lepe

Asked: 2023-08-01 11:11:45 +0800 CST

Postfix 警告：邮件队列中没有足够的可用空间

5

我已经检查了这篇文章中的解决方案，但找不到原因。

这是我的情况：

在 docker 容器（docker swarm）内运行 postfix。
Docker 容器没有配额。
/var/mail/mnt/shared/postfix/var/mail/从主机中安装的卷。
/mnt/shared/是一个使用glusterfs（xfs格式）的网络逻辑设备，具有3个节点。

# df -h

Filesystem       Size  Used Avail Use% Mounted on
/dev/vda2         20G   12G  7.1G  62% /
/dev/vda2         20G   12G  7.1G  62% /var/spool/postfix
/dev/vda3         60G   31G   30G  51% /gluster
mx1:shared       120G   63G   58G  52% /mnt/shared

# df -i

Filesystem        Inodes  IUsed    IFree IUse% Mounted on
/dev/vda2        1310720 200164  1110556   16% /
/dev/vda2        1310720 200164  1110556   16% /var/spool/postfix
/dev/vda3       31455744 523000 30932744    2% /gluster
mx1:shared      31455744 523000 30932744    2% /mnt/shared

# df -k

Filesystem      1K-blocks     Used Available Use% Mounted on
/dev/vda2        20466256  8816788  10584508  46% /
/dev/vda2        20466256  8816788  10584508  46% /var/spool/postfix
/dev/vda3        62880772 32043020  30837752  51% /gluster
manager1:shared 125761544 65343656  60417888  52% /mnt/shared

# gluster volume status shared detail

Status of volume: shared
------------------------------------------------------------------------------
Brick                : Brick mx1:/gluster/brick
TCP Port             : 59830               
RDMA Port            : 0                   
Online               : Y                   
Pid                  : 727880              
File System          : xfs                 
Device               : /dev/vda3           
Mount Options        : rw,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota
Inode Size           : 512                 
Disk Space Free      : 29.4GB              
Total Disk Space     : 60.0GB              
Inode Count          : 31455744            
Free Inodes          : 30932804            
------------------------------------------------------------------------------
Brick                : Brick mx2:/gluster/brick
TCP Port             : 55380               
RDMA Port            : 0                   
Online               : Y                   
Pid                  : 3784930             
File System          : xfs                 
Device               : /dev/vda3           
Mount Options        : rw,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota
Inode Size           : 512                 
Disk Space Free      : 29.4GB              
Total Disk Space     : 60.0GB              
Inode Count          : 31455744            
Free Inodes          : 30932804            
------------------------------------------------------------------------------
Brick                : Brick mx3:/gluster/brick
TCP Port             : 58943               
RDMA Port            : 0                   
Online               : Y                   
Pid                  : 3905147             
File System          : xfs                 
Device               : /dev/vda3           
Mount Options        : rw,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota
Inode Size           : 512                 
Disk Space Free      : 29.4GB              
Total Disk Space     : 60.0GB              
Inode Count          : 31455744            
Free Inodes          : 30932804

# gluster volume status shared inode

Brick : mx1:/gluster/brick
Connection 1:
LRU limit     : 16384
Active Inodes : 958
LRU Inodes    : 16383
Purge Inodes  : 0
----------------------------------------------
Brick : mx2:/gluster/brick
Connection 1:
LRU limit     : 16384
Active Inodes : 829
LRU Inodes    : 16373
Purge Inodes  : 0
----------------------------------------------
Brick : mx3:/gluster/brick
Connection 1:
LRU limit     : 16384
Active Inodes : 1087
LRU Inodes    : 16370
Purge Inodes  : 0

# postconf -n

Most relevant:

mailbox_size_limit = 100000000  
message_size_limit = 50000000   

Full config:

