Postfix快速修复 SASL 认证（使用 saslauthd）

快速修复脚本

cat > /tmp/quick_fix_sasl.sh << 'EOF'
#!/bin/bash
echo "=== SASL 快速修复脚本 ==="
echo "创建用户: rafavi, 密码: beijing518"

# 1. 停止所有相关服务
echo "1. 停止服务..."
sudo systemctl stop postfix saslauthd 2>/dev/null
sudo pkill saslauthd 2>/dev/null

# 2. 清理旧的 socket 文件
echo "2. 清理旧配置..."
sudo rm -rf /var/run/saslauthd
sudo rm -rf /var/spool/postfix/var/run/saslauthd

# 3. 创建 socket 目录
echo "3. 创建 socket 目录..."
sudo mkdir -p /var/spool/postfix/var/run/saslauthd
sudo chown -R postfix:postfix /var/spool/postfix/var/run/saslauthd
sudo chmod 750 /var/spool/postfix/var/run/saslauthd

# 4. 创建系统用户 rafavi（用于 PAM 认证）
echo "4. 创建系统用户 rafavi..."
if ! id "rafavi" &>/dev/null; then
sudo useradd -m -s /bin/bash rafavi
echo "rafavi:beijing518" | sudo chpasswd
echo "✓ 用户 rafavi 创建成功"
else
echo "✓ 用户 rafavi 已存在，更新密码..."
echo "rafavi:beijing518" | sudo chpasswd
fi

# 5. 配置 saslauthd
echo "5. 配置 saslauthd..."
sudo tee /etc/default/saslauthd << 'DEFAULTEOF'
# 这是 /etc/default/saslauthd 配置文件
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
# 关键：指定正确的 socket 路径
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
DEFAULTEOF

# 6. 配置 Postfix SASL
echo "6. 配置 Postfix SASL..."
sudo mkdir -p /etc/postfix/sasl
sudo tee /etc/postfix/sasl/smtpd.conf << 'SASLCONFEOF'
# 使用 saslauthd 方法
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
# 必须与上面 OPTIONS 中的 -m 参数一致
saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
log_level: 3
SASLCONFEOF

# 7. 启动 saslauthd 服务
echo "7. 启动 saslauthd 服务..."
sudo systemctl daemon-reload
sudo systemctl start saslauthd
sudo systemctl enable saslauthd

# 8. 手动启动 saslauthd（确保 socket 创建）
echo "8. 手动启动 saslauthd..."
sudo saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r &

# 9. 等待 socket 文件创建
echo "9. 等待 socket 创建..."
sleep 3

# 10. 配置 Postfix 使用 SASL 认证
echo "10. 配置 Postfix..."
sudo postconf -e "smtpd_sasl_auth_enable = yes"
sudo postconf -e "smtpd_sasl_security_options = noanonymous"
sudo postconf -e "broken_sasl_auth_clients = yes"
sudo postconf -e "smtpd_sasl_local_domain = localhost"
sudo postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination"

# 11. 重启 Postfix
echo "11. 重启 Postfix..."
sudo systemctl restart postfix

# 12. 测试
echo ""
echo "=== 测试验证 ==="
echo "12.1 检查服务状态:"
sudo systemctl status saslauthd --no-pager | grep -A 3 "Active:"

echo ""
echo "12.2 检查 socket 文件:"
if [ -S "/var/spool/postfix/var/run/saslauthd/mux" ]; then
echo "✓ Socket 文件存在:"
ls -la /var/spool/postfix/var/run/saslauthd/mux
else
echo "✗ Socket 文件不存在，检查错误..."
ls -la /var/spool/postfix/var/run/saslauthd/
fi

echo ""
echo "12.3 测试 PAM 认证 (用户 rafavi):"
# 测试 PAM 认证（使用 expect 自动输入密码）
sudo apt-get install -y expect > /dev/null 2>&1

cat > /tmp/test_pam.exp << 'EXPEOF'
#!/usr/bin/expect -f
set timeout 5
spawn sudo testsaslauthd -u rafavi -p beijing518
expect {
"Password: " { send "beijing518\r" }
"password: " { send "beijing518\r" }
}
expect eof
catch wait result
exit [lindex $result 3]
EXPEOF

chmod +x /tmp/test_pam.exp
if /tmp/test_pam.exp; then
echo "✓ PAM 认证成功 (rafavi:beijing518)"
else
echo "✗ PAM 认证失败"
fi

echo ""
echo "12.4 测试 saslauthd 认证:"
if sudo testsaslauthd -u rafavi -p beijing518 2>&1 | grep -q "OK"; then
echo "✓ saslauthd 认证成功"
else
echo "✗ saslauthd 认证失败，错误信息:"
sudo testsaslauthd -u rafavi -p beijing518 2>&1 | head -2
fi

echo ""
echo "12.5 检查 Postfix 监听:"
sudo netstat -tulpn | grep -E ":25|:465"

echo ""
echo "=== Joomla 配置信息 ==="
echo "SMTP主机: localhost"
echo "SMTP端口: 465"
echo "SMTP安全: SSL"
echo "SMTP认证: 是"
echo "用户名: rafavi"
echo "密码: beijing518"
echo "发件人邮箱: bluetoothbeijing@localhost 或你的邮箱"

echo ""
echo "=== 修复完成 ==="
EOF

sudo chmod +x /tmp/quick_fix_sasl.sh
sudo /tmp/quick_fix_sasl.sh

快速修复脚本

登陆