我已经安装了 postfix 3.6.4 并且大部分时间都在工作。我可以发送外发电子邮件,但无法收到传入电子邮件。当我运行 sudo ss -lnpt | grep master,我只得到一行,其中端口 25 处于 LISTEN 模式。我知道我需要服务来监听 465 和 587,并且在尝试配置它时,我很确定我已经覆盖/删除了一些我需要的行。
我正在尝试获取我的 master.cf 文件的新副本,以便我可以比较两者但没有运气。我不想卸载/重新安装,因为我有它的一部分在工作,并且不想处理重新安装破坏我的网络服务器的证书。
TLDR:如何为 postfix mail_version = 3.6.4 获取 master.cf 文件的全新原始副本?
发行商 ID:Ubuntu 描述:Ubuntu 22.04.2 LTS 版本:22.04 代号:jammy
运行于:(Orange Pi 1.1.0 Jammy with Linux 5.10.110-rockchip-rk3588)
谢谢!
我需要拒绝所有主机名未知或与其地址不匹配的 smtp 连接。已尝试在 hosts.deny 中设置:
smtpd: UNKNOWN
smtpd: PARANOID
但 Postfix 日志显示他们仍在通过邮件守护进程。
postfix/smtpd[3426]: warning: hostname server1.reselect.org does not resolve to address 89.33.194.240
postfix/smtpd[3426]: connect from unknown[89.33.194.240]
postfix/smtpd[3426]: NOQUEUE: reject: CONNECT from unknown[89.33.194.240]: 450 4.7.25 Client host rejected: cannot find your hostname, [89.33.194.240]; proto=SMTP
...
postfix/smtpd[3997]: connect from unknown[193.56.29.102]
postfix/smtpd[3997]: NOQUEUE: reject: CONNECT from unknown[193.56.29.102]: 450 4.7.25 Client host rejected: cannot find your hostname, [193.56.29.102]; proto=SMTP
为什么它不起作用?
我正在尝试在 Ubuntu 16.04 上使用 SquirrelMail。
当我去localhost/squirrelmail/src/login.php登录时,我遇到错误消息:ERROR: Connection dropped by IMAP server.
我在这里尝试了解决方案,它说要添加/etc/dovecot/dovecot.conf:
protocol imap {
mail_location = mbox:~/mail:INBOX=/var/mail/%u
}
但错误仍然存在。
此外,我在这里尝试了解决方案,它通知添加/etc/dovecot/dovecot.conf:
namespace inbox {
inbox = yes
}
但同样,错误仍然存在。
我的/etc/dovecot/dovecot.conf文件是:
## Dovecot configuration file
# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
# "doveconf -n" command gives a clean output of the changed settings. Use it
# instead of copy&pasting files when posting to the Dovecot mailing list.
# '#' character and everything after it is treated as comments. Extra spaces
# and tabs are ignored. If you want to use either of these explicitly, put the
# value inside quotes, eg.: key = "# char and trailing whitespace "
# Most (but not all) settings can be overridden by different protocols and/or
# source/destination IPs by placing the settings inside sections, for example:
# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
# Default values are shown for each setting, it's not required to uncomment
# those. These are exceptions to this though: No sections (e.g. namespace {})
# or plugin settings are added by default, they're listed only as examples.
# Paths are also just examples with the real defaults being based on configure
# options. The paths listed here are for configure --prefix=/usr
# --sysconfdir=/etc --localstatedir=/var
# Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol
# A comma separated list of IPs or hosts where to listen in for connections.
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf.
#listen = *, ::
# Base directory where to store runtime data.
#base_dir = /var/run/dovecot/
# Name of this instance. In multi-instance setup doveadm and other commands
# can use -i <instance_name> to select which instance is used (an alternative
# to -c <config_path>). The instance name is also added to Dovecot processes
# in ps output.
#instance_name = dovecot
# Greeting message for clients.
#login_greeting = Dovecot ready.
