipient_limit=1
##### Only allow mail transport if client is authenticated or in own network (PHP Scripts, ...) ######
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client sbl.spamhaus.org,
check_client_access cidr:/etc/postfix/ip-block,
permit
smtpd_sender_restrictions = reject_unknown_sender_domain
###### MySQL Connection ######
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual/mysql-aliases.cf, proxy:mysql:/etc/postfix/virtual/mysql_virtual_alias_domain_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual/mysql-maps.cf, proxy:mysql:/etc/postfix/virtual/mysql_virtual_alias_domain_mailbox_maps.cf, proxy:mysql:/etc/postfix/virtual/mysql_virtual_alias_domain_catchall_maps.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual/mysql-domains.cf
local_recipient_maps = $virtual_mailbox_maps
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client sbl.spamhaus.org, check_client_access cidr:/etc/postfix/ip-block
/etc/postfix/master.cf
smtp inet n - y - - smtpd
dovecot unix - n n - - pipe
flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}
doveconf -n
# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)
# OS: Linux 4.4.0-75-generic x86_64 Ubuntu 16.04.2 LTS
auth_mechanisms = plain login
base_dir = /var/run/dovecot/
first_valid_uid = 150
last_valid_uid = 150
mail_gid = mail
mail_home = /media/daten/vmail/%d/%n
mail_location = maildir:~/mail:LAYOUT=fs
mail_privileged_group = mail
mail_uid = vmail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
postmaster_address = [email protected]
protocols = " imap lmtp"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = mail
mode = 0600
user = vmail
}
}
service lmtp {
unix_listener lmtp {
group = postfix
mode = 0660
user = postfix
}
user = vmail
}
ssl = required
ssl_cert = </etc/letsencrypt/live/mydomain.tld/fullchain.pem
ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_key = </etc/letsencrypt/live/mydomain.tld/privkey.pem
O MySQL está funcionando e as credenciais também estão funcionando, as consultas sql para o dovecot também estão funcionando e gerando dados corretos, quando eu tento usá-las no phpmyadmin, o postfixadmin também está funcionando. o disco rígido está montado e o caminho também está correto, a pasta do vmail está contendo e-mails e pastas, etc. Eu não sei porque eu não consigo me conectar a partir da web pública, mas apenas da rede local e não há e-mails ou pastas na caixa postal.
Eu encontrei o problema. O problema foi que eu usei
smtpd_sasl_security_options = noanonymous,noplaintext
mas não definiu smtpd_tls_auth_only = yes , então as conexões de texto simples foram recusadas instantaneamente.
Encontrou a resposta aqui: link