zensys提出的问题 -server

zensys

Asked: 2015-04-01 12:59:42 +0800 CST

telnet 无法连接到没有防火墙的端口

0

如果我尝试连接到 MySQL

telnet myhost.com 3306

network not reachable即使刷新所有iptables规则，我也会收到错误消息。我可以到达其他端口，例如ssh（使用与 for 相同的iptables规则ssh）。

下面是我在netstat. 它给我的印象是访问端口比访问端口更多iptables：像 10025 这样的端口在我的iptables.

我看到 MySQL 对 tcp 开放，但对 tcp6 不开放（ssh 对两者都开放）。

从 Ubuntu 服务器 12.04 升级到 14.04 后，此问题开始出现。有人对连接超时有任何建议吗？

$ netstat -tlp 3306
(No info could be read for "-p": geteuid()=1000 but you should be root.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:pop3s                 *:*                     LISTEN      -               
tcp        0      0 localhost:10023         *:*                     LISTEN      -               
tcp        0      0 localhost:10024         *:*                     LISTEN      -               
tcp        0      0 localhost:10025         *:*                     LISTEN      -               
tcp        0      0 *:mysql                 *:*                     LISTEN      -               
tcp        0      0 *:pop3                  *:*                     LISTEN      -               
tcp        0      0 localhost:spamd         *:*                     LISTEN      -               
tcp        0      0 *:imap2                 *:*                     LISTEN      -               
tcp        0      0 *:urd                   *:*                     LISTEN      -               
tcp        0      0 *:smtp                  *:*                     LISTEN      -               
tcp        0      0 *:sieve                 *:*                     LISTEN      -               
tcp        0      0 *:ssh                  *:*                     LISTEN      -               
tcp        0      0 *:imaps                 *:*                     LISTEN      -               
tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      -               
tcp6       0      0 localhost:10023         [::]:*                  LISTEN      -               
tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      -               
tcp6       0      0 localhost:spamd         [::]:*                  LISTEN      -               
tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      -               
tcp6       0      0 [::]:http               [::]:*                  LISTEN      -               
tcp6       0      0 [::]:urd                [::]:*                  LISTEN      -               
tcp6       0      0 [::]:smtp               [::]:*                  LISTEN      -               
tcp6       0      0 [::]:https              [::]:*                  LISTEN      -               
tcp6       0      0 [::]:sieve              [::]:*                  LISTEN      -               
tcp6       0      0 [::]:ssh               [::]:*                  LISTEN      -               
tcp6       0      0 [::]:imaps              [::]:*                  LISTEN      -   

150407 12:31:07 [Note] /usr/sbin/mysqld: Normal shutdown

150407 12:31:07 [Note] Event Scheduler: Purging the queue. 0 events
150407 12:31:07  InnoDB: Starting shutdown...
150407 12:31:10  InnoDB: Shutdown completed; log sequence number 574674933
150407 12:31:10 [Note] /usr/sbin/mysqld: Shutdown complete

