в mainlog пишется:
Код: Выделить всё
login_pam authenticator failed for (10.10.0.144) [127.0.0.1] I=[127.0.0.1]:25: 535 Incorrect authentication data (set_id=user@domain.ru)
Не могу понять в чем косяк.
Помогите пожалуйста.
Модератор: xM
Код: Выделить всё
login_pam authenticator failed for (10.10.0.144) [127.0.0.1] I=[127.0.0.1]:25: 535 Incorrect authentication data (set_id=user@domain.ru)
Код: Выделить всё
primary_hostname = mail.lsk.em.ru
hide mysql_servers = localhost/exim/exim/exim
domainlist local_domains = ${lookup mysql{SELECT `domain` \
FROM `domain` WHERE \
`domain`='${domain}' AND \
`active`='1'}}
domainlist relay_to_domains = ${lookup mysql{SELECT `domain` \
FROM `domain` WHERE \
`domain`='${domain}' AND \
`active`='1'}}
hostlist relay_from_hosts = localhost:127.0.0.0/8:192.168.0.0/16
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
av_scanner = clamd:/var/run/clamav/clamd.sock
qualify_domain = em.ru
qualify_recipient = em.ru
allow_domain_literals = true
exim_user = mailnull
exim_group = mail
rfc1413_query_timeout = 0s
sender_unqualified_hosts = +relay_from_hosts
recipient_unqualified_hosts = +relay_from_hosts
ignore_bounce_errors_after = 45m
timeout_frozen_after = 7d
freeze_tell = admin@em.ru
helo_accept_junk_hosts = 10.10.0.0/24:10.10.1.0/24
auto_thaw = 1h
smtp_banner = "$primary_hostname, ESMTP EXIM $version_number"
smtp_accept_max = 50
smtp_accept_max_per_connection = 30
smtp_connect_backlog = 30
smtp_accept_max_per_host = 20
split_spool_directory = true
remote_max_parallel = 15
return_size_limit = 70k
message_size_limit = 10M
helo_allow_chars = _
smtp_enforce_sync = true
ldap_default_servers = 10.10.0.201:3268
LDAP_AD_BINDDN =${quote_ldap:CN=exim,CN=Users,DC=lsk,DC=em,DC=ru}
LDAP_AD_PASS = ******
LDAP_AD_BASE =DC=lsk,DC=em,DC=ru
LDAP_AD_RCPT =user=LDAP_AD_BINDDN \
pass=LDAP_AD_PASS \
ldap:///LDAP_AD_BASE?mail?sub?\
(&\
(|\
(objectclass=user)(objectclass=person)\
)\
(!(userAccountControl:1.2.840.113556.1.4.803:=2))\
(mail=${quote_ldap:$local_part}@${quote_ldap:$domain})\
)
log_selector = \
+all_parents \
+connection_reject \
+incoming_interface \
+lost_incoming_connection \
+received_sender \
+received_recipients \
+smtp_confirmation \
+smtp_syntax_error \
+smtp_protocol_error \
-queue_run
syslog_timestamp = no
begin acl
acl_check_rcpt:
accept hosts = :
deny message = "incorrect symbol in address"
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = "incorrect symbol in addres"
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept hosts = +relay_from_hosts
control = submission/sender_retain
deny message = "HELO/EHLO require by SMTP RFC"
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
accept authenticated = *
control = submission/sender_retain
deny message = "Your IP in HELO - access denied!"
hosts = * : !+relay_from_hosts : !81-10.autoem.ru
condition = ${if eq{$sender_helo_name}\
{$sender_host_address}{true}{false}}
deny condition = ${if eq{$sender_helo_name}\
{$interface_address}{yes}{no}}
hosts = !127.0.0.1: !localhost : *
message = "main IP in your HELO! Access denied!"
deny condition = ${if match{$sender_helo_name}\
{\N^\d+$\N}{yes}{no}
hosts = !127.0.0.1 : !localhost : *
message = "can not be only number in HELO!"
deny condition = ${if eq{$sender_address}{}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "Sender address is empty?! not for RFC..."
deny condition = ${if match{$sender_helo_name}{mail.co.ru}{no}{yes}}
hosts = !127.0.0.1 : !localhost : *
message = "Access deny!"
warn
set acl_m0 = 30s
warn
hosts = +relay_from_hosts : 127.0.0.1/8 : 10.10.0.0/24 : 10.10.1.0/24
set acl_m0 = 0s
warn
logwrite = Delay $acl_m0 for $sender_host_name \
[$sender_host_address] with HELO=$sender_helo_name. Mail \
from $sender_address to $local_part@$domain.
