主页 / user-1787986

Kwilzz's questions

Martin Hope
Kwilzz
Asked: 2024-05-10 01:22:11 +0800 CST
  • 5
ufw status
Status: active

To                         Action      From
--                         ------      ----
Apache                     ALLOW       Anywhere
Apache Full                ALLOW       Anywhere
465/tcp                    ALLOW       Anywhere
22/tcp                     ALLOW       Anywhere
Apache (v6)                ALLOW       Anywhere (v6)
Apache Full (v6)           ALLOW       Anywhere (v6)
465/tcp (v6)               ALLOW       Anywhere (v6)
22/tcp (v6)                ALLOW       Anywhere (v6)

465/tcp                    ALLOW OUT   Anywhere
465/tcp (v6)               ALLOW OUT   Anywhere (v6)
-------------------------------------------------------------

master.cf
smtp      inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_wrappermode=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_helo_restrictions=permit_mynetworks,reject_invalid_helo_hostname,reject_non_fqdn_helo_hostname
  -o smtpd_sender_restrictions=permit_mynetworks,reject_non_fqdn_sender,reject_unknown_sender_domain
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

#628       inet  n       -       y       -       -       qmqpd
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
        -o syslog_name=postfix/$service_name
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd


uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

----------------------------------------------------------------------------------

mail.log (only the last 12 entries, been restarted.
2024-05-09T15:35:34.631083+00:00 (mailserver no .com in it) postfix/smtps/smtpd[5002]: disconnect from localhost[::1] commands=0/0
2024-05-09T15:36:14.921785+00:00 (mailserver no .com in it) postfix/smtps/smtpd[5002]: connect from 172-234-224-51.ip.linodeusercontent.com[172.234.224.51]
2024-05-09T15:36:22.566665+00:00 (mailserver no .com in it) postfix/smtps/smtpd[5002]: SSL_accept error from 172-234-224-51.ip.linodeusercontent.com[172.234.224.51]: -1
2024-05-09T15:36:22.566810+00:00 (mailserver no .com in it) postfix/smtps/smtpd[5002]: warning: TLS library problem: error:0A00010B:SSL routines::wrong version number:../ssl/record/ssl3_record.c:354:
2024-05-09T15:36:22.566880+00:00 (mailserver no .com in it) postfix/smtps/smtpd[5002]: lost connection after CONNECT from 172-234-224-51.ip.linodeusercontent.com[172.234.224.51]
2024-05-09T15:36:22.566919+00:00 (mailserver no .com in it) postfix/smtps/smtpd[5002]: disconnect from 172-234-224-51.ip.linodeusercontent.com[172.234.224.51] commands=0/0
2024-05-09T15:42:10.141657+00:00 (mailserver no .com in it) postfix/postfix-script[1195]: starting the Postfix mail system
2024-05-09T15:42:10.149404+00:00 (mailserver no .com in it) postfix/master[1197]: daemon started -- version 3.8.6, configuration /etc/postfix
2024-05-09T15:47:12.228436+00:00 (mailserver no .com in it) postfix/smtps/smtpd[1394]: connect from a27-253.smtp-out.us-west-2.amazonses.com[54.240.27.253]
2024-05-09T15:49:12.132170+00:00 (mailserver no .com in it) postfix/smtps/smtpd[1394]: SSL_accept error from a27-253.smtp-out.us-west-2.amazonses.com[54.240.27.253]: lost connection
2024-05-09T15:49:12.138871+00:00 (mailserver no .com in it) postfix/smtps/smtpd[1394]: lost connection after CONNECT from a27-253.smtp-out.us-west-2.amazonses.com[54.240.27.253]
2024-05-09T15:49:12.138933+00:00 (mailserver no .com in it) postfix/smtps/smtpd[1394]: disconnect from a27-253.smtp-out.us-west-2.amazonses.com[54.240.27.253] commands=0/0

sudo netstat -tul

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 _localdnsstub:domain    0.0.0.0:*               LISTEN
tcp        0      0 localhost:33060         0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:smtp            0.0.0.0:*               LISTEN
tcp        0      0 localhost:mysql         0.0.0.0:*               LISTEN
tcp        0      0 _localdnsproxy:domain   0.0.0.0:*               LISTEN
tcp6       0      0 [::]:http               [::]:*                  LISTEN
tcp6       0      0 [::]:smtp               [::]:*                  LISTEN
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN
udp        0      0 _localdnsproxy:domain   0.0.0.0:*
udp        0      0 _localdnsstub:domain    0.0.0.0:*
udp        0      0 172-234-224-51.i:bootpc 0.0.0.0:*


sudo netstat -tuln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:33060         0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.54:53           0.0.0.0:*               LISTEN
tcp6       0      0 :::80                   :::*                    LISTEN
tcp6       0      0 :::25                   :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
udp        0      0 127.0.0.54:53           0.0.0.0:*
udp        0      0 127.0.0.53:53           0.0.0.0:*
udp        0      0 172.234.224.51:68       0.0.0.0:*
email
Martin Hope
Kwilzz
Asked: 2024-05-09 23:11:03 +0800 CST
  • 6

使用 ubuntu 24.04 LTS。我已验证我的证书密钥是正确的。也没有显示端口 465 侦听,但防火墙规则在那里。

main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6



# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/mailserver.crt
smtpd_tls_key_file = /etc/ssl/private/mailserver.key
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
# smtp_tls_CApath =  /etc/ssl/certs/
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_security_level=may


smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache


smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = *****.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, ******.com, localhost.com, , localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

smtps inet n - - - - smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_wrappermode=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_helo_restrictions=permit_mynetworks,reject_invalid_helo_hostname,reject_non_fqdn_helo_hostname
  -o smtpd_sender_restrictions=permit_mynetworks,reject_non_fqdn_sender,reject_unknown_sender_domain
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
root@*******:/etc/postfix#
postfix