主页 / server / 问题 / 61232
Accepted
neezer
Asked: 2009-09-02 09:04:55 +0800 CST

Postfix & DKIMproxy 问题:连接被拒绝

  • 772

我的服务器设置与本文完全相同:Getting DKIMproxy installed and configured,但我遇到以下问题。

当我通过端口 587 向我的服务器发送电子邮件时,我在 mail.log 中得到以下内容:

Sep  1 16:49:38 mailer postfix/smtpd[9974]: connect from unknown[xxx.xxx.xxx.xxx]
Sep  1 16:49:39 mailer postfix/smtpd[9974]: 0B6C5301BC: client=unknown[xxx.xxx.xxx.xxx]
Sep  1 16:49:39 mailer postfix/cleanup[9970]: 0B6C5301BC: message-id=<[email protected]>
Sep  1 16:49:39 mailer postfix/qmgr[9949]: 0B6C5301BC: from=<[email protected]>, size=552, nrcpt=1 (queue active)
Sep  1 16:49:39 mailer postfix/smtp[9953]: connect to 127.0.0.1[127.0.0.1]:10027: Connection refused
Sep  1 16:49:39 mailer postfix/smtp[9953]: 0B6C5301BC: to=<[email protected]>, relay=none, delay=0.14, delays=0.14/0/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10027: Connection refused)

我有 /etc/dkimproxy/dkimproxy_out.conf 设置如下:

# specify what address/port DKIMproxy should listen on
listen    127.0.0.1:10027

# specify what address/port DKIMproxy forwards mail to
relay     127.0.0.1:10028

# specify what domains DKIMproxy can sign for (comma-separated, no spaces)
# Note that this is set in /etc/init.d/dkimproxy in this Debian package
# unactivate it there if you want to use the config file
domain    mailer.xxx.com

# specify what signatures to add
signature dkim(c=relaxed)
signature domainkeys(c=nofws)

# specify location of the private key
keyfile   /etc/dkimproxy/keys/email.key

# specify the selector (i.e. the name of the key record put in DNS)
selector  mail

然后我的 /etc/postfix/master.cf 附加了以下内容(根据教程):

submission  inet  n     -       n       -       -       smtpd
    -o smtpd_etrn_restrictions=reject
    -o smtpd_sasl_auth_enable=yes
    -o content_filter=dksign:[127.0.0.1]:10027
    -o receive_override_options=no_address_mappings
    -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

dksign    unix  -       -       n       -       10      smtp
    -o smtp_send_xforward_command=yes
    -o smtp_discard_ehlo_keywords=8bitmime,starttls

我似乎无法弄清楚为什么我在 DKIMproxy 应该监听的端口上不断收到“连接被拒绝”。谁能帮我解决这个问题?我不需要在防火墙中打开任何东西,对吗?因为它应该只是在本地主机上进行内部连接?

我觉得我已经很接近让这个工作了!

email

2 个回答

  1. 在您的帖子中添加了 2 条评论,但您确定您将以下部分添加到master.cf吗?

    # service for accepting messages FROM the DKIM signing proxy
127.0.0.1:10028 inet  n  -      n       -       10      smtpd
    -o content_filter=
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    -o smtpd_helo_restrictions=
    -o smtpd_client_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o smtpd_authorized_xforward_hosts=127.0.0.0/8

    Postfix 需要在 10028 上监听,以便 DKIM 可以在完成其部分后传递连接。

    • 0
  2. Best Answer

    知道了。

    我有一个防火墙规则限制本地主机流量并阻止访问这些端口(或者我认为):

    REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable

    删除它允许我运行 dkiproxy 并使用指定的端口。谢谢您的帮助!

    • 0

相关问题