150407 12:31:11 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
150407 12:31:11 [Warning] Using unique option prefix key_buffer instead of key_buffer_size is deprecated and will be removed in a future release. Please use the full name instead.
150407 12:31:12 [Warning] Using unique option prefix myisam-recover instead of myisam-recover-options is deprecated and will be removed in a future release. Please use the full name instead.
150407 12:31:12 [Note] Plugin 'FEDERATED' is disabled.
150407 12:31:12 InnoDB: The InnoDB memory heap is disabled
150407 12:31:12 InnoDB: Mutexes and rw_locks use GCC atomic builtins
150407 12:31:12 InnoDB: Compressed tables use zlib 1.2.8
150407 12:31:12 InnoDB: Using Linux native AIO
150407 12:31:12 InnoDB: Initializing buffer pool, size = 128.0M
150407 12:31:12 InnoDB: Completed initialization of buffer pool
150407 12:31:12 InnoDB: highest supported file format is Barracuda.
150407 12:31:12 [Warning] Using unique option prefix myisam-recover instead of myisam-recover-options is deprecated and will be removed in a future release. Please use the full name instead.
150407 12:31:12 [Note] Plugin 'FEDERATED' is disabled.
150407 12:31:12 InnoDB: The InnoDB memory heap is disabled
150407 12:31:12 InnoDB: Mutexes and rw_locks use GCC atomic builtins
150407 12:31:12 InnoDB: Compressed tables use zlib 1.2.8
150407 12:31:12 InnoDB: Using Linux native AIO
150407 12:31:12 InnoDB: Initializing buffer pool, size = 128.0M
150407 12:31:12 InnoDB: Completed initialization of buffer pool
InnoDB: Unable to lock ./ibdata1, error: 11
InnoDB: Check that you do not already have another mysqld process
InnoDB: using the same InnoDB data or log files.
150407 12:31:12  InnoDB: Retrying to lock the first data file
InnoDB: Unable to lock ./ibdata1, error: 11
InnoDB: Check that you do not already have another mysqld process
InnoDB: using the same InnoDB data or log files.
150407 12:31:13  InnoDB: Waiting for the background threads to start
InnoDB: Unable to lock ./ibdata1, error: 11
InnoDB: Check that you do not already have another mysqld process
InnoDB: using the same InnoDB data or log files.
150407 12:31:14 InnoDB: 5.5.41 started; log sequence number 574674933
150407 12:31:14 [Note] Server hostname (bind-address): '0.0.0.0'; port: 3306
150407 12:31:14 [Note]   - '0.0.0.0' resolves to '0.0.0.0';
150407 12:31:14 [Note] Server socket created on IP: '0.0.0.0'.
150407 12:31:15 [Note] Event Scheduler: Loaded 0 events
150407 12:31:15 [Note] /usr/sbin/mysqld: ready for connections.
Version: '5.5.41-0ubuntu0.14.04.1'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  (Ubuntu)
InnoDB: Unable to lock ./ibdata1, error: 11
InnoDB: Check that you do not already have another mysqld process
InnoDB: using the same InnoDB data or log files.
...
InnoDB: Unable to lock ./ibdata1, error: 11
InnoDB: Check that you do not already have another mysqld process
InnoDB: using the same InnoDB data or log files.
150407 12:32:52  InnoDB: Unable to open the first data file
InnoDB: Error in opening ./ibdata1
150407 12:32:52  InnoDB: Operating system error number 11 in a file operation.
InnoDB: Error number 11 means 'Resource temporarily unavailable'.
InnoDB: Some operating system error numbers are described at
InnoDB: http://dev.mysql.com/doc/refman/5.5/en/operating-system-error-codes.html
150407 12:32:52 InnoDB: Could not open or create data files.
150407 12:32:52 InnoDB: If you tried to add new data files, and it failed here,
150407 12:32:52 InnoDB: you should now edit innodb_data_file_path in my.cnf back
150407 12:32:52 InnoDB: to what it was, and remove the new ibdata files InnoDB created
150407 12:32:52 InnoDB: in this failed attempt. InnoDB only wrote those files full of
150407 12:32:52 InnoDB: zeros, but did not yet use them in any way. But be careful: do not
150407 12:32:52 InnoDB: remove old data files which contain your precious data!
150407 12:32:52 [ERROR] Plugin 'InnoDB' init function returned error.
150407 12:32:52 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
150407 12:32:52 [ERROR] Unknown/unsupported storage engine: InnoDB
150407 12:32:52 [ERROR] Aborting

150407 12:32:52 [Note] /usr/sbin/mysqld: Shutdown complete

150407 12:32:52 [Warning] Using unique option prefix myisam-recover instead of myisam-recover-options is deprecated and will be removed in a future release. Please use the full name instead.
150407 12:32:52 [Note] Plugin 'FEDERATED' is disabled.
......

将绑定地址更改为 0.0.0.0 后 netstat 的输出：

tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      18890/mysqld

输出挖掘：

; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> myhost.com ip r get 123.45.67.890 telnet 123.45.67.890 3306
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55636
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;myhost.com.        IN  A

;; ANSWER SECTION:
myhost.com. 3600    IN  A   123.45.67.890

;; Query time: 856 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Tue Apr 07 22:55:03 CEST 2015
;; MSG SIZE  rcvd: 60

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35733
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;ip.                IN  A

;; AUTHORITY SECTION:
.           528 IN  SOA a.root-servers.net. nstld.verisign-grs.com. 2015040701 1800 900 604800 86400

;; Query time: 159 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Tue Apr 07 22:55:03 CEST 2015
;; MSG SIZE  rcvd: 106

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17760
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;r.             IN  A

;; AUTHORITY SECTION:
.           528 IN  SOA a.root-servers.net. nstld.verisign-grs.com. 2015040701 1800 900 604800 86400

