从折旧的 smtpd_recipient_restrictions 迁移到 smtpd_relay_restrictions 后,用户的出站 smtp 挂起,这些是我在日志中发现的错误。“auxpropfunc 错误版本与插件不匹配”和“插件的 sasl_auxprop_plug_init 上的 _sasl_plugin_load 失败:sql”
emailer1 saslfinger-1.0.3 # ./saslfinger -s
saslfinger - postfix Cyrus sasl configuration Fri Aug 30 00:48:43 UTC 2013
version: 1.0.2
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.10.1
System: Gentoo Base System release 2.2
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00007f262e22a000)
libsasl2.so.3 => /usr/lib64/libsasl2.so.3 (0x00007f262d6cc000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/ssl/postfix/nyctelecomm.com.crt
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/postfix/nyctelecomm.com.crt
smtpd_tls_key_file = /etc/ssl/postfix/nyctelecomm.com.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
-- listing of /usr/lib64/sasl2 --
total 1180
drwxr-xr-x 2 root root 4096 Aug 11 20:29 .
drwxr-xr-x 43 root root 12288 Aug 28 18:22 ..
-rwxr-xr-x 1 root root 18632 Aug 11 20:29 libanonymous.so
-rwxr-xr-x 1 root root 18632 Aug 11 20:29 libanonymous.so.3
-rwxr-xr-x 1 root root 18632 Aug 11 20:29 libanonymous.so.3.0.0
-rwxr-xr-x 1 root root 22760 Aug 11 20:29 libcrammd5.so
-rwxr-xr-x 1 root root 22760 Aug 11 20:29 libcrammd5.so.3
-rwxr-xr-x 1 root root 22760 Aug 11 20:29 libcrammd5.so.3.0.0
-rwxr-xr-x 1 root root 56040 Aug 11 20:29 libdigestmd5.so
-rwxr-xr-x 1 root root 56040 Aug 11 20:29 libdigestmd5.so.3
-rwxr-xr-x 1 root root 56040 Aug 11 20:29 libdigestmd5.so.3.0.0
-rwxr-xr-x 1 root root 18632 Aug 11 20:29 liblogin.so
-rwxr-xr-x 1 root root 18632 Aug 11 20:29 liblogin.so.3
-rwxr-xr-x 1 root root 18632 Aug 11 20:29 liblogin.so.3.0.0
-rwxr-xr-x 1 root root 35208 Aug 11 20:29 libntlm.so
-rwxr-xr-x 1 root root 35208 Aug 11 20:29 libntlm.so.3
-rwxr-xr-x 1 root root 35208 Aug 11 20:29 libntlm.so.3.0.0
-rwxr-xr-x 1 root root 109056 Aug 11 20:29 libotp.so
-rwxr-xr-x 1 root root 109056 Aug 11 20:29 libotp.so.3
-rwxr-xr-x 1 root root 109056 Aug 11 20:29 libotp.so.3.0.0
-rwxr-xr-x 1 root root 18664 Aug 11 20:29 libplain.so
-rwxr-xr-x 1 root root 18664 Aug 11 20:29 libplain.so.3
-rwxr-xr-x 1 root root 18664 Aug 11 20:29 libplain.so.3.0.0
-rwxr-xr-x 1 root root 26800 Aug 11 20:29 libsasldb.so
-rwxr-xr-x 1 root root 26800 Aug 11 20:29 libsasldb.so.3
-rwxr-xr-x 1 root root 26800 Aug 11 20:29 libsasldb.so.3.0.0
-rwxr-xr-x 1 root root 39208 Aug 11 20:29 libscram.so
-rwxr-xr-x 1 root root 39208 Aug 11 20:29 libscram.so.3
-rwxr-xr-x 1 root root 39208 Aug 11 20:29 libscram.so.3.0.0
-rwxr-xr-x 1 root root 26816 Aug 11 20:29 libsql.so
-rwxr-xr-x 1 root root 26816 Aug 11 20:29 libsql.so.3
-rwxr-xr-x 1 root root 26816 Aug 11 20:29 libsql.so.3.0.0
-- listing of /usr/lib/sasl2 --
total 1180
drwxr-xr-x 2 root root 4096 Aug 11 20:29 .
drwxr-xr-x 43 root root 12288 Aug 28 18:22 ..