alias_database = texthash:/etc/aliases
alias_maps = texthash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 10m
broken_sasl_auth_clients = yes
compatibility_level = 3.6
content_filter = smtp-amavis:amavis:10024
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/config/header_checks.regex
inet_interfaces = all
inet_protocols = ipv4
mailbox_size_limit = 100000000
maillog_file = /var/log/mail.log
maximal_backoff_time = 10m
maximal_queue_lifetime = 10m
message_size_limit = 50000000
mydestination = localhost
myhostname = mail.example.com
mynetworks = /etc/postfix/config/my.networks.plain
myorigin = $myhostname
policy-spf_time_limit = 3600s
postscreen_access_list = permit_mynetworks cidr:/etc/postfix/config/postscreen_access.cidr
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map = texthash:/etc/postfix/config/dnsbl_reply
postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11] b.barracudacentral.org psbl.surriel.com bl.spamcop.net bl.spameatingmonkey.net dnsbl.sorbs.net swl.spamhaus.org*-2 list.dnswl.org=127.[0..255].[0..255].0*-2, list.dnswl.org=127.[0..255].[0..255].1*-4, list.dnswl.org=127.[0..255].[0..255].[2..3]*-6
postscreen_greet_action = drop
queue_directory = /var/spool/postfix
queue_run_delay = 5m
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_exclude_ciphers = EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2, RC4, aNULL
smtp_tls_loglevel = $smtpd_tls_loglevel
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_protocols = $smtpd_tls_protocols
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = $smtpd_tls_protocols
smtp_tls_security_level = $smtpd_tls_security_level
smtpd_banner = $myhostname ESMTP
smtpd_client_connection_rate_limit = 60
smtpd_client_message_rate_limit = 100
smtpd_client_new_tls_session_rate_limit = 60
smtpd_client_recipient_rate_limit = 100
smtpd_client_restrictions = check_client_access texthash:/etc/postfix/config/client_access.hash permit_mynetworks reject_unauth_pipelining permit_sasl_authenticated permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 1s
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated reject_invalid_helo_hostname permit
smtpd_recipient_restrictions = reject_non_fqdn_recipient check_recipient_access texthash:/etc/postfix/config/recipient_access.hash check_sender_access texthash:/etc/postfix/config/sender_access.hash permit_sasl_authenticated check_policy_service unix:private/policy-spf warn_if_reject reject_unknown_recipient_domain permit_mynetworks reject_unauth_destination warn_if_reject reject_unverified_recipient reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99] reject_rhsbl_helo dbl.spamhaus.org=127.0.1.[2..99] reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[2..99] warn_if_reject reject_rbl_client zen.spamhaus.org=127.255.255.[1..255] permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = inet:dovecot:999
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = mysql:/etc/postfix/mysql.users.cf
smtpd_sender_restrictions = check_sender_access texthash:/etc/postfix/config/sender_access.hash permit_sasl_authenticated permit_mynetworks reject_non_fqdn_sender permit
smtpd_soft_error_limit = 10
smtpd_tls_CAfile = /etc/postfix/ssl/chain.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/cert.pem
smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem
smtpd_tls_eecdh_grade = strong
smtpd_tls_exclude_ciphers = EXPORT, LOW, MD5, SEED, IDEA, RC2, RC4, aNULL
smtpd_tls_key_file = /etc/postfix/ssl/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = $smtpd_tls_protocols
smtpd_tls_protocols = >=TLSv1.2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_preempt_cipherlist = yes
tls_random_source = dev:/dev/urandom
transport_maps = texthash:/etc/postfix/config/transport.hash
virtual_alias_maps = mysql:/etc/postfix/mysql.aliases.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail
virtual_mailbox_domains = mysql:/etc/postfix/mysql.domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql.users.cf
virtual_minimum_uid = 5000
virtual_uid_maps = static:5000

错误看起来像：

warning: not enough free space in mail queue: 0 bytes < 1.5*message size limit
94AA9C30D6: to=<info@mail.example.com>, orig_to=<info@example.com>, relay=amavis[10.0.5.92]:10024, delay=376, delays=371/0/0/5.3, dsn=4.3.1, status=deferred (host amavis[10.0.5.92] said: 452 4.3.1 id=97454-19 - Temporary MTA failure on relaying, from MTA(smtp:[postfix]:10025): 452 4.3.1 Insufficient system storage (in reply to end of DATA command))

邮件队列实际上是空的（由mailq报告）

postfix 报告的可用空间逐渐减少，直至达到 0。这个值从何而来？有没有办法获得 postfix“看到”的总可用空间？

最终我重新启动了服务器，我不再看到那些警告/错误。但我怀疑这个问题迟早会再次出现。我不想每次都重新启动服务器，所以我想知道为什么会发生这种情况。

lepe

Asked: 2021-11-11 21:06:03 +0800 CST

NET::ERR_CERT_AUTHORITY_INVALID 在 Windows 中使用自签名 CA

1

我创建了一个（自签名）根证书，并使用我用 Java 开发的系统签署了一个 Web 服务器证书（该 Web 证书用于 Apache 2.4.41）。

证书在 Linux 和 Mac 中正常工作（在不同的 Webkit 浏览器和 Firefox 中测试）。证书和服务器设置A+使用testssl.sh得分。

CA 证书在没有任何警告的情况下正确安装，但在 Windows 中不被接受（仍然显示红色三角形警告和NET::ERR_CERT_AUTHORITY_INVALID错误）（使用 2 个 Windows 10 设备进行测试，其中一个是全新安装）。在 Chrome、Edge 和 Firefox 中测试。

我尝试了很多事情：

使用certlm.msc, certutil.exe, 通过settings或双击文件安装它们
本地或用户范围
使用不同的设置重新生成根证书
更改 Apache 设置
重新启动浏览器和计算机
停止杀毒软件

我已经阅读了这个站点中的相关问题（似乎没有解决它）并且我已经查看了其他网站的解决方案，但没有成功。

这是同一系统生成的假CA证书（设置相同，只是这里的密钥长度为1024，以减少本文的大小）：

密钥和证书：

加州摘要

Version: 3
         SerialNumber: 6873848332899071428
             IssuerDN: CN=Fake Authority,C=US,ST=CA,L=LA,O=Example LTD,OU=None,E=webmaster@example.com
           Start Date: Thu Nov 11 06:06:53 JST 2021
           Final Date: Fri Nov 11 00:00:00 JST 2022
            SubjectDN: CN=Fake Authority,C=US,ST=CA,L=LA,O=Example LTD,OU=None,E=webmaster@example.com
           Public Key: RSA Public Key [b8:07:ef:1f:8e:91:c0:ab:12:db:38:3f:76:e7:0a:7f:21:9d:fe:49],[56:66:d1:a4]
        modulus: 983fc7e042334c460e2682a9ce61fbcdf0ae367f1d5c5a67b1872bb83fb1c6b87ef175290b800eac7e8837de8713696798428e602c8018169086dc13431dfc2eacad24564b8fc47a800f4601492b693948d0b42f54082340ca734c52ef2f4246a7283c5594b7b9dc51ebb04591a60cc61b362a9c6a68230967e720f441ee4815
public exponent: 10001