# Space separated list of trusted network ranges. Connections from these
# IPs are allowed to override their IP addresses and ports (for logging and
# for authentication checks). disable_plaintext_auth is also ignored for
# these networks. Typically you'd specify your IMAP proxy servers here.
#login_trusted_networks =
# Space separated list of login access check sockets (e.g. tcpwrap)
#login_access_sockets =
# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
# proxying. This isn't necessary normally, but may be useful if the destination
# IP is e.g. a load balancer's IP.
#auth_proxy_self =
# Show more verbose process titles (in ps). Currently shows user name and
# IP address. Useful for seeing who are actually using the IMAP processes
# (eg. shared mailboxes or if same uid is used for multiple accounts).
#verbose_proctitle = no
# Should all processes be killed when Dovecot master process shuts down.
# Setting this to "no" means that Dovecot can be upgraded without
# forcing existing client connections to close (although that could also be
# a problem if the upgrade is e.g. because of a security fix).
#shutdown_clients = yes
# If non-zero, run mail commands via this many connections to doveadm server,
# instead of running them directly in the same process.
#doveadm_worker_count = 0
# UNIX socket or host:port used for connecting to doveadm server
#doveadm_socket_path = doveadm-server
# Space separated list of environment variables that are preserved on Dovecot
# startup and passed down to all of its child processes. You can also give
# key=value pairs to always set specific settings.
#import_environment = TZ
##
## Dictionary server settings
##
# Dictionary can be used to store key=value lists. This is used by several
# plugins. The dictionary can be accessed either directly or though a
# dictionary server. The following dict block maps dictionary names to URIs
# when the server is used. These can then be referenced using URIs in format
# "proxy::<name>".
dict {
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}
# Most of the actual configuration gets included below. The filenames are
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
# in filenames are intended to make it easier to understand the ordering.
!include conf.d/*.conf
# A config file can also tried to be included without giving an error if
# it's not found:
!include_try local.conf
我/etc/postfix/main.cf的是:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = ubuntu-vm.localdomain
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, localhost, ubuntu-vm, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
localhost = example.com
此外,我去localhost/squirrelmail/src/configtest.php并收到:
SquirrelMail configtest
This script will try to check some aspects of your SquirrelMail configuration and point you to errors whereever it can find them. You need to go run conf.pl in the config/ directory first before you run this script.
SquirrelMail version: 1.4.23 [SVN]
Config file version: 1.4.0
Config file last modified: 01 July 2020 20:51:58
Checking PHP configuration...
PHP version 7.0.33-0ubuntu0.16.04.15 OK.
Running as www-data(33) / www-data(33)
display_errors:
error_reporting: 22527
variables_order OK: GPCS.
PHP extensions OK. Dynamic loading is disabled.
ERROR: You have configured PHP not to allow short tags (short_open_tag=off). This shouldn't be a problem with SquirrelMail or any plugin coded coded according to the SquirrelMail Coding Guidelines, but if you experience problems with PHP code being displayed in some of the pages and changing setting to "on" solves the problem, please file a bug report against the failing plugin. The correct contact information is most likely to be found in the plugin documentation.
Checking paths...
Data dir OK.
Attachment dir OK.
Plugins OK.
Themes OK.
Default language OK.
Base URL detected as: http://localhost/squirrelmail/src (location base autodetected)
Checking outgoing mail service....
SMTP server OK (220 ubuntu-vm.localdomain ESMTP Postfix (Ubuntu))
Checking IMAP service....
IMAP server ready (* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.)
Capabilities: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN
Checking internationalization (i18n) settings...
gettext - Gettext functions are available. On some systems you must have appropriate system locales compiled.
mbstring - Mbstring functions are unavailable. Japanese translation won't work.
recode - Recode functions are unavailable.
iconv - Iconv functions are available.
timezone - Webmail users can change their time zone settings.
Checking database functions...
not using database functionality.
Congratulations, your SquirrelMail setup looks fine to me!