;; Query time: 55 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Tue Apr 07 22:55:03 CEST 2015
;; MSG SIZE  rcvd: 105

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20236
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;get.               IN  A

;; AUTHORITY SECTION:
.           527 IN  SOA a.root-servers.net. nstld.verisign-grs.com. 2015040701 1800 900 604800 86400

;; Query time: 62 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Tue Apr 07 22:55:04 CEST 2015
;; MSG SIZE  rcvd: 107

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29568
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;123.45.67.890.         IN  A

;; ANSWER SECTION:
123.45.67.890.      0   IN  A   123.45.67.890

;; Query time: 0 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)

/etc/mysql/my.cnf：

#
# The MySQL database server configuration file.
#
# You can copy this to one of:
# - "/etc/mysql/my.cnf" to set global options,
# - "~/.my.cnf" to set user-specific options.
# 
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html

# This will be passed to all mysql clients
# It has been reported that passwords should be enclosed with ticks/quotes
# escpecially if they contain "#" chars...
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
[client]
port        = 3306
socket      = /var/run/mysqld/mysqld.sock

# Here is entries for some specific programs
# The following values assume you have at least 32M ram

# This was formally known as [safe_mysqld]. Both versions are currently parsed.
[mysqld_safe]
socket      = /var/run/mysqld/mysqld.sock
nice        = 0

[mysqld]
#
# * Basic Settings
#
user        = mysql
pid-file    = /var/run/mysqld/mysqld.pid
socket      = /var/run/mysqld/mysqld.sock
port        = 3306
basedir     = /usr
datadir     = /var/lib/mysql
tmpdir      = /tmp
lc-messages-dir = /usr/share/mysql
#skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address       = 127.0.0.1
bind-address        = 0.0.0.0

#
# * Fine Tuning
#
key_buffer      = 16M
max_allowed_packet  = 16M
thread_stack        = 192K
thread_cache_size       = 8
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
myisam-recover         = BACKUP
#max_connections        = 100
#table_cache            = 64
#thread_concurrency     = 10
#
# * Query Cache Configuration
#
query_cache_limit   = 1M
query_cache_size        = 16M
#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
# As of 5.1 you can enable the log at runtime!
#general_log_file        = /var/log/mysql/mysql.log
#general_log             = 1
#
# Error log - should be very few entries.
#
log_error = /var/log/mysql/error.log
#
# Here you can see queries with especially long duration
#log_slow_queries   = /var/log/mysql/mysql-slow.log
#long_query_time = 2
#log-queries-not-using-indexes
#
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
#       other settings you may need to change.
#server-id      = 1
#log_bin            = /var/log/mysql/mysql-bin.log
expire_logs_days    = 10
max_binlog_size         = 100M
#binlog_do_db       = include_database_name
#binlog_ignore_db   = include_database_name
#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
#
# * Security Features
#
# Read the manual, too, if you want chroot!
# chroot = /var/lib/mysql/
#
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
#
# ssl-ca=/etc/mysql/cacert.pem
# ssl-cert=/etc/mysql/server-cert.pem
# ssl-key=/etc/mysql/server-key.pem



[mysqldump]
quick
quote-names
max_allowed_packet  = 16M

[mysql]
#no-auto-rehash # faster start of mysql but no tab completition

[isamchk]
key_buffer      = 16M

#
# * IMPORTANT: Additional settings that can override those from this file!
#   The files must end with '.cnf', otherwise they'll be ignored.
#
!includedir /etc/mysql/conf.d/