  Signature Algorithm: SHA256WITHRSA
            Signature: 610d8fbef7d049ef56b46ea9789e01e766c6d4cc
                       ec53e8c4f71738a1611fbde924a633a467875b93
                       cf6005578066c4b175f7dc41f14fc91284f6fb9b
                       62b77dc6e7a6500184e7567232a25631ac05471b
                       57755d5ee9ad4e4c7d6a2a4b3ad686f0b51b9104
                       ec1ea145b82ab3928022c1dd58665ca55e609895
                       869bc90b1ce2fcc2
       Extensions: 
                       critical(true) BasicConstraints: isCa(true)
                       critical(true) KeyUsage: 0x6
                       critical(false) 2.5.29.14 value = DER

服务器证书

证书摘要

Version: 3
         SerialNumber: 6648705147606043571
             IssuerDN: CN=Fake Authority,C=US,ST=CA,L=LA,O=Example LTD,OU=None,E=webmaster@example.com
           Start Date: Thu Nov 11 06:08:37 JST 2021
           Final Date: Fri Nov 11 00:00:00 JST 2022
            SubjectDN: CN=fake.example.com,C=US,ST=CA,L=LA,O=Example LTD,OU=None,E=fake@example.com
           Public Key: RSA Public Key [2e:cd:8e:16:02:6f:b3:27:16:01:21:cb:1a:2b:9b:27:18:71:86:87],[56:66:d1:a4]
        modulus: 8cccc3f04931d04dac6eaed7e71455572d79c33a4a251b68ae0381fb2a43eb8b3676e2f968142537e77c2c4f661527dca4230f98e7cbd7a84c3c42396138731131eb5679a10c1f9eb6ba16a46fc4be280ad037b49987dbf0ed317b3b0882220fec59c95ef3b8fd1134a736d6783341cc43eb3e00e5f48c32c35805b4f305e4d215c038732f69aaa70b736823de3f8e842812572d682a5486ba2f92698322b247b9fa6552d31d26baa4ce1ad47f328792c95304b7931c01c780d757e392636226d996a558deb2e7b3d3480c8375f7d722027269a9296fa7ae5230b254305169da458ad3f4bc8274e8e354237063013584782a21803e664fce3691405c3d1bc99d
public exponent: 10001

  Signature Algorithm: SHA256WITHRSA
            Signature: 88dd18b477a5ba113a2145a18a2d2a87e520dfff
                       f8340bdb76ae9da8c7ca68063b803253c7b519fa
                       6df302eb122cab39e30d86529e2d9810c7fa6012
                       e2be299ba3dad80b5f04fc8e6ee4ab2abc86becd
                       ee5565de54ecef3ee3ef1469ff91fd17b881d7fb
                       789de3d3688fe1df3029ebdf51f0fc55cb9d771f
                       66ad6aa5b8211929
       Extensions: 
                       critical(true) BasicConstraints: isCa(false)
                       critical(false) 2.5.29.35 value = Sequence
    Tagged [0] IMPLICIT 
        DER Octet String[20] 

                       critical(true) KeyUsage: 0xa8
                       critical(false) 2.5.29.17 value = Sequence
    Tagged [1] IMPLICIT 
        DER Octet String[16] 
    Tagged [2] IMPLICIT 
        DER Octet String[16] 
    Tagged [2] IMPLICIT 
        DER Octet String[20] 

                       critical(false) 2.5.29.14 value = DER

我的设置有什么问题？

lepe

Asked: 2021-10-16 02:45:15 +0800 CST

PHP5 到 PHP7 意外增加容器内的内存使用量

0

上周我们更新了几个 wordpress 站点，这些站点通过 LXD 将 Alpine Linux 作为主机（Ubuntu 20.04）中的容器运行。

更新摘要如下：

Alpine Linux v3.8 -> 3.14
PHP 5.3.6 -> 7.4.24
Wordpress 5.0.3 -> 5.7.3

问题

在这些更新之后，我们开始遇到服务器性能问题，我们发现更新后的容器使用的内存（常驻内存）是旧容器的 3 倍或更多（大约 150MB 对 50MB），这导致服务器开始更频繁地交换。

在旧版本中（使用 PHP 5.3），php（进程）使用的内存会随着页面的处理（如预期的那样）增加，但在它完成后，它会恢复正常。换句话说，类似于：10MB---> 95MB---> 10MB。

在更新的容器中，所使用的内存php以相同的方式增加，但不会恢复到“正常”：10MB---> 95MB---> 95MB。每次使用新进程时，都会发生同样的情况，通过可用子进程的数量（在本例中为每个站点 4 个）增加内存使用量。