Login now
我似乎对端口 25 入站连接有问题。我的 ISP 确认端口 25 已打开。然而,当我使用 nmap 进行测试时,我得到以下结果
使用服务器的本地 IP 测试端口 25 显示端口 25 已打开。但是,使用公共/外部 IP 测试 nmap 表明端口 25 已被过滤。我没有将它包含在图片中,但使用 netstat 进行的测试也显示 Postfix (master.cf) 正在侦听该端口。
我服务器上的 Postfix 可以发送邮件,我已经测试了几次,它没有任何问题。但是它无法接收邮件,我强烈怀疑这与从外部公共 IP 访问它时端口 25 被过滤的状态有关。然而,我的 ISP 坚持认为 25 端口是开放的。我的 ISP 作为他们检查的结果给了我这个:16 permit tcp any My.Public.IP.Address 0.0.0.3 eq smtp
SMTP 指的是端口 25,如果我理解正确的话,它们允许任何 tcp 流量通过该端口。但是为什么使用公共IP检查时端口仍然被过滤?
我还能做些什么来缩小问题的范围?任何线索将不胜感激,谢谢。
我已经在我的虚拟机上安装了 Ubuntu Bionic 并设置了一个应用程序。
现在我需要的是从我自己的服务器发送电子邮件。
我正在尝试设置后缀来做到这一点,但没有任何效果。我尝试了很多教程,但仍然没有成功....更糟糕的是 - 我尝试的教程越多,我就越困惑。
那么我尝试了什么?
我曾经apt install mailutils安装 postfix,当它要求 FQDM 时,我选择了 Internet 站点。我进入了mydomain.com..
这是第一个问题。一些教程说将其更改为mail.mydomain.com. 那么它应该是一个子域吗?我需要在我的 DNS 中创建 A 记录吗?
我尝试发送电子邮件:
email" | mail -s "This is the subject line" [email protected]
但是什么也没有发生……我的邮箱中没有邮件,posfix 队列中也没有邮件。
有适合初学者的分步教程吗?
我需要创建指向我的服务器的 MX 记录吗?
我需要创建 TXT 记录吗?我读到这就是其他邮件服务器验证发件人的方式。如果是,那该怎么做?
那么我必须怎么做才能从我自己的服务器发送和发送电子邮件?在这一点上,我什至不需要接收和发送电子邮件 - 只需发送即可
而且我不需要使用后缀...我可以使用任何有效的方法。
我有一个 Ubuntu 18.04 LTS 服务器,在某个时间点(不是由我设置)运行GNU mailman,使用Postfix作为 MTA。
我不再在此服务器上运行任何邮件列表,并且尽我所能尝试通过运行以下命令从服务器中删除和清除Gnu mailman :
sudo apt remove mailman
sudo apt autoremove mailman
sudo apt purge mailman
sudo apt autoremove --purge mailman
这会删除 mailman 和一些(大多数?)配置和数据文件,但是当我查看 Postfix 日志(/var/log/mail.log)时,我大约每五分钟得到一次:
[…]: error: open database /var/lib/mailman/data/aliases.db: No such file or directory
[…]: warning: hash:/var/lib/mailman/data/aliases is unavailable. open database /var/lib/mailman/data/aliases.db: No such file or directory
[…]: warning: hash:/var/lib/mailman/data/aliases: lookup of 'root' failed
我明白我为什么得到它们,因为清除GNU mailman删除了所有这些文件。
我很确定请求这些文件的程序是Postfix,正在运行:
sudo service postfix status
… 产生相同的三行错误和警告。但是,我无法弄清楚是什么让Postfix想要打开这些文件。
重启后缀:
sudo systemctl restart postfix
... 清除错误,但只是暂时的。大约五分钟后,当我检查状态时,它们又回来了。
问题是:如何摆脱这些错误和警告(无需重新安装不再需要的应用程序)?
我有一个问题^^:
首先,我向您展示一个简单的 procmail 规则:
DELIVER="/usr/lib/dovecot/deliver -d $LOGNAME"
DEFAULT="$HOME/Maildir/"
MAILDIR="$HOME/Maildir/"
# deliver spam to spam folder
:0 w
* ^X-Spam-Status: Yes
| $DELIVER -m Spam
# deliver to INBOX and stop
:0 w
| $DELIVER
现在我的问题是,有没有办法使用 DELIVER 作为默认值,例如:
DEFAULT="/usr/lib/dovecot/deliver -d $LOGNAME"
这样在检查 procmail 规则后,所有邮件都会转到 dovecot 吗?
在 Ubuntu 18.04 服务器上,我使用 Webmin 和 Virtualmin 来管理服务器和虚拟主机。
查看文件:/var/log/mail.log
我有这个:
Sep 5 12:11:50 ns3147326 postfix/smtpd[17356]: warning: unknown[92.118.38.51]: SASL LOGIN authentication failed: authentication failure
Sep 5 12:11:50 ns3147326 postfix/smtpd[17356]: disconnect from unknown[92.118.38.51] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
给出这个命令service saslauthd status,我得到:
● saslauthd.service - LSB: saslauthd startup script
Loaded: loaded (/etc/init.d/saslauthd; generated)
Active: active (running) since Thu 2019-09-05 12:15:18 CEST; 31min ago
Docs: man:systemd-sysv-generator(8)
Process: 21744 ExecStop=/etc/init.d/saslauthd stop (code=exited,
status=0/SUCCESS)
Process: 21762 ExecStart=/etc/init.d/saslauthd start (code=exited,
status=0/SUCCESS)
Tasks: 10 (limit: 4915)
CGroup: /system.slice/saslauthd.service
├─19961 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5
├─19962 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5
├─19963 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5
├─19964 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5
├─19965 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5
├─21783 /usr/sbin/saslauthd -a pam -c -m
/var/spool/postfix/var/run/saslauthd -r -n 5
├─21784 /usr/sbin/saslauthd -a pam -c -m
/var/spool/postfix/var/run/saslauthd -r -n 5
├─21785 /usr/sbin/saslauthd -a pam -c -m
/var/spool/postfix/var/run/saslauthd -r -n 5
├─21786 /usr/sbin/saslauthd -a pam -c -m
/var/spool/postfix/var/run/saslauthd -r -n 5
└─21787 /usr/sbin/saslauthd -a pam -c -m
/var/spool/postfix/var/run/saslauthd -r -n 5
set 05 12:46:56 ns3147326 saslauthd[21784]: pam_unix(smtp:auth): check pass;
user unknown
set 05 12:46:56 ns3147326 saslauthd[21784]: pam_unix(smtp:auth):
authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
set 05 12:46:57 ns3147326 saslauthd[21784]: DEBUG: auth_pam:
pam_authenticate failed: Authentication failure
set 05 12:46:57 ns3147326 saslauthd[21784]: : auth failure:
[[email protected]] [service=smtp] [realm=ip-51-75-135.eu]
[mech=pam] [reason=PAM auth error]
我用谷歌搜索了这个问题,但我找不到解决方案。
这是我的 /etc/postfix/main.cf:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
myhostname = ns3147326.ip-51-75-135.eu
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, $mydomain, localhost,
localhost.localdomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_protocols = all
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
reject_unauth_destination
smtp_tls_security_level = may
allow_percent_hack = no
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
mynetworks_style = subnet
这是我的 /etc/default/saslauthd:
#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#
# Should saslauthd run automatically on startup? (default: no)
START=yes
# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"
# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"
# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"
# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
#OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5
# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific
information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Example for non-chroot Postfix users: "-c -m /var/run/saslauthd"
#
# To know if your Postfix is running chroot, check /etc/postfix/master.cf.
# If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd"
# then your Postfix is running in a chroot.
# If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT
# running in a chroot.
#OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
#PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
#OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
我该如何解决?
我只是更新 Libreoffice,因为它无法正常工作: snap install libreoffice
但是我安装了新版本并保留了旧版本。并且还没有让程序正常工作。
所以我更新并安装了 Libre Office: sudo apt-get update *sudo apt-get install libreoffice**
但是我发现 Libre office 6.0 和 6.2 有两个版本所以我决定删除旧版本: sudo apt-get remove libreoffice 6.0
问题来了:我无法解释我的邮件客户端(Evolution)是如何消失的。我所有的工作邮件。
谁能帮我恢复我所有的邮件?
我正在使用带有 ubuntu 16.04 Xenial 的 EC2 虚拟机上设置使用 Dovecot SASL 身份验证的 Postfix 服务器。我可以将邮件发送到我的 Gmail 帐户,但我无法接收它们。它应该将邮件存储在“usr/Maildir”中。如果我从 telnet 会话发送邮件,我也可以接收邮件。
我的设置是:
在 /etc/postfix/main.cf
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/mycrt.crt
smtpd_tls_key_file = /etc/postfix/ssl/mymail.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.mydomain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydomain = domain.com
mydestination = localhost.$mydomain, localhost, $mydomain
relayhost =
relay_domains = $mydestination
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = host
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
html_directory = /usr/share/doc/postfix/html
home_mailbox = Maildir/
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = mydomain.com
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_CAfile = /etc/ssl/certs/mycert.pem
smtpd_sasl_authenticated_header = yes
smtpd_sender_restrictions = reject_unknown_sender_domain
mailbox_command =
smtp_use_tls = yes
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_auth_only = no
在 /etc/dovecot/10-master.conf
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
在 /conf.d/10-auth.conf
# Space separated list of wanted authentication mechanisms:
# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
# gss-spnego
# NOTE: See also disable_plaintext_auth setting.
auth_mechanisms = plain login
#!include auth-deny.conf.ext
#!include auth-master.conf.ext
!include auth-system.conf.ext
#!include auth-sql.conf.ext
#!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-vpopmail.conf.ext
#!include auth-static.conf.ext
/var/log/mail.err 中的错误消息
Jul 3 19:29:46 ip-172-31-0-124 dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
Jul 3 19:29:46 ip-172-31-0-124 dovecot: auth: Error: net_connect_unix(anvil-auth-penalty) failed: Permission denied
和 /var/log/mail.log
Jul 3 22:41:38 ip-172-31-0-124 postfix/smtpd[18851]: connect from unknown[45.13.39.19]
Jul 3 22:41:40 ip-172-31-0-124 postfix/smtpd[18976]: connect from mail-vs1-f46.google.com[209.85.217.46]
Jul 3 22:41:40 ip-172-31-0-124 postfix/smtpd[18976]: lost connection after STARTTLS from mail-vs1-f46.google.com[209.85.217.46]
Jul 3 22:41:40 ip-172-31-0-124 postfix/cleanup[19071]: A305E4651D: message-id=<[email protected]>
Jul 3 22:41:40 ip-172-31-0-124 postfix/qmgr[18850]: A305E4651D: from=<[email protected]>, size=920, nrcpt=1 (queue active)
Jul 3 22:41:40 ip-172-31-0-124 postfix/smtpd[18976]: disconnect from mail-vs1-f46.google.com[209.85.217.46] ehlo=1 starttls=0/1 commands=1/2
Jul 3 22:41:40 ip-172-31-0-124 postfix/local[19073]: A305E4651D: to=<[email protected]>, orig_to=<postmaster>, relay=local, delay=0.01, delays=0/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Jul 3 22:41:40 ip-172-31-0-124 postfix/qmgr[18850]: A305E4651D: removed
Jul 3 22:41:46 ip-172-31-0-124 postfix/smtpd[18851]: warning: unknown[45.13.39.19]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul 3 22:41:47 ip-172-31-0-124 postfix/smtpd[18851]: disconnect from unknown[45.13.39.19] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
执行 'openssl s_client -connect mydomain:25 -starttls smtp' 输出:
CONNECTED(00000003)
139707798795928:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 285 bytes and written 340 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1562190493
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
我已经检查了 MX 注册表,一切正常。我在这个问题上花了很多时间。希望你能帮忙