跟踪路由：

 1  192.168.1.1 (192.168.1.1)  4.728 ms  4.720 ms  4.707 ms
 2  1.16.15.37.dynamic.jazztel.es (37.15.16.1)  26.522 ms  26.529 ms  28.352 ms
 3  10.255.160.254 (10.255.160.254)  30.024 ms  30.017 ms  29.987 ms
 4  41.217.106.212.static.jazztel.es (212.106.217.41)  44.086 ms 45.217.106.212.static.jazztel.es (212.106.217.45)  52.257 ms 41.217.106.212.static.jazztel.es (212.106.217.41)  42.428 ms
 5  * 42.217.106.212.static.jazztel.es (212.106.217.42)  47.672 ms  52.229 ms
 6  129.216.106.212.static.jazztel.es (212.106.216.129)  57.838 ms  61.308 ms *
 7  142.216.106.212.static.jazztel.es (212.106.216.142)  89.549 ms  106.063 ms *
 8  142.216.106.212.static.jazztel.es (212.106.216.142)  76.570 ms 195.66.225.53 (195.66.225.53)  87.575 ms 142.216.106.212.static.jazztel.es (212.106.216.142)  84.337 ms
 9  195.66.225.53 (195.66.225.53)  106.011 ms  76.555 ms  105.993 ms
10  openpeering.pcextreme.nl (82.150.154.35)  84.274 ms telecity2.openpeering.nl (82.150.154.26)  87.533 ms nikhef.openpeering.nl (82.150.154.25)  105.973 ms
11  openpeering.pcextreme.nl (82.150.154.35)  87.506 ms  87.474 ms 185.27.173.130 (185.27.173.130)  79.570 ms
12  185.27.173.150 (185.27.173.150)  95.558 ms  95.510 ms 185.27.173.130 (185.27.173.130)  81.846 ms
13  185.27.173.150 (185.27.173.150)  68.465 ms *  84.567 ms
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

zensys

Asked: 2013-03-27 10:05:49 +0800 CST

dovecot 的 ssl 问题

2

当通过 gmail 从外部弹出邮箱检索邮件时，我有一个明显经常发生但未解决的 gmail 问题。查看错误详细信息，它说：

服务器响应：“身份验证失败”。

这个邮件服务器是我自己的服务器，当我从终端连接时：

~$ telnet mail.mydomain.com:995

我得到以下信息：

Trying xx.xx.xxx.xx...
Connected to mail.mydomain.com.
Escape character is '^]'.

然后在尝试登录时：

user myuser
Connection closed by foreign host.

在我的邮件日志中：

Mar 26 18:22:42 www dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Mar 26 18:22:42 www dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so
Mar 26 18:22:42 www dovecot: auth: Debug: auth client connected (pid=6554)
Mar 26 18:23:20 www dovecot: pop3-login: Disconnected (no auth attempts): rip=xx.xx.xxx.xx, lip=xx.xx.xxx.xx, TLS handshaking: SSL_accept() failed: error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol

测试 ssl 时：

~$ openssl s_client -connect mail.mydomain.com:995

我可以连接，但是使用这条线（我购买了一个 godaddy 证书）：

Verify return code: 19 (self signed certificate in certificate chain)

我做错了什么？这是我的配置文件：

# 2.0.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.0.0-13-server x86_64 Ubuntu 11.10 ext4
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = maildir:/home/vmail/%d/%n/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date
namespace {
  inbox = yes
  location = 
  prefix = INBOX.
  separator = .
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
protocols = imap pop3
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0600
    user = vmail
  }
  unix_listener auth-master {
    mode = 0600
    user = vmail
  }
  user = root
}
ssl = required
ssl_cert = </etc/ssl/certs/mail.mydomain.com_combined.crt
ssl_key = </etc/ssl/private/mail.mydomain.key
userdb {
  args = uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes
  driver = static
}
protocol lda {
  auth_socket_path = /var/run/dovecot/auth-master
  log_path = /home/vmail/dovecot-deliver.log
  mail_plugins = sieve
  postmaster_address = postmaster@mydomain.com
}
protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
}
disable_plaintext_auth = no

auth_verbose = yes
auth_debug = yes

后缀：

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/mail.mydomain.com_combined.crt
smtpd_tls_key_file = /etc/ssl/private/mail.mydomain.com.key
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.mydomain.com
mydomain = mydomain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = 
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
message_size_limit = 30720000
virtual_alias_domains = 
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
# see under Spam smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

# Spam
disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
   check_helo_access hash:/etc/postfix/helo_access,
   reject_non_fqdn_hostname,
   reject_invalid_hostname,
   permit
smtpd_recipient_restrictions =
   permit_mynetworks,
   permit_sasl_authenticated,
   reject_unauth_destination,
   reject_invalid_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   reject_non_fqdn_hostname,
   reject_rbl_client sbl.spamhaus.org,
   reject_rbl_client zen.spamhaus.org,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client bl.spamcop.net,
   permit
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

zensys

Asked: 2013-01-18 02:22:34 +0800 CST

apache mod 重写了太多的重定向

0

我正在尝试将对我的默认语言 (nl) 的所有请求重定向到 /nl.....（不向用户显示重定向）。所以 example.com 应该重定向到 example.com/nl 而不会明显改变浏览器中的 url。这是我尝试过的：