我试过的

将 PHP 版本降级到7.2.x和7.3.x：同样的事情
更新为php 8.0.11：同样的问题
使用apache2而不是lighttpd（当前 php 作为 fcgi 运行）：相同的行为
仅更新 Alpine 和 PHP 以确定 Wordpress 是否可能是原因：wordpress 不是原因
在没有插件的情况下运行 wordpress（以了解某些插件是否可能导致问题）：没有变化
执行了一个简单的连接循环（纯 php）：同样的事情
在具有不同 wordpress 站点的不同服务器中测试：相同的行为

它没有恢复内存的原因是什么？如何修复？

更新

我设置了一个干净的Alpine 3.14容器并执行了“简单循环”测试。在这种情况下，常驻内存按预期减少了。但是，一旦我使用实际的 wordpress 站点进行测试，问题仍然存在。
我设置了一个干净的Ubuntu 20.04容器并进行了相同的测试。结果与 clean 相同Alpine 3.14。

lepe

Asked: 2021-05-23 01:08:28 +0800 CST

如何在 spamassassin 中匹配日语？

5

我住在日本。最近有很多来自中国的垃圾邮件，都是用中文写的。由于 spamassassin 不包含针对中文的规则，因此大多数这些电子邮件都以低分通过。

我想确定电子邮件何时仅用中文编写。由于大多数日语汉字都包含在中文范围内（U+E400 到 U+E9FF），因此识别日语的一种方法是查看平假名（U+3040 到 U+309F）和片假名（U+30A0 到 U +30FF）。如果它包含平假名或片假名，我可以安全地假设是日语，否则是中文。

如果我测试单个字符，例如：あ或者ア它们正确匹配，但是当我使用范围时它不起作用。这是我们尝试过的：

body    CHINESE       /[\xe4-\xe9]/                 <--- this form seems to work fine
body    JAPANESE      /[\x30-\x31]/                 <--- not sure what is actually matching
body    JAPANESE      /(あ|え)/                      <---- this matches single character just fine
body    JAPANESE      /[あ-ん]/                      <--- doesn't work
body    JAPANESE      /[U+3040-U+30FF]/              <--- doesn't work
body    JAPANESE      /[\xe3\x81\x81-\xe3\x82\x96]/  <--- doesn't work
body    JAPANESE      /[\x{3040}-\x{30FF}]/          <--- doesn't work

我真的不知道我在做什么了。我知道上面的一些没有意义......

指定这些范围的正确方法是什么？

lepe

Asked: 2019-10-04 17:20:37 +0800 CST

Alpine Linux：致命：privsep_preauth：preauth child 被信号 31 终止

2

我有一些装有 Alpine Linux 的容器。昨天我将其中两个从 v3.8 更新到 v3.10。OpenSSH 服务器从升级7.7_p1-r4到8.0_p1-r0. 之后，客户端无法登录。

注意：使用默认 sshd 配置，未进行任何编辑。

这是客户端日志：

OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.0.100.200 [10.0.100.200] port 22.
debug1: Connection established.
debug1: identity file /home/.ssh/id_rsa type -1
debug1: identity file /home/.ssh/id_rsa-cert type -1
debug1: identity file /home/.ssh/id_dsa type -1
debug1: identity file /home/.ssh/id_dsa-cert type -1
debug1: identity file /home/.ssh/id_ecdsa type -1
debug1: identity file /home/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/.ssh/id_ed25519 type -1
debug1: identity file /home/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "10.0.100.200" from file "/home/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/.ssh/known_hosts:15
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup hmac-sha1-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-sha1-etm@openssh.com none
debug2: mac_setup: setup hmac-sha1-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-sha1-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA ef:c3:27:6b:30:9b:a9:dc:d3:f7:f8:fb:5f:a4:85:8c
debug3: load_hostkeys: loading entries for host "10.0.100.200" from file "/home/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/.ssh/known_hosts:15
debug3: load_hostkeys: loaded 1 keys
debug1: Host '10.0.100.200' is known and matches the ECDSA host key.
debug1: Found key in /home/.ssh/known_hosts:15
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/.ssh/id_rsa ((nil)),
debug2: key: /home/.ssh/id_dsa ((nil)),
debug2: key: /home/.ssh/id_ecdsa ((nil)),
debug2: key: /home/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/.ssh/id_rsa
debug3: no such identity: /home/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/.ssh/id_dsa
debug3: no such identity: /home/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/.ssh/id_ecdsa
debug3: no such identity: /home/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/.ssh/id_ed25519
debug3: no such identity: /home/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: 
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
tester@10.0.100.200's password: 
debug3: packet_send2: adding 64 (len 51 padlen 13 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
Authenticated to 10.0.100.200 ([10.0.100.200]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
Write failed: Broken pipe

