首先,連接埠 25 已打開,但不接受任何外部連線。

tag-icon tag-icon linux postfix email-server centos7 dovecot
首先,連接埠 25 已打開,但不接受任何外部連線。

我想這是兩個典型的問題,至少第一個是。我正在嘗試在 CentOS 7 上配置 postfix dovecot。

首先,連接埠 25 已打開,但不接受任何外部連線。

連接埠 25 的內部連線正在運作。我做了:

[root@myhost ~]# telnet localhost smtp
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 xxxx.com ESMTP Postfix (CentOS)
helo xxxx
250 xxxx.com
mail from:<[email protected]>
250 2.1.0 Ok
rcpt to:<[email protected]>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
from:[email protected]
to:[email protected]
subject:Testing email
test test
.
250 2.0.0 Ok: queued as CBE5F6039
quit
221 2.0.0 Bye
Connection closed by foreign host.

然後我檢查了我的 Dovecot 伺服器/var/mail/vhosts/xxxx.com/user1

./new
./new/1693231789.M572537P2155.xxxx,S=495,W=510

所以對於典型的 SMTP(連接埠 25),我的配置是完全正確的。但問題是,當我嘗試發送或遠端登入它時,它沒有任何回應。日誌文檔為空。所以我嘗試了一下tcpdump -i any port smtp,它告訴我 25 埠根本沒有開啟。

所以我猜這只是一些典型的 Linux 錯誤,阻止了連接埠 25 的偵聽。請告訴我是否有人知道它是什麼。

其次,465埠不工作。

看來 postfix 要么因為某些配置錯誤而沒有監聽它,要么被我的 Linux 內部的某些東西阻止了端口 465。 (或 SSL 可能不正確)

我在自己的電腦上嘗試tcpdump -i any port smtps並做到了。telnet mail.xxxx.com smtps

伺服器顯示連接埠 465 確實收到了資料包。但是,後綴沒有回應任何內容。

所以我查看了 的郵件日誌/var/log/maillog,它顯示 postfix 根本無法識別並回應我的 telnet 連線。這是日誌:

Aug 28 13:42:37 xxxx postfix/postfix-script[1692]: starting the Postfix mail system
Aug 28 13:42:37 xxxx postfix/master[1694]: daemon started -- version 2.10.1, configuration /etc/postfix

只是單純的什麼都沒有。所以我猜 Linux 上有一些設定或防火牆阻止了「實際上」偵聽 smtp 連接埠的服務。有人知道這個嗎?

然後我嘗試從連接埠 465 上的本機主機遠端登錄,但似乎連接埠 465 上的內部連線也不起作用。

在我的伺服器上,我做了:

[root@myhost ~]# telnet localhost smtps
Trying ::1...
Connected to localhost.
Escape character is '^]'.
helo xxxx
Connection closed by foreign host.

它在“helo”之後就關閉了。然後我又去查看/var/log/maillog,結果如下:

Aug 28 13:45:57 xxxx postfix/smtps/smtpd[1974]: connect from unknown[::1]
Aug 28 13:46:01 xxxx postfix/smtps/smtpd[1974]: SSL_accept error from unknown[::1]: -1
Aug 28 13:46:01 xxxx postfix/smtps/smtpd[1974]: warning: TLS library problem: 1974:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640:
Aug 28 13:46:01 xxxx postfix/smtps/smtpd[1974]: lost connection after CONNECT from unknown[::1]
Aug 28 13:46:01 xxxx postfix/smtps/smtpd[1974]: disconnect from unknown[::1]

這是我的設定檔。

須藤 postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = localhost
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = localhost, localhost.$mydomain
mydomain = xxxx.com
myhostname = xxxx.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name (CentOS)
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/xxxx.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/xxxx.com/privkey.pem
smtpd_tls_security_level = may
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp

部分/etc/postfix/main.cf

mail_owner = postfix
myhostname = xxxx.com
mydomain = xxxx.com

# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/xxxx,com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/xxxx.com/privkey.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous

inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
inet_interfaces = localhost
# Enable IPv4, and IPv6 if supported
inet_protocols = all

mydestination = localhost, localhost.$mydomain

virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
recipient_delimiter = +
virtual_transport = lmtp:unix:private/dovecot-lmtp

部分/etc/postfix/master.cf

smtp      inet  n       -       n       -       1       postscreen
#smtpd     pass  -       -       n       -       -       smtpd
#dnsblog   unix  -       -       n       -       0       dnsblog
#tlsproxy  unix  -       -       n       -       0       tlsproxy
submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_reject_unlisted_recipient=no
  #-o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
465     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  #-o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

答案1

感謝上面@HBruijn的評論,我解決了這個問題。問題是我配置了兩個inet_interfaces

有價值的一件事是,似乎在當前的 postfix 設定檔中,inet_interfaces = localhost是預設值,並且未註釋為預設值。不過,inet_interfaces = all有評論。因此,inet_interfaces = localhost取消註釋時需要註釋inet_interfaces = all

該文件是:/etc/postfix/master.cf.

相關內容