-rwxr-xr-x 1 root root 18632 Aug 11 20:29 libanonymous.so
-rwxr-xr-x 1 root root 18632 Aug 11 20:29 libanonymous.so.3
-rwxr-xr-x 1 root root 18632 Aug 11 20:29 libanonymous.so.3.0.0
-rwxr-xr-x 1 root root 22760 Aug 11 20:29 libcrammd5.so
-rwxr-xr-x 1 root root 22760 Aug 11 20:29 libcrammd5.so.3
-rwxr-xr-x 1 root root 22760 Aug 11 20:29 libcrammd5.so.3.0.0
-rwxr-xr-x 1 root root 56040 Aug 11 20:29 libdigestmd5.so
-rwxr-xr-x 1 root root 56040 Aug 11 20:29 libdigestmd5.so.3
-rwxr-xr-x 1 root root 56040 Aug 11 20:29 libdigestmd5.so.3.0.0
-rwxr-xr-x 1 root root 18632 Aug 11 20:29 liblogin.so
-rwxr-xr-x 1 root root 18632 Aug 11 20:29 liblogin.so.3
-rwxr-xr-x 1 root root 18632 Aug 11 20:29 liblogin.so.3.0.0
-rwxr-xr-x 1 root root 35208 Aug 11 20:29 libntlm.so
-rwxr-xr-x 1 root root 35208 Aug 11 20:29 libntlm.so.3
-rwxr-xr-x 1 root root 35208 Aug 11 20:29 libntlm.so.3.0.0
-rwxr-xr-x 1 root root 109056 Aug 11 20:29 libotp.so
-rwxr-xr-x 1 root root 109056 Aug 11 20:29 libotp.so.3
-rwxr-xr-x 1 root root 109056 Aug 11 20:29 libotp.so.3.0.0
-rwxr-xr-x 1 root root 18664 Aug 11 20:29 libplain.so
-rwxr-xr-x 1 root root 18664 Aug 11 20:29 libplain.so.3
-rwxr-xr-x 1 root root 18664 Aug 11 20:29 libplain.so.3.0.0
-rwxr-xr-x 1 root root 26800 Aug 11 20:29 libsasldb.so
-rwxr-xr-x 1 root root 26800 Aug 11 20:29 libsasldb.so.3
-rwxr-xr-x 1 root root 26800 Aug 11 20:29 libsasldb.so.3.0.0
-rwxr-xr-x 1 root root 39208 Aug 11 20:29 libscram.so
-rwxr-xr-x 1 root root 39208 Aug 11 20:29 libscram.so.3
-rwxr-xr-x 1 root root 39208 Aug 11 20:29 libscram.so.3.0.0
-rwxr-xr-x 1 root root 26816 Aug 11 20:29 libsql.so
-rwxr-xr-x 1 root root 26816 Aug 11 20:29 libsql.so.3
-rwxr-xr-x 1 root root 26816 Aug 11 20:29 libsql.so.3.0.0
-- listing of /etc/sasl2 --
total 32
drwxr-xr-x 2 root root 4096 Aug 11 20:29 .
drwxr-xr-x 58 root root 4096 Aug 29 05:12 ..
-rw-r--r-- 1 root root 147 Aug 9 02:08 ._cfg0000_smtpd.conf
-rw-r--r-- 1 root root 0 Aug 11 20:29 .keep_dev-libs_cyrus-sasl-2
-rw-r----- 1 root mail 12432 Aug 8 19:44 sasldb2
-rw-r--r-- 1 root root 405 Aug 10 07:39 smtpd.conf
-- content of /etc/sasl2/smtpd.conf --
pwcheck_method: authdaemond
mech_list: LOGIN PLAIN
authdaemon_path: /var/lib/courier/authdaemon/socket
log_level: 5
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: pgsql
password_format: crypt
mech_list: LOGIN PLAIN
sql_engine: pgsql
#sql_hostnames: localhost
sql_database: postfix
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_select: SELECT password FROM mailbox WHERE local_part='%u' AND active='1'
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
user1 unix - - n - - smtp
-o syslog_name=postfix-user1
-o smtp_bind_address6=2600:3c01:e000:44:0:0:0:10
-- mechanisms on localhost --
250-AUTH LOGIN PLAIN
-- end of saslfinger output --
******************************* postmap ************************************
emailer1 htdocs # postmap -q "info@nyctelecomm.com" pgsql:/etc/postfix/pgsql/virtual_alias_maps.cf
info@nyctelecomm.com
emailer1 htdocs # postmap -q "nyctelecomm.com" pgsql:/etc/postfix/pgsql/virtual_mailbox_domains.cf
nyctelecomm
emailer1 htdocs # postmap -q "info@nyctelecomm.com" pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf
nyctelecomm.com/info/
********************************************* postconf ************************
emailer1 htdocs # postconf -n
broken_sasl_auth_clients = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 3
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
home_mailbox = .maildir/
html_directory = no
inet_protocols = ipv4, ipv6
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sender_dependent_default_transport_maps = hash:/etc/postfix/transport.cf
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = permit_sasl_authenticated permit_mynetworks, check_client_access
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated permit_mynetworks, reject_unknown_helo_hostname, reject_invalid_helo_hostname
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks, permit_sasl_authenticated
smtpd_relay_restrictions = permit_sasl_authenticated permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated reject_non_fqdn_sender, reject_unknown_sender_domain
smtpd_tls_CAfile = /etc/ssl/postfix/nyctelecomm.com.crt
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/postfix/nyctelecomm.com.crt
smtpd_tls_key_file = /etc/ssl/postfix/nyctelecomm.com.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = pgsql:/etc/postfix/pgsql/virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = pgsql:/etc/postfix/pgsql/virtual_mailbox_domains.cf
virtual_mailbox_maps = pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf
virtual_uid_maps = static:5000
************************ error ***********************************
2013-08-28T23:06:57+00:00 emailer1 postfix/smtpd[21746]: auxpropfunc error version mismatch with plug-in
2013-08-28T23:06:57+00:00 emailer1 postfix/smtpd[21746]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sasldb
2013-08-28T23:06:57+00:00 emailer1 postfix/smtpd[21746]: auxpropfunc error version mismatch with plug-in
2013-08-28T23:06:57+00:00 emailer1 postfix/smtpd[21746]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: