主页 / ubuntu / 问题 / 1155760
Accepted
Santiago Madrid
Asked: 2019-07-04 12:44:41 +0800 CST

为什么 postfix/dovecot 不接收来自 Gmail 的邮件?

  • 772

我正在使用带有 ubuntu 16.04 Xenial 的 EC2 虚拟机上设置使用 Dovecot SASL 身份验证的 Postfix 服务器。我可以将邮件发送到我的 Gmail 帐户,但我无法接收它们。它应该将邮件存储在“usr/Maildir”中。如果我从 telnet 会话发送邮件,我也可以接收邮件。

我的设置是:

在 /etc/postfix/main.cf

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/mycrt.crt
smtpd_tls_key_file = /etc/postfix/ssl/mymail.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.mydomain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydomain = domain.com
mydestination = localhost.$mydomain, localhost, $mydomain
relayhost =
relay_domains = $mydestination
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = host
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
html_directory = /usr/share/doc/postfix/html
home_mailbox = Maildir/
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = mydomain.com
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_CAfile = /etc/ssl/certs/mycert.pem
smtpd_sasl_authenticated_header = yes
smtpd_sender_restrictions = reject_unknown_sender_domain
mailbox_command =
smtp_use_tls = yes
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_auth_only = no

在 /etc/dovecot/10-master.conf

# Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }

在 /conf.d/10-auth.conf

# Space separated list of wanted authentication mechanisms:
#   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
#   gss-spnego
# NOTE: See also disable_plaintext_auth setting.
auth_mechanisms = plain login


#!include auth-deny.conf.ext
#!include auth-master.conf.ext

!include auth-system.conf.ext
#!include auth-sql.conf.ext
#!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-vpopmail.conf.ext
#!include auth-static.conf.ext

/var/log/mail.err 中的错误消息

Jul  3 19:29:46 ip-172-31-0-124 dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
Jul  3 19:29:46 ip-172-31-0-124 dovecot: auth: Error: net_connect_unix(anvil-auth-penalty) failed: Permission denied

和 /var/log/mail.log

Jul  3 22:41:38 ip-172-31-0-124 postfix/smtpd[18851]: connect from unknown[45.13.39.19]
Jul  3 22:41:40 ip-172-31-0-124 postfix/smtpd[18976]: connect from mail-vs1-f46.google.com[209.85.217.46]
Jul  3 22:41:40 ip-172-31-0-124 postfix/smtpd[18976]: lost connection after STARTTLS from mail-vs1-f46.google.com[209.85.217.46]
Jul  3 22:41:40 ip-172-31-0-124 postfix/cleanup[19071]: A305E4651D: message-id=<[email protected]>
Jul  3 22:41:40 ip-172-31-0-124 postfix/qmgr[18850]: A305E4651D: from=<[email protected]>, size=920, nrcpt=1 (queue active)
Jul  3 22:41:40 ip-172-31-0-124 postfix/smtpd[18976]: disconnect from mail-vs1-f46.google.com[209.85.217.46] ehlo=1 starttls=0/1 commands=1/2
Jul  3 22:41:40 ip-172-31-0-124 postfix/local[19073]: A305E4651D: to=<[email protected]>, orig_to=<postmaster>, relay=local, delay=0.01, delays=0/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Jul  3 22:41:40 ip-172-31-0-124 postfix/qmgr[18850]: A305E4651D: removed
Jul  3 22:41:46 ip-172-31-0-124 postfix/smtpd[18851]: warning: unknown[45.13.39.19]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul  3 22:41:47 ip-172-31-0-124 postfix/smtpd[18851]: disconnect from unknown[45.13.39.19] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4

执行 'openssl s_client -connect mydomain:25 -starttls smtp' 输出:

CONNECTED(00000003)
139707798795928:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 285 bytes and written 340 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1562190493
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

我已经检查了 MX 注册表,一切正常。我在这个问题上花了很多时间。希望你能帮忙

server email postfix dovecot amazon-ec2

1 个回答

  1. Best Answer

    这里的基本问题是您宣布使用 starttls:

    smtp_use_tls = yes

    但是您没有配置有效的证书。这意味着 starttls 实际上会失败。

    您必须禁用 TLS (set smtp_use_tls = no) 或安装正确的证书。让我们加密证书将对此非常有用。

    #Install certbot
sudo apt install certbot
#Get certificate
sudo certbot certonly --domain example.org

    编辑以下参数main.cf

    smtpd_tls_cert_file = /etc/letsencrypt/live/example.org/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/example.org/privkey.pem

    注释掉该smtpd_tls_CAfile行,因为 CA 证书与fullchain.pem.

    • 1

相关问题