在过去的几天里，我尝试设置 Exim4 来处理从 Web 应用程序发送的所有邮件。

它似乎正在工作，但我还没有找到如何硬编码将与 EHLO 一起发送的主机名？（我不想设置/etc/hostname）

找到了配置中提到的变量MAIN_HARDCODE_PRIMARY_HOSTNAME，但没有找到设置它的方法。这个变量是设置主机名的最简单方法还是有更好的方法？

下面是完整的安装/配置。我错过了什么吗？

Exim version 4.92 Debian Buster 10

安装

apt-get install exim4-daemon-light

配置 Exim4

dpkg-reconfigure exim4-config

Type:           internet site
FQDN:           smtp.mydomain.com
SMTP listener:      (empty)
Mail destinations:  (empty)
Domain relay:       (empty)
Machine relay:      (empty)
DNS queries minimal:    No
Delivery method:    Maildir
Split conf files:   No

启用 TLS 并生成证书

printf "MAIN_TLS_ENABLE = true\n" >> /etc/exim4/exim4.conf.localmacros
/usr/share/doc/exim4-base/examples/exim-gencert

检查反向 DNS（IP -> smtp.mydomain.com）

https://mxtoolbox.com/ReverseLookup.aspx

获取 IPv6

ip -6 addr | grep inet6 | awk -F '[ \t]+|/' '{print $3}' | grep -v ^::1 | grep -v ^fe80

/etc/hosts

[ipv4]  smtp.mydomain.com
[ipv6]  smtp.mydomain.com

在“/etc/exim4/exim4.conf.template”中取消注释

# plain_server:
# driver = plaintext
# public_name = PLAIN
# server_condition = "${if crypteq{$3}{${extract{1}{:}{${lookup{$2}lsearch{CON$
# server_set_id = $2
# server_prompts = :
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
# .endif

添加用户/密码 -> '/etc/exim4/passwd'

/usr/share/doc/exim4-base/examples/exim-adduser

DKIM/SPF

我在服务器上设置了 DKIM 密钥，在 DNS 上设置了 DKIM/SPF，两者都有效

如何从 安装一个包sid？

我已安装但想安装一个在存储库buster中尚不可用的软件包buster

https://packages.debian.org/search?keywords=tesseract-ocr

我想安装 tesseract 4.1。

在我安装 4.1 之前，我想检查是否有任何其他软件包需要任何更新，而buster. 如何检查？

我只想更新 tesseract

我想设置自己的 SMTP 服务器（仅发送邮件）来处理来自我的 Web 应用程序的所有通知邮件等

dpkg-reconfigure exim4-config

Type:                   internet site
FQDN:                   smtp.mydomain.com
SMTP listener:          127.0.0.1; ::1
Mail destinations:      Debian-Buster10; localhost
Relay:                  (empty)
Follow up screen relay: (empty)
DNS queries minimal:    No
Delivery method:        Maildir in home dir
Split conf files:       No

我通过 PHPmailer 发送邮件。它已发送但从未收到？

phpmailer

try{
    $mail = new PHPMailer(true);
    $mail->SMTPDebug    = 1;
    $mail->SMTPSecure   = 'tls';
    $mail->SMTPAutoTLS  = false;
    $mail->SMTPAuth     = true;
    $mail->SMTPOptions  = [
        'ssl' => [
            'verify_peer'       => false,
            'verify_peer_name'  => false,
            'allow_self_signed' => true
        ]
    ];
    //$mail->CharSet        = 'UTF-8';
    $mail->IsSMTP();

    $mail->Port     = 25;
    $mail->Host     = '127.0.0.1';
    $mail->Username = 'user';
    $mail->Password = 'pass';

    $mail->AddAddress('[email protected]', 'me');
    $mail->From         = '[email protected]';
    $mail->FromName     = 'me';
    $mail->Subject = 'test mail';
    $mail->Body = 'hello world';
    $mail->Send();
}
catch(phpmailerException $e){
    echo "err: ".$e->getMessage()."\n";
}