这是服务器上的日志：

debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 248
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 4, 4
Connection from 10.0.100.1 port 53759 on 10.0.100.200 port 22
debug1: Local version string SSH-2.0-OpenSSH_8.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13 pat OpenSSH_6.6.1* compat 0x04000002
debug2: fd 4 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 31051
debug3: preauth child monitor started
debug3: privsep user:group 22:22 [preauth]
debug1: permanently_set_uid: 22/22 [preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug3: receive packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: local server KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth]
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: none,zlib@openssh.com [preauth]
debug2: compression stoc: none,zlib@openssh.com [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug2: peer client KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss [preauth]
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth]
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth]
debug2: MACs ctos: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: MACs stoc: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: compression ctos: none,zlib@openssh.com,zlib [preauth]
debug2: compression stoc: none,zlib@openssh.com,zlib [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1-etm@openssh.com compression: none [preauth]
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1-etm@openssh.com compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug3: receive packet: type 30 [preauth]
debug3: mm_sshkey_sign entering [preauth]
debug3: mm_request_send entering: type 6 [preauth]
debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect entering: type 7 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_sign
debug3: mm_answer_sign: hostkey proof signature 0x7f128dbdd4e0(101)
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: send packet: type 31 [preauth]
debug3: send packet: type 21 [preauth]
debug2: set_newkeys: mode 1 [preauth]
debug1: rekey out after 4294967296 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug3: receive packet: type 21 [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug2: set_newkeys: mode 0 [preauth]
debug1: rekey in after 4294967296 blocks [preauth]
debug1: KEX done [preauth]
debug3: receive packet: type 5 [preauth]
debug3: send packet: type 6 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user tester service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug3: mm_getpwnamallow entering [preauth]
debug3: mm_request_send entering: type 8 [preauth]
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
debug3: mm_request_receive_expect entering: type 9 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 8
debug3: mm_answer_pwnamallow
debug2: parse_server_config: config reprocess config len 248
debug3: auth_shadow_acctexpired: today 18173 sp_expire -1 days left -18174
debug3: account expiration disabled
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 9
debug2: monitor_read: 8 used once, disabling now
debug2: input_userauth_request: setting up authctxt for tester [preauth]
debug3: mm_inform_authserv entering [preauth]
debug3: mm_request_send entering: type 4 [preauth]
debug2: input_userauth_request: try method none [preauth]
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 1.154ms, delaying 7.514ms (requested 8.667ms) [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 4 used once, disabling now
debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
debug3: send packet: type 51 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user tester service ssh-connection method keyboard-interactive [preauth]
debug1: attempt 1 failures 0 [preauth]
debug2: input_userauth_request: try method keyboard-interactive [preauth]
debug1: keyboard-interactive devs  [preauth]
debug1: auth2_challenge: user=tester devs= [preauth]
debug1: kbdint_alloc: devices '' [preauth]
debug2: auth2_challenge_start: devices  [preauth]
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 0.031ms, delaying 8.636ms (requested 8.667ms) [preauth]
debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
debug3: send packet: type 51 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user tester service ssh-connection method password [preauth]
debug1: attempt 2 failures 1 [preauth]
debug2: input_userauth_request: try method password [preauth]
debug3: mm_auth_password entering [preauth]
debug3: mm_request_send entering: type 12 [preauth]
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
debug3: mm_request_receive_expect entering: type 13 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 12
debug3: auth_shadow_pwexpired: today 18173 sp_lstchg 18172 sp_max 99999
debug3: mm_answer_authpassword: sending result 1
debug3: mm_request_send entering: type 13
Accepted password for tester from 10.0.100.1 port 53759 ssh2
debug1: monitor_child_preauth: tester has been authenticated by privileged process
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_request_receive_expect entering: type 26
debug3: mm_request_receive entering
debug3: mm_get_keystate: GOT new keys
debug3: mm_auth_password: user authenticated [preauth]
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 10.636ms, delaying 6.699ms (requested 8.667ms) [preauth]
debug3: send packet: type 52 [preauth]
debug3: mm_request_send entering: type 26 [preauth]
debug3: mm_send_keystate: Finished sending state [preauth]
debug1: monitor_read_log: child log fd closed
privsep_preauth: preauth child terminated by signal 31
debug1: do_cleanup

我看过几个类似的错误报告，但其中大多数都已经很老了。一些帖子建议添加UsePrivilegeSeparation选项，但已被弃用。7.7如果我通过设置 3.8 存储库并卸载/安装 openssh来返回使用版本，一切正常。

因为我会不断更新容器，所以我想知道我能做些什么来解决这个问题。

lepe

Asked: 2019-06-21 22:56:19 +0800 CST

PHP curl_exec 使用 HTTPS 失败

0

我有一个失败的 wordpress 网站。我跟踪了这个问题，发现这是由于curl_exec()HTTPS 站点失败造成的。

我在带有 lighttpd 的 Alpine Linux v3.8 容器中运行 php 5.6。

日志（error.log）没有提供太多信息：

(http-header-glue.c.1250) read(): Connection reset by peer 8 9 (gw_backend.c.2149) response not received, request sent: 1017 on socket: unix:/var/run/lighttpd/php.socket-0 for /curl_test.php?, closing connection

这些是已安装的相关软件包：

php5-common-5.6.40-r0
php5-cgi-5.6.40-r0
php5-gd-5.6.40-r0
php5-iconv-5.6.40-r0
php5-json-5.6.40-r0
php5-mysqli-5.6.40-r0
php5-zip-5.6.40-r0
php5-xml-5.6.40-r0
php5-dom-5.6.40-r0
php5-intl-5.6.40-r0
php5-ctype-5.6.40-r0
php5-mysql-5.6.40-r0
php5-openssl-5.6.40-r0
php5-curl-5.6.40-r0
curl-7.61.1-r2
libcurl-7.64.1-r1
libssl1.1-1.1.1b-r1
ssl_client-1.30.1-r1
libressl2.7-libcrypto-2.7.5-r0
libressl2.7-libssl-2.7.5-r0
libssl1.0-1.0.2r-r0
lighttpd-1.4.53-r1
lighttpd-openrc-1.4.53-r1
openssl-1.0.2r-r0
ca-certificates-cacert-20190108-r0
ca-certificates-20190108-r0