    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/en.*
    RewriteCond %{REQUEST_URI} !^/nl.*
    RewriteRule ^(.*)$  nl$1 [R,L]

重定向对用户可见 (/nl/index.php)，此外它会导致“太多重定向”。

如果我尝试 [P,L] 我会得到：无权访问此服务器上的“\”。

什么是实现我想要的正确方法？

zensys

Asked: 2012-06-18 10:15:18 +0800 CST

postfix 5.7.1 使用 cron 发送邮件时中继访问被拒绝

1

不愿意问，因为这里有太多关于“postfix relay access denied”的内容，但我找不到我的案例：

我使用 php (Zend Framework) 通过 Google 邮件服务器在我的网络之外发送电子邮件，因为我无法在我的服务器（用户：web）之外发送邮件。但是，当我通过 cron（用户：root，我相信）发送电子邮件时，仍然使用 ZF，使用相同的邮件配置/凭据，我收到消息：“5.7.1 中继访问被拒绝”

我想我需要知道两件事之一： 1. 我如何使用 cron 中的 google smtp 服务器 2. 我需要在我的配置中更改什么才能使用我自己的服务器而不是 google 发送邮件

尽管 2. 的答案是我假设的更具结构性的解决方案，但我对 1. 的答案非常满意，因为我认为 Google 在服务器维护（安全/垃圾邮件）方面比我更好。

在我的 ZF application.ini 邮件部分、main.cf 和 master.cf 下方：

application.ini:
resources.mail.transport.type = smtp
resources.mail.transport.auth = login
resources.mail.transport.host = "smtp.gmail.com"
resources.mail.transport.ssl = tls
resources.mail.transport.port = 587
resources.mail.transport.username = my.name@gmail.com
resources.mail.transport.password = xxxxxxx
resources.mail.defaultFrom.email = info@mydomain.com
resources.mail.defaultFrom.name = "my company"

main.cf:
# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.second-start.nl
mydomain = second-start.nl
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = 
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
message_size_limit = 30720000
virtual_alias_domains = 
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
# see under Spam smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

# Spam
disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
   check_helo_access hash:/etc/postfix/helo_access,
   reject_non_fqdn_hostname,
   reject_invalid_hostname,
   permit
smtpd_recipient_restrictions =
   permit_sasl_authenticated,
   reject_unauth_destination,
   reject_invalid_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   permit_mynetworks,
   reject_non_fqdn_hostname,
   reject_rbl_client sbl.spamhaus.org,
   reject_rbl_client zen.spamhaus.org,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client bl.spamcop.net,
   permit
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

主.cf：

    # ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
#submission inet n       -       -       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
    -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -   n   n   -   2   pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}

zensys

Asked: 2012-05-26 10:16:00 +0800 CST

启用 mod ssl 后，apache 停止侦听端口 80

3

我有一台安装了 zend server CE 的 ubuntu 12.04 服务器。我现在想启用 https，但是在根据文档“a2enmod ssl”和“apache 服务重启”执行了第一步之后，根据 netstat -tap |，apache 不在 443 上侦听，也不在 80 上侦听。grep http(s)!

这是我在错误日志中看到的内容，但我无法充分利用它：

    [Fri May 25 19:52:39 2012] [notice] caught SIGTERM, shutting down
[Fri May 25 19:52:41 2012] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri May 25 19:52:41 2012] [notice] ModSecurity for Apache/2.6.3 (http://www.modsecurity.org/) configured.
[Fri May 25 19:52:41 2012] [notice] ModSecurity: APR compiled version="1.4.5"; loaded version="1.4.6"
[Fri May 25 19:52:41 2012] [warn] ModSecurity: Loaded APR do not match with compiled!
[Fri May 25 19:52:41 2012] [notice] ModSecurity: PCRE compiled version="8.12"; loaded version="8.12 2011-01-15"
[Fri May 25 19:52:41 2012] [notice] ModSecurity: LUA compiled version="Lua 5.1"
[Fri May 25 19:52:41 2012] [notice] ModSecurity: LIBXML compiled version="2.7.8"
[Fri May 25 19:53:11 2012] [notice] ModSecurity for Apache/2.6.3 (http://www.modsecurity.org/) configured.
[Fri May 25 19:53:11 2012] [notice] ModSecurity: APR compiled version="1.4.5"; loaded version="1.4.6"
[Fri May 25 19:53:11 2012] [warn] ModSecurity: Loaded APR do not match with compiled!
[Fri May 25 19:53:11 2012] [notice] ModSecurity: PCRE compiled version="8.12"; loaded version="8.12 2011-01-15"
[Fri May 25 19:53:11 2012] [notice] ModSecurity: LUA compiled version="Lua 5.1"
[Fri May 25 19:53:11 2012] [notice] ModSecurity: LIBXML compiled version="2.7.8"
[Fri May 25 19:53:12 2012] [notice] Apache/2.2.22 (Ubuntu) PHP/5.3.8-ZS5.5.0 configured -- resuming normal operations

