快被Fedora Core 2折磨死了，认证的用户名会被截断

nixer

大家好，我想用Fedora Core 2自带的postfix-2.0.18-4.src.rpm实现smtpauth，结果发现在做SMTP-AUTH时，postfix总是把认证用户名里的邮件域部分去掉然后拿去认证，如：用户名"[email protected]"，密码"123456"将被被截断成用户名："vu"，密码"123456"，造成认证失败，只有用用户名"[email protected]@vd.mydomain.net"密码"123456"认证才可以通过，而同一个src.rpm，同样的配置，在RedHat AS3上编译安装没有这个问题，搞了1个星期，没招了，求高人给支个招。

安装步骤如下：

下载src.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/2/SRPMS/postfix-2.0.18-4.src.rpm
rpm -ivh postfix-2.0.18-4.src.rpm
将spec里的MYSQL置为1(打算用虚拟账户)
rpmbuild -ba postfix.spec编译
rpm -ivh postfix-2.0.18-4.i386.rpm

将系统MTA切换到postfix
system-switch-mail-nox

改/etc/postfix/main.cf，增加下面的行：
inet_interfaces = all
mynetworks = 127.0.0.0/8
smtpd_sasl_auth_enable = yes
smtpd_sasl_application_name = smtpd

sasl认证设为saslauthd
cat /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd

编译安装pam_mysql(这个不会有什么特别的吧)
改/etc/pam.d/smtp.postfix
#%PAM-1.0
#auth       required    pam_stack.so service=system-auth
#account    required    pam_stack.so service=system-auth
auth            sufficient      pam_stack.so service=system-auth
account         sufficient      pam_stack.so service=system-auth
auth            sufficient      pam_mysql.so user=zzz passwd=zzz_pass host=twins db=vmail table=mailbox usercolumn=username passwdcolumn=password crypt=1 sqllog=0 where=active=1
account         sufficient      pam_mysql.so user=zzz passwd=zzz_pass host=twins db=vmail table=mailbox usercolumn=username passwdcolumn=password crypt=1 sqllog=0 where=active=1

改/etc/sysconfig/saslauthd
#MECH=shadow
MECH=pam

在数据库mailbox表中添加了用户[email protected]，密码123456
启动saslauthd和postfix

先用[email protected]/123456认证，再用[email protected]@vd.mydomain.net/123456认证：
telnet 172.16.217.29 25
Trying 172.16.217.29 25...
Connected to teddy.mydomain.net (172.16.217.29).
Escape character is '^]'.
220 teddy.lingtu.net ESMTP Postfix
ehlo mydomain
250-teddy.mydomain.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN DIGEST-MD5 CRAM-MD5 LOGIN
250 8BITMIME
AUTH PLAIN dnVAdmQubGluZ3R1Lm5ldAB2dUB2ZC5saW5ndHUubmV0ADEyMzQ1Ng==
535 Error: authentication failed
AUTH PLAIN dnVAdmQubGluZ3R1Lm5ldEB2ZC5saW5ndHUubmV0AHZ1QHZkLmxpbmd0dS5uZXRAdmQubGluZ3R1Lm5ldAAxMjM0NTY=
235 Authentication successful
quit
221 Bye

附：/var/log/messages里的saslauthd的日志
Jul  3 11:01:15 teddy saslauthd[8082]: pam_sm_authenticate called.
Jul  3 11:01:15 teddy saslauthd[8082]: dbuser changed.
Jul  3 11:01:15 teddy saslauthd[8082]: dbpasswd changed.
Jul  3 11:01:15 teddy saslauthd[8082]: host changed.
Jul  3 11:01:15 teddy saslauthd[8082]: database changed.
Jul  3 11:01:15 teddy saslauthd[8082]: table changed.
Jul  3 11:01:15 teddy saslauthd[8082]: usercolumn changed.
Jul  3 11:01:15 teddy saslauthd[8082]: passwdcolumn changed.
Jul  3 11:01:15 teddy saslauthd[8082]: crypt changed.
Jul  3 11:01:15 teddy saslauthd[8082]: sqllog changed.
Jul  3 11:01:15 teddy saslauthd[8082]: where changed.
Jul  3 11:01:15 teddy saslauthd[8082]: db_connect  called.
Jul  3 11:01:15 teddy saslauthd[8082]: returning 0 .
Jul  3 11:01:15 teddy saslauthd[8082]: db_checkpasswd called.
Jul  3 11:01:15 teddy saslauthd[8082]: pam_mysql: where clause = active=1
Jul  3 11:01:15 teddy saslauthd[8082]: SELECT password FROM mailbox WHERE uname='vu' AND (active=1)
Jul  3 11:01:15 teddy saslauthd[8082]: pam_mysql: select returned more than one result
Jul  3 11:01:15 teddy saslauthd[8082]: returning 7 after db_checkpasswd.
Jul  3 11:01:18 teddy saslauthd[8082]: do_auth         : auth failure: [user=vu] [service=smtp] [realm=vd.mydomain.net] [mech=pam] [reason=PAM auth error]
Jul  3 11:01:20 teddy smtp(pam_unix)[8083]: check pass; user unknown
Jul  3 11:01:20 teddy smtp(pam_unix)[8083]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jul  3 11:01:20 teddy saslauthd[8083]: pam_sm_authenticate called.
Jul  3 11:01:20 teddy saslauthd[8083]: dbuser changed.
Jul  3 11:01:20 teddy saslauthd[8083]: dbpasswd changed.
Jul  3 11:01:20 teddy saslauthd[8083]: host changed.
Jul  3 11:01:20 teddy saslauthd[8083]: database changed.
Jul  3 11:01:20 teddy saslauthd[8083]: table changed.
Jul  3 11:01:20 teddy saslauthd[8083]: usercolumn changed.
Jul  3 11:01:20 teddy saslauthd[8083]: passwdcolumn changed.
Jul  3 11:01:20 teddy saslauthd[8083]: crypt changed.
Jul  3 11:01:20 teddy saslauthd[8083]: sqllog changed.
Jul  3 11:01:20 teddy saslauthd[8083]: where changed.
Jul  3 11:01:20 teddy saslauthd[8083]: db_connect  called.
Jul  3 11:01:20 teddy saslauthd[8083]: returning 0 .
Jul  3 11:01:20 teddy saslauthd[8083]: db_checkpasswd called.
Jul  3 11:01:20 teddy saslauthd[8083]: pam_mysql: where clause = active=1
Jul  3 11:01:20 teddy saslauthd[8083]: SELECT password FROM mailbox WHERE uname='[email protected]' AND (active=1)
Jul  3 11:01:20 teddy saslauthd[8083]: sqlLog called.
Jul  3 11:01:20 teddy saslauthd[8083]: returning 0 .
Jul  3 11:01:20 teddy saslauthd[8083]: returning 0.
Jul  3 11:01:20 teddy smtp(pam_unix)[8083]: could not identify user (from getpwnam([email protected]))
Jul  3 11:01:20 teddy saslauthd[8083]: pam_mysql: acct_mgmt called but not implemented. Dont panic though

nixer

Jul 3 11:01:18 teddy saslauthd[8082]: do_auth : auth failure: [user=vu] [service=smtp] [realm=vd.mydomain.net] [mech=pam] [reason=PAM auth error]

看样子postfix将最后一个@之后的内容挪为saslauth中的realm的内容了，正常的认证中该域为空，但还是不知该如何解决