我试图在屏幕上显示错误（使用error_reporting等），但它似乎在能够得到错误之前就崩溃了。

我发现了这个类似的问题，但我相信它不是关于代码，而是更多关于我的安装中缺少的一些库或设置。

我用于测试的代码是：

error_reporting(E_ALL); ini_set('display_errors', 1);
$curl = curl_init( 'https://example.com' );
curl_setopt($curl, CURLOPT_CAINFO, '/etc/lighttpd/cacert.pem');
curl_setopt($curl, CURLOPT_CAPATH, '/etc/ssl/certs');
curl_setopt( $curl, CURLOPT_POST, true );
curl_setopt( $curl, CURLOPT_POSTFIELDS, array( 'field1' => 'some data', 'field2' => 'some more data' ) );
curl_setopt( $curl, CURLOPT_RETURNTRANSFER, true );
$response = curl_exec( $curl );
curl_close( $curl );

注意：我从这里下载了 cacert.pem ，并且/etc/ssl/certs/不是空的。

显示的错误是：“500 内部服务器错误”。

甚至无法禁用 SSL 检查：

curl_setopt($curl, CURLOPT_VERBOSE, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);

如果我将其改为“http”而不是“https”，则一切正常。

我错过了什么？

更新 (1)

在这个问题之后，我执行了：

$w = stream_get_wrappers();
echo 'openssl: ',  extension_loaded  ('openssl') ? 'yes':'no', "\n";
echo 'http wrapper: ', in_array('http', $w) ? 'yes':'no', "\n";
echo 'https wrapper: ', in_array('https', $w) ? 'yes':'no', "\n";
echo 'wrappers: ', var_export($w);

结果是：

openssl: yes
http wrapper: yes
https wrapper: yes
wrappers: array (
  0 => 'compress.zlib',
  1 => 'php',
  2 => 'file',
  3 => 'glob',
  4 => 'data',
  5 => 'http',
  6 => 'ftp',
  7 => 'https',
  8 => 'ftps',
  9 => 'zip',
)

注：allow_url_fopen已开启。

更新 (2)

我将网站移到一个新容器中，它运行良好。一些图书馆或其他东西导致了这个问题。

lepe

Asked: 2019-04-25 18:24:18 +0800 CST

Postfix/Amavis : 单独发送群消息，如果一个收件人失败也不失败

0

背景：

我们有一个在线商店，它使用 SMTP 服务器发送消息。当客户下订单时，系统会将确认信息发送到客户的地址 (A)，并将副本发送到注册在同一 SMTP 服务器中的其他两个帐户（B 和 C）。

问题：

如果客户输入了错误的电子邮件地址（例如：tom@gmail.co<- 请注意它应该是com），它会退回所有组，并且 (B) 或 (C) 都不会收到消息。

日志：

Apr 25 10:12:37 smtp_server postfix/smtpd[8153]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.1.2 <tom@gmail.co>: Recipient address rejected: Domain not found; from=<system@orders.example.com> to=<tom@gmail.co> proto=ESMTP helo=<localhost>
Apr 25 10:12:37 smtp_server amavis[12654]: (12654-06) (!)mail_via_smtp: NOTICE: aborting SMTP session, Bail out, DATA accepted but tempfailed recips, not a LMTP input at (eval 134) line 979.
Apr 25 10:12:37 smtp_server amavis[12654]: (12654-06) (!)FWD from <system@orders.example.com> -> <tom@gmail.co>,<backup@example.com>,BODY=7BIT 451 4.5.0 From MTA(smtp:[127.0.0.1]:10025) during fwd-data-chkpnt (Bail out, DATA accepted but tempfailed recips, not a LMTP input at (eval 134) line 979.): id=12654-06
Apr 25 10:12:37 smtp_server amavis[12654]: (12654-06) Blocked MTA-BLOCKED {TempFailedOpenRelay}, [111.222.111.222]:41916 [111.222.111.222] <system@orders.example.com> -> <tom@gmail.co>,<backup@example.com>, Queue-ID: 4DA411806E13C, Message-ID: <cf7e32ff-1b33-9672-808a-0edfe7ede5f4@aju-cil.com>, mail_id: DZSKWfuau0Pu, Hits: 0.8, size: 745, 3627 ms
Apr 25 10:12:37 smtp_server postfix/smtp[31968]: 4DA411806E13C: to=<tom@gmail.co>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.8, delays=0.17/0/0/3.6, dsn=4.1.2, status=deferred (host 127.0.0.1[127.0.0.1] said: 450 4.1.2 id=12654-06 - Temporary MTA failure on relaying, from MTA(smtp:[127.0.0.1]:10025): 450 4.1.2 <tom@gmail.co>: Recipient address rejected: Domain not found (in reply to end of DATA command))

