在我的 Raspberry Pi 上,我使用Postfix 3.7.11和Dovecot 2.3.19.1 (9b53102964)。我有有效的域名mydomain.com。我为其子域名mail.mydomain.com颁发了 letsencrypt 免费证书,并在 cloudfare 上创建了 DNS 记录。在我的路由器上,我为 SMTP 和 IMAP 协议打开了端口 465 和 993。对于电子邮件,我使用 OS 用户而不是虚拟用户
我检查了 telnet 端口和域,一切正常。我还设置了 thunderbird 客户端,我可以成功地将电子邮件发送到任何邮件服务,并且邮件会进入收入文件夹(无垃圾邮件),因为我还添加了 SPF、DMARK、DKIM 记录。
我只是在接收任何服务的电子邮件时遇到问题。因此 Gmail 向我发送了带有以下文本的反馈电子邮件:
收件人服务器未接受我们的连接请求。有关更多信息,请访问https://support.google.com/mail/answer/7720 [mail.mydomain.com。[我的外部 IP]:FAILED_PRECONDITION:连接错误 (111):连接被拒绝]
我发布了我的配置,没有评论。我检查了一下,一切看起来都很好。但出了点问题。谢谢。
/etc/postfix/main.cf
myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 3.6
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.mydomain.com-0001/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.mydomain.com-0001/privkey.pem
smtpd_tls_security_level = encrypt
smtpd_tls_auth_only = yes
smtpd_tls_wrappermode = yes
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
myhostname = mail.mydomain.com
mydomain = mydomain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mydomain.com, mail.mydomain.com, localhost.localdomain, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
home_mailbox = Maildir/
maillog_file = /var/log/mail.log
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
/etc/dovecot/dovecot.conf
!include_try /usr/share/dovecot/protocols.d/*.protocol
!include conf.d/*.conf
!include_try local.conf
log_path = /var/log/dovecot.log
auth_verbose = yes
protocols = imap lmtp
/etc/dovecot/conf.d/10-ssl.conf
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.mydomain.com-0001/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.mydomain.com-0001/privkey.pem
ssl_ca = </etc/letsencrypt/live/mail.mydomain.com-0001/chain.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = </usr/share/dovecot/dh.pem
/etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = yes
auth_username_format = %n
auth_mechanisms = plain login
!include auth-system.conf.ext
/etc/dovecot/conf.d/10-master.conf
service imap-login {
inet_listener imaps {
port = 993
ssl = yes
}
}
service pop3-login {
inet_listener pop3s {
port = 995
ssl = yes
}
}
service submission-login {
inet_listener submission {
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
}
通过端口 25 接收消息。尝试在路由器上转发端口 25,同时检查 postfix 是否正在监听它(通过命令
ss -ntpl | grep :25)。回答:
问题出在 Postfix 配置上。我再次扫描了端口:
并得到以下结果:
在这种情况下,我看到 25 和 587 端口是通过 tls 进行的 smtp,但它需要使用 starttls 来工作,因此端口 25 Gmail 需要 starttls,而不是通过 tls 进行的 smtp。
在 Postfix 主配置中,我添加了几行带有证书路径的内容:
重启后服务器开始从外部邮件服务接收电子邮件并且 nmap 结果看起来正确:
现在它起作用了!