phpmailer SMTP 调试输出

2019-09-03 06:59:35 CLIENT -> SERVER: EHLO Test-Athlon-3700-2gb
2019-09-03 06:59:35 CLIENT -> SERVER: STARTTLS
2019-09-03 06:59:35 CLIENT -> SERVER: EHLO Test-Athlon-3700-2gb
2019-09-03 06:59:35 CLIENT -> SERVER: AUTH PLAIN
2019-09-03 06:59:35 CLIENT -> SERVER: AGR5bmFjY291bnQAVWF4ZDIwMDEr
2019-09-03 06:59:35 CLIENT -> SERVER: MAIL FROM:<[email protected]>
2019-09-03 06:59:35 CLIENT -> SERVER: RCPT TO:<[email protected]>
2019-09-03 06:59:35 CLIENT -> SERVER: DATA
2019-09-03 06:59:35 CLIENT -> SERVER: Date: Tue, 3 Sep 2019 06:59:35 +0000
2019-09-03 06:59:35 CLIENT -> SERVER: To: me <[email protected]>
2019-09-03 06:59:35 CLIENT -> SERVER: From: me <[email protected]>
2019-09-03 06:59:35 CLIENT -> SERVER: Subject: test mail
2019-09-03 06:59:35 CLIENT -> SERVER: Message-ID: <6ade75e609c3a3e595f324172e0d08eb@Test-Athlon-3700-2gb>
2019-09-03 06:59:35 CLIENT -> SERVER: X-Mailer: PHPMailer 5.2.14 (https://github.com/PHPMailer/PHPMailer)
2019-09-03 06:59:35 CLIENT -> SERVER: MIME-Version: 1.0
2019-09-03 06:59:35 CLIENT -> SERVER: Content-Type: text/plain; charset=iso-8859-1
2019-09-03 06:59:35 CLIENT -> SERVER: Content-Transfer-Encoding: 8bit
2019-09-03 06:59:35 CLIENT -> SERVER:
2019-09-03 06:59:35 CLIENT -> SERVER: hello world
2019-09-03 06:59:35 CLIENT -> SERVER:
2019-09-03 06:59:35 CLIENT -> SERVER: .
2019-09-03 06:59:36 CLIENT -> SERVER: QUIT

升级到后Debian 10 (Buster)我无法再连接到 SFTP 服务器

找不到匹配的密钥交换方法。他们的报价：diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 连接已关闭

sftp -b - -o StrictHostKeyChecking=no -i private.key -P 10022 user@host

sftp -vv ...返回

OpenSSH_7.9p1 Debian-10, OpenSSL 1.1.1c  28 May 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "host" port 10022
debug2: ssh_connect_direct
debug1: Connecting to host [92.60.159.16] port 10022.
debug1: Connection established.
debug1: identity file /var/www/bs_id_rsa type -1
debug1: identity file /var/www/bs_id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10
debug1: Remote protocol version 2.0, remote software version IBM Sterling Connect:Enterprise for UNIX2.5.00
debug1: no match: IBM Sterling Connect:Enterprise for UNIX2.5.00
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to host:10022 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-dss
debug2: ciphers ctos: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,zlib
debug2: compression stoc: none,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: (no match)
Unable to negotiate with xx.xx.xx.xx port 10022: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
Connection closed.
Connection closed

钥匙ssh -Q kex

diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
[email protected]

使用 Kex 算法：

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -i private.key -p 10022 user@host
Unable to negotiate with 92.60.159.16 port 10022: no matching host key type found. Their offer: ssh-dss

使用 HostKeyAlgorithms：

ssh -oHostKeyAlgorithms=ssh-dss -oKexAlgorithms=+diffie-hellman-group1-sha1 -i private.key -p 10022 user@host
Unable to negotiate with 92.60.159.16 port 10022: no matching cipher found. Their offer: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc

SSH 工作

ssh -oHostKeyAlgorithms=ssh-dss -oKexAlgorithms=+diffie-hellman-group1-sha1 -oCiphers=aes256-cbc -i private.key -p 10022 user@host

我需要知道将此存储库添加到生产服务器是否安全？

deb http://ftp.us.debian.org/debian testing main contrib non-free

testing在该位置.. 所以我不确定在生产环境中使用这个存储库是否安全

如何获取 SFTP 命令的返回码？

我这样做是为了从一个目录下载所有文件。但如果目录为空，则命令返回1

如何获取实际代码File not found？

echo 'get * /var/download' | sftp -b - user@host

或者一个解决方案是忽略/抑制错误File not found并返回0（不抑制所有错误，只有这个）

我正在尝试 tar 整个目录，除了一些子目录..

目录my-base-dir已压缩，但排除的目录/文件也包括在内？

tar -cf my-base-dir/bak/site/site.tar my-base-dir --exclude=my-base-dir/bak/db/* --exclude=my-base-dir/bak/site/*

相对于当前工作目录，排除的路径是正确的。因为输出 tar 文件放在其中之一

exit调用错误时不会终止脚本..

输出

Error: Could not resolve localhost
after exit

脚本

#!/bin/sh

resolve_ip (){
    if [ -z "$1" ]; then
        host="localhost"
        ip=$(dig +short myip.opendns.com @resolver1.opendns.com)
    else
        host="$1"
        ip=$(dig +short $1)
    fi

    if [ -z "$ip" ]; then
        error "Could not resolve $host"
    fi

    echo "$ip"
}

error (){
    (>&2 echo "Error: $1")
    exit 1
}

master_host='google.com'

if [ "$(resolve_ip)" = "$(resolve_ip $master_host)" ]; then
    error "some error"
fi

echo "after exit"
exit

尝试解析我的公共 IP 地址时，我得到一个空字符串

ip=$(dig +short myip.opendns.com @resolver1.opendns.com)