预期的：

无论（A）地址是否错误，（B）或（C）都应该收到电子邮件。

笔记：

如果我使用 TO、CC 或 BCC 从我的个人计算机向这些帐户发送电子邮件，也会发生同样的情况。所以我得出结论，可以在邮件服务器上做一些事情。

postfix 或 amavis 中是否有任何设置阻止这种情况发生或我应该添加以使其工作？

lepe

Asked: 2017-05-14 22:02:18 +0800 CST

LXD + Galera Cluster + Max Scale：关闭服务器！=停止容器

0

我有一个有 4 个节点的 galera 集群。2 个在一个服务器（服务器主）和 2 个在另一个服务器（服务器从）。

集群通过“Max Scale”进行控制。

所有设置似乎都是正确的，因为复制工作正常，SHOW STATUS LIKE 'wsrep_cluster_size'报告所有节点的大小正确，关闭主节点成功转移到下一个节点等。

maxscale 服务器状态报告：（为简单起见进行了总结）

Master, Synced, Running | Slave, Synced, Running | Slave, Synced, Running

如果我在“server-master”中同时执行停止两个容器，则主数据库成功分配给“slave”中的第一个容器。

maxscale 服务器状态报告：

Down | Down | Master, Synced, Running | Slave, Synced, Running

问题是：如果我关闭 server-master，

maxscale 服务器状态报告：

Down, Down, Running, Running

并尝试连接到集群导致连接失败。一段时间后，报告所有节点Down。

我不明白为什么关闭服务器不能按预期工作。

更新

我发现如果我关闭“server-master”中的第二个节点，然后关闭服务器，“master”会成功分配给“server-slave”，但是几分钟后所有节点都关闭了。：/

Servers: Ubuntu Servers 16.04 x64
MaxScale version: 2.0.5
LXD version: 2.13
Galera version (3): 25.3.20-xenial
Guide followed: https://www.digitalocean.com/community/tutorials/how-to-configure-a-galera-cluster-with-mariadb-10-1-on-ubuntu-16-04-servers

lepe

Asked: 2014-09-12 17:59:32 +0800 CST

一致：-仅在冲突时强制

0

根据 Unison Manual，使用 -force < root >：

包括偏好 -force root 会导致 Unison 解决所有差异（甚至是非冲突更改）以支持 root。

但是，我只想在冲突的更改中强制它，我该怎么做？

lepe

Asked: 2014-08-16 21:59:22 +0800 CST

Munin 不在 Ubuntu Server 14.04 中创建 HTML 文件

5

我已经在几台服务器上使用了 munin，这是第一次花费我这么多时间来设置它。

当我直接 telnet munin 时，我可以列出服务，日志没有错误，并且 munin 每 5 分钟更新一次。但是没有创建 html 文件。我正在使用默认位置（/var/cache/munin/www），我可以确认该目录的权限设置为 munin.munin

（IP和域名已更改）

munin.conf：

dbdir   /var/lib/munin
htmldir /var/cache/munin/www
logdir  /var/log/munin
rundir  /var/run/munin
[example.ne.jp;]
    address 100.100.50.200

munin-node.conf：

log_level 4
log_file /var/log/munin/munin-node.log
pid_file /var/run/munin/munin-node.pid
background 1
setsid 1
user root
group root
host_name example.ne.jp
allow ^127\.0\.0\.1$
allow ^100\.100\.50\.200$
allow ^::1$

/etc/hosts：

100.100.50.200 example.ne.jp mail.example.ne.jp
127.0.0.1      localhost

$ 远程登录 example.ne.jp 4949

Trying 100.100.50.200...
Connected to example.ne.jp.
Escape character is '^]'.
# munin node at example.ne.jp

list

apache_accesses apache_processes apache_volume cpu cpuspeed df df_inode entropy fail2ban forks fw_packets if_err_eth0 if_err_eth1 if_eth0 if_eth1 interrupts ipmi_fans ipmi_power ipmi_temp irqstats load memory munin_stats mysql_bin_relay_log mysql_commands mysql_connections mysql_files_tables mysql_innodb_bpool mysql_innodb_bpool_act mysql_innodb_insert_buf mysql_innodb_io mysql_innodb_io_pend mysql_innodb_log mysql_innodb_rows mysql_innodb_semaphores mysql_innodb_tnx mysql_myisam_indexes mysql_network_traffic mysql_qcache mysql_qcache_mem mysql_replication mysql_select_types mysql_slow mysql_sorts mysql_table_locks mysql_tmp_tables ntp_2001:e40:100:208::123 ntp_91.189.94.4 ntp_kernel_err ntp_kernel_pll_freq ntp_kernel_pll_off ntp_offset ntp_states open_files open_inodes postfix_mailqueue postfix_mailvolume proc_pri processes swap threads uptime users vmstat

fetch df

_dev_sda3.value 2.1762874086869
_sys_fs_cgroup.value 0
_run.value 0.0503536980635825
_run_lock.value 0
_run_shm.value 0
_run_user.value 0
_dev_sda5.value 0.0176986285727571
_dev_sda8.value 1.08464646179852
_dev_sda7.value 0.0346633563514803
_dev_sda9.value 6.81031810822797
_dev_sda6.value 9.0932802215469
.