这是我的 httpd.conf：

    # Name based virtual hosting
<virtualhost *:80>

    ServerName www-redirect

    KeepAlive Off

    RewriteEngine On 
    RewriteCond %{HTTP_HOST} ^[^\./]+\.[^\./]+$ 
    RewriteRule ^/(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

</virtualhost>

Alias /shared/js "/home/web/library/js"
Alias /shared/image "/home/web/library/image"

<IfModule mod_expires.c>
          <FilesMatch "\.(jpe?g|png|gif|js|css|doc|rtf|xls|pdf)$">
                      ExpiresActive On
                      ExpiresDefault "access plus 1 week"
          </FilesMatch>
</IfModule>

ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
        allow from all
</Directory>

<Location />
        RewriteEngine On
        RewriteCond %{REQUEST_FILENAME} -s [OR]
        RewriteCond %{REQUEST_FILENAME} -l [OR]
        RewriteCond %{REQUEST_FILENAME} -d
        RewriteRule ^.*$ - [NC,L]
        RewriteRule ^.*$ /index.php [NC,L]
</Location>

netstat -tap 给出：

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:mysql                 *:*                     LISTEN      765/mysqld      
tcp        0      0 *:pop3                  *:*                     LISTEN      744/dovecot     
tcp        0      0 *:imap2                 *:*                     LISTEN      744/dovecot     
tcp        0      0 *:http                  *:*                     LISTEN      19861/apache2   
tcp        0      0 *:smtp                  *:*                     LISTEN      30365/master    
tcp        0      0 *:4444                  *:*                     LISTEN      634/sshd        
tcp        0      0 *:kamanda               *:*                     LISTEN      1167/lighttpd   
tcp        0      0 *:imaps                 *:*                     LISTEN      744/dovecot     
tcp        0      0 *:amandaidx             *:*                     LISTEN      1167/lighttpd   
tcp        0      0 localhost.loc:amidxtape *:*                     LISTEN      19861/apache2   
tcp        0      0 *:pop3s                 *:*                     LISTEN      744/dovecot     
tcp        0    384 mail.mysite.:4444 231.214.14.37.dyn:41909 ESTABLISHED 19039/sshd: web [pr
tcp        0      0 localhost.localdo:mysql localhost.localdo:48252 ESTABLISHED 765/mysqld      
tcp        0      0 mail.mysite.:http 231.214.14.37.dyn:54686 TIME_WAIT   -               
tcp        0      0 mail.mysite.:4444 231.214.14.37.dyn:42419 ESTABLISHED 19372/sshd: web [pr
tcp        0      0 localhost.localdo:48252 localhost.localdo:mysql ESTABLISHED 19884/auth      
tcp        0      0 mail.mysite.:http 231.214.14.37.dyn:54685 TIME_WAIT   -               
tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      744/dovecot     
tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      744/dovecot     
tcp6       0      0 [::]:smtp               [::]:*                  LISTEN      30365/master    
tcp6       0      0 [::]:4444               [::]:*                  LISTEN      634/sshd        
tcp6       0      0 [::]:imaps              [::]:*                  LISTEN      744/dovecot     
tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      744/dovecot

任何人都知道我做错了什么？也许我应该采取一些额外的步骤让 apache 监听 0n 443 但它完全停止监听 80 我无法理解。

telnet 无法连接到没有防火墙的端口

dovecot 的 ssl 问题

apache mod 重写了太多的重定向

postfix 5.7.1 使用 cron 发送邮件时中继访问被拒绝

启用 mod ssl 后，apache 停止侦听端口 80

新安装后 postgres 的默认超级用户用户名/密码是什么？

SFTP 使用什么端口？

命令行列出 Windows Active Directory 组中的用户？

什么是 Pem 文件，它与其他 OpenSSL 生成的密钥文件格式有何不同？

如何确定bash变量是否为空？

zensys's questions