Назад | Перейти на главную страницу

Уведомления отслеживания (smtp) и Postfix

У меня два отдельных сервера ubuntu 12.04.

  1. Запускает Trac (домашний сервер / Dyndns)
  2. Запускает postfix (VPS / staticIP)

Я настроил trac для использования TLS и подключения к серверу postfix.

Конфигурация Trac:

admit_domains =
always_notify_owner = true
always_notify_reporter = true
always_notify_updater = true
ambiguous_char_width = single
email_sender = SmtpEmailSender
ignore_domains =
mime_encoding = base64
sendmail_path = sendmail
smtp_always_bcc =
smtp_always_cc = sandro@weare.de.com
smtp_default_domain =
smtp_enabled = true
smtp_from = trac@weare.de.com
smtp_from_name = Trac
smtp_password = randompassstring==
smtp_port = 587
smtp_replyto = trac@weare.de.com
smtp_server = vps.idev.ge
smtp_subject_prefix = __default__
smtp_user = trac@weare.de.com
ticket_subject_template = $prefix #$ticket.id: $summary
use_public_cc = false
use_short_addr = false
use_tls = true

Когда я пытаюсь отправить уведомление, Trac говорит:

ERROR: Failure sending notification on change to ticket #1: SMTPAuthenticationError: (535, '5.7.8 Error: authentication failed: authentication failure')

Постфикс говорит:

Anonymous TLS connection established from unknown[78.139.167.29]: TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
warning: SASL authentication failure: incorrect digest response
warning: unknown[78.139.167.29]: SASL CRAM-MD5 authentication failed: authentication failure

postconf -n вывод

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
delay_warning_time = 4h
disable_vrfy_command = yes
inet_interfaces = all
local_recipient_maps =
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
masquerade_domains = vps.idev.ge www.idev.ge !sub.idev.ge
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
mydestination =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = host
myorigin = vps.idev.ge
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_helo_timeout = 60s
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_limit = 16
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:::1:10023, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_soft_error_limit = 3
smtpd_tls_CAfile = /etc/apache2/ssl/vps.idev.ge/PositiveSSLCA2.crt
smtpd_tls_cert_file = /etc/apache2/ssl/vps.idev.ge/vps.idev.ge.crt
smtpd_tls_key_file = /etc/apache2/ssl/vps.idev.ge/vps.idev.ge.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_maildir_extended = yes
virtual_maildir_limit_message = Sorry, the user's maildir has no space available in their inbox.
virtual_overquota_bounce = yes
virtual_uid_maps = static:5000

Есть мысли, что здесь происходит?

ТЕСТ:

openssl s_client -starttls smtp -crlf -connect vps.idev.ge:587

AUTH PLAIN, AUTH LOGIN работал нормально. Кажется CRAM-MD5 и DIGEST-MD5 работают некорректно.

Trac, видя лучшие методы, пытался их использовать, но безуспешно. В trac нет механизма отката.

Временное исправление в /etc/postfix/sasl/smtpd.con

#mech_list: plain login cram-md5 digest-md5
mech_list: plain login

Очевидно, это не лучшее решение. Хорошо бы исправить CRAM-MD5 и DIGEST-MD5. Но это временно.