/var/log/munin/munin-node.log

Process Backgrounded
2014/08/16-14:13:36 Munin::Node::Server (type Net::Server::Fork) starting! pid(19610)
Binding to TCP port 4949 on host 100.100.50.200 with IPv4
2014/08/16-14:23:11 CONNECT TCP Peer: "[100.100.50.200]:55949" Local: "[100.100.50.200]:4949"
2014/08/16-14:36:16 CONNECT TCP Peer: "[100.100.50.200]:56209" Local: "[100.100.50.200]:4949"

/var/log/munin/munin-update.log

...
2014/08/16 14:30:01 [INFO]: Starting munin-update
2014/08/16 14:30:01 [INFO]: Munin-update finished (0.00 sec)
2014/08/16 14:35:02 [INFO]: Starting munin-update
2014/08/16 14:35:02 [INFO]: Munin-update finished (0.00 sec)
2014/08/16 14:40:01 [INFO]: Starting munin-update
2014/08/16 14:40:01 [INFO]: Munin-update finished (0.00 sec)

$ ls -la /var/cache/munin/www/

drwxr-xr-x 3 munin munin   19 Aug 16 13:55 .
drwxr-xr-x 3 root  root    16 Aug 16 13:54 ..
drwxr-xr-x 2 munin munin 4096 Aug 16 13:55 static

关于它为什么不起作用的任何想法？

编辑

这是 /var/log/munin/ log 几天后的样子：

-rw-r----- 1 www-data    0 Aug 16 13:54 munin-cgi-graph.log
-rw-r----- 1 www-data    0 Aug 16 13:54 munin-cgi-html.log
-rw-rw-r-- 1 munin       0 Aug 16 13:55 munin-html.log
-rw-r----- 1 munin       0 Aug 19 06:18 munin-limits.log
-rw-r----- 1 munin     15K Aug 18 14:10 munin-limits.log.1
-rw-r----- 1 munin    1.8K Aug 18 06:15 munin-limits.log.2.gz
-rw-rw-r-- 1 munin    1.3K Aug 17 06:15 munin-limits.log.3.gz
-rw-r--r-- 1 root     6.5K Aug 16 13:55 munin-node-configure.log
-rw-r--r-- 1 root        0 Aug 17 06:18 munin-node.log
-rw-r--r-- 1 root      420 Aug 16 14:52 munin-node.log.1.gz
-rw-r----- 1 munin       0 Aug 19 06:18 munin-update.log
-rw-r----- 1 munin     11K Aug 18 14:10 munin-update.log.1
-rw-r----- 1 munin    1.6K Aug 18 06:15 munin-update.log.2.gz
-rw-rw-r-- 1 munin    1.5K Aug 17 06:15 munin-update.log.3.gz

更新

尝试直接执行 munin-cron 或 munin-html (su - munin --shell=/bin/bash)，

$ perl /usr/share/munin/munin-html
$ /usr/bin/munin-cron --debug

显示此错误：

not a reference at /usr/share/perl5/Munin/Master/Utils.pm line 863.

主机名（或 uname -n）：（例如更改域）

example.ne.jp

根据： http: //www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1248923.html

在全新安装其他发行版时，这个错误似乎也随机出现。

它总是由没有配置节点引起的，或者更确切地说是单个节点配置不正确。

主节点和节点中节点的命名配置不匹配（触发时通常都在同一主机上）

lepe

Asked: 2013-05-18 00:36:51 +0800 CST

在不访问根域的情况下验证子域的证书

2

我们想为在其自己的服务器上托管的子域替换过期的证书，例如：

department.area.city.gov

我们只能控制该服务器和子域。由于安全原因（最近更改），没有 *@city.gov 电子邮件帐户（通常的验证方式，例如，webmaster@city.gov），我们无法说服他们添加文件或修改 DNS 设置为了验证（COMODO 替代品）。

如何解决这个问题？有没有人有过这种情况的经验？

Postfix 警告：邮件队列中没有足够的可用空间

NET::ERR_CERT_AUTHORITY_INVALID 在 Windows 中使用自签名 CA

密钥和证书：

加州摘要

服务器证书

证书摘要

PHP5 到 PHP7 意外增加容器内的内存使用量

问题

我试过的

更新

如何在 spamassassin 中匹配日语？

Alpine Linux：致命：privsep_preauth：preauth child 被信号 31 终止

PHP curl_exec 使用 HTTPS 失败

Postfix/Amavis : 单独发送群消息，如果一个收件人失败也不失败

背景：

问题：

预期的：

笔记：

LXD + Galera Cluster + Max Scale：关闭服务器！=停止容器

一致：-仅在冲突时强制

Munin 不在 Ubuntu Server 14.04 中创建 HTML 文件

在不访问根域的情况下验证子域的证书

新安装后 postgres 的默认超级用户用户名/密码是什么？

SFTP 使用什么端口？

命令行列出 Windows Active Directory 组中的用户？

什么是 Pem 文件，它与其他 OpenSSL 生成的密钥文件格式有何不同？

如何确定bash变量是否为空？

lepe's questions

密钥和证书：

加州摘要

服务器证书

证书摘要

问题

我试过的

更新

背景：

问题：

预期的：

笔记：