这周我一直在设置一个邮件服务器,当我开始时它正在接收邮件,但在某个地方它已经停止接收来自任何域的邮件。发送仍然正常,邮件仍在本地投递。
错误日志显示:
Jan 6 12:15:12 mailserver postfix/smtpd[24639]: NOQUEUE: reject: RCPT from unknown[90.100.xxx.xxx]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<green.serve.com>
Jan 6 12:15:12 mailserver postfix/smtpd[24639]: disconnect from unknown[90.100.xxx.xxx] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7
网上任何类似的问题似乎都在暗示发件人的DNS记录不正确,我从两个域都试过了,都不能发送到这个服务器。DNS 记录正确。我还使用 Dig 来确保邮件服务器可以正确检查 DNS 记录并且一切正常。
NSlookup 为发件人域找到正确的 IP:
#nslookup green.serve.com
Server: 1.0.0.1
Address: 1.0.0.1#53
Non-authoritative answer:
Name: green.serve.com
Address: xx.400.112.xxx
即使暂时删除reject_unknown_recipient_domain
也不起作用。
这是我的 main.cf 配置:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
command_directory = /usr/sbin
compatibility_level = 2
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
default_transport = error:
dovecot_destination_recipient_limit = 1
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_transport = lmtp:unix:private/dovecot-lmtp
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 20971520
meta_directory = /etc/postfix
milter_default_action = accept
milter_protocol = 6
mydestination = localhost.$mydomain, localhost, $mydomain, $myhostname
myhostname = mailserver.net
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix/README_FILES
relay_domains =
relay_transport = error
sample_directory = /usr/share/doc/postfix/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib64/postfix
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_CApath = /etc/pki/tls/certs
smtp_tls_loglevel = 1
smtpd_banner = $myhostname ESMTP
smtpd_milters = inet:127.0.0.1:8891
smtpd_proxy_options = speed_adjust
smtpd_recipient_restrictions = permit_mynetworks,reject_invalid_hostname, reject_unknown_recipient_domain,reject_unauth_destination,permit
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_cert_file = /etc/letsencrypt/live/mailserver.net/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mailserver.net/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtputf8_enable = no
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_gid_maps = static:1002
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains =
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_transport = dovecot
virtual_uid_maps = static:1002
大师.cf:
smtp inet n - y - - smtpd -o content_filter=spamassassin
submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_tls_wrappermode=no -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o content_filter=smtp-amavis:[127.0.0.1]:10026
smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o content_filter=smtp-amavis:[127.0.0.1]:10026
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp -o syslog_name=postfix/$service_name
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_milters=
问题是由于在不存在 CHROOT 的情况下在 smtp 的 master.cf 中包含了 CHROOT 的 Y 设置。
设置 CHROOT 非常简单,在 postfix 源代码 (/examples/chroot-setup) 中有一个 shell 脚本,只需运行它,所有守护进程都可以被 chroot。
(根据 Nikita 的评论进行编辑)
这听起来像是 DNS 解析问题。
dig
DNS 查找实用程序直接执行查找,绕过系统为其应用程序和服务提供的名称解析。那就是您应该测试的内容,例如,nslookup example.com
nc example.com 25
(尝试实际连接到 SMTP 服务器)在具有 systemd-resolved 的系统上:
dig example.com @127.0.0.53
(来自本地 systemd-resolved)resolvectl status