delay = $acl_m0
accept domains = +local_domains
endpass
message = "In my mailserver not stored this user"
verify = recipient
accept domains = +relay_to_domains
endpass
message = "main server not know how relay to this address"
verify = recipient
deny message = you in blacklist: $dnslist_domain --> $dnslist_text
dnslists = opm.blitzed.org : \
cbl.abuseat.org : \
bl.csma.biz : \
dynablock.njabl.org
accept hosts = +relay_from_hosts
deny message = "relay not permitted"
acl_check_data:
warn message = X-Quarantine-Me-Malware:$malware_name
log_message = Malware found: $malware_name
demime = *
malware = */defer_ok
set acl_m4 = $malware_name
accept
begin routers
check_malware:
driver = redirect
condition = ${if def:h_X-Quarantine-Me-Malware:{1}{0}}
headers_remove = Subject
headers_add = Subject: [CLAMAV: $acl_m4] $h_Subject
data = sev@autoem.ru
file_transport = address_file
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT `goto` FROM `alias` WHERE \
`address`='${quote_mysql:$local_part@$domain}' OR \
`address`='${quote_mysql:@$domain}'}}
ldapuser:
driver = accept
domains = +local_domains
condition = ${if !eq{}{${lookup ldapdn{LDAP_AD_RCPT}}}{yes}{no}}
transport = dovecot_delivery
begin transports
remote_smtp:
driver = smtp
dovecot_delivery:
driver = pipe
command = /usr/local/libexec/dovecot/deliver -d $local_part@$domain
message_prefix =
message_suffix =
delivery_date_add
envelope_to_add
return_path_add
log_output
user = mailnull
group = mail
address_pipe:
driver = pipe
return_output
address_reply:
driver = autoreply
begin authenticators
plain_pam:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = ${if pam{$auth2:${sg{$auth3}{:}{::}}}}
server_set_id = $auth2
login_pam:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = ${if pam{$auth1:${sg{$auth2}{:}{::}}}}
server_set_id = $auth1
Код: Выделить всё
login_pam authenticator:
$auth1 = user@em.ru
$auth2 = ******
$1 = sev@autoem.ru
$2 = ****
expanding: $auth2
result: ******
expanding: :
result: :
expanding: ::
result: ::
expanding: $auth1:${sg{$auth2}{:}{::}}
result: user@em.ru:*****
Running PAM authentication for user "user@em.ru"
PAM error: unknown user
condition: pam{$auth1:${sg{$auth2}{:}{::}}}
result: false
expanding: ${if pam{$auth1:${sg{$auth2}{:}{::}}}}
result:
expanded string:
expanding: $auth1
result: user@em.ru
SMTP>> 535 Incorrect authentication data
LOG: MAIN REJECT
login_pam authenticator failed for (10.10.0.144) [127.0.0.1] I=[127.0.0.1]:25: 535 Incorrect authentication data (set_id=user@em.ru)
Код: Выделить всё
protocols = imap
listen = *
disable_plaintext_auth = no
ssl = no
mail_location = maildir:/var/mail/exim/%Lu
mail_privileged_group = mail
verbose_proctitle = yes
first_valid_uid = 26
last_valid_uid = 26
first_valid_gid = 6
last_valid_gid = 6
maildir_copy_with_hardlinks = yes
login_greeting = dovecot MUA ready
auth_debug = yes
auth_verbose = yes
auth_debug_passwords = yes
log_path = /var/log/dovecot.log
mail_debug = yes
auth_cache_size = 0
auth_username_format = %Lu
mail_uid = 26
mail_gid = 6
protocol imap {
imap_client_workarounds = delay-newmail outlook-idle tb-extra-mailbox-sep
}
protocol lda {
postmaster_address = admin@em.ru
sendmail_path = /usr/sbin/sendmail
auth_socket_path = /var/run/dovecot/auth-master
}
auth default {
mechanisms = plain
passdb {
driver = ldap
args = /usr/local/etc/dovecot-ldap.conf
}
userdb {
driver = ldap
args = /usr/local/etc/dovecot-ldap.conf
}
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = mailnull
group = mail
}
client {
path = /var/run/dovecot/auth-client
mode = 0666
user = mailnull
group = mail
}
}
}
Код: Выделить всё
hosts = 10.10.0.201:3268
dn = cn=exim,cn=Users,dc=lsk,dc=em,dc=ru
dnpass = ******
auth_bind = yes
ldap_version = 3
base = dc=lsk,dc=em,dc=ru
deref = searching
scope = subtree
#user_attrs=mail=home=/var/mail/%$
user_filter = (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(|(mail=%u)(otherMailBox=%u)))
pass_filter = (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(|(mail=%u)(otherMailbox=%u)))
Код: Выделить всё
# AUTH PLAIN authentication method used by Netscape Messenger.
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if ldapauth {user=${quote_ldap:${lookup \
ldapdn {user=LDAP_AD_BINDDN pass=LDAP_AD_PASS ldap:///LDAP_AD_BASE??sub?\
(&(objectclass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(mail=${quote_ldap:$auth2}))}{$value}fail}} \
pass=${quote:$auth3} connect=5 ldap:///}{yes}{no}}
server_prompts = :
server_set_id = $auth2
# AUTH LOGIN authentication method used by MS Outlook.
login:
driver = plaintext
public_name = LOGIN
server_condition = ${if ldapauth {user=${quote_ldap:${lookup \
ldapdn {user=LDAP_AD_BINDDN pass=LDAP_AD_PASS ldap:///LDAP_AD_BASE??sub?\
(&(objectclass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(mail=${quote_ldap:$auth2}))}{$value}fail}} \
pass=${quote:$auth3} connect=5 ldap:///}{yes}{no}}
server_prompts = Username:: : Password::
server_set_id = $auth1
Код: Выделить всё
# AUTH PLAIN authentication method used by Netscape Messenger.
plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
# AUTH LOGIN authentication method used by MS Outlook.
login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
Код: Выделить всё
login authenticator failed for [10.10.0.125] I=[10.10.0.144]:25: 535 Incorrect authentication data (set_id=гыук@em.ru)
такого емаела быть не может, пишите ящики не на кирилице...sev писал(а):используя первый вариант smtp аутентификация не проходит. в логах:Код: Выделить всё
login authenticator failed for [10.10.0.125] I=[10.10.0.144]:25: 535 Incorrect authentication data (set_id=гыук@em.ru)