Debian

後綴傳遞失敗

  • July 1, 2019

我的郵件伺服器(Postfix+Dovecot)有問題,它可以接收但很遺憾無法投遞郵件!

有關資訊,該伺服器在 Debian 9 上執行並由 OVH 託管。

以下是 /var/log/mail.log 條目當我嘗試發送郵件時發生的事情(使用 Thunderbird 從客戶端發送):

1 --  postfix/submission/smtpd[984]: input attribute value: 1
2 --  postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: timeout
3 --  postfix/submission/smtpd[984]: input attribute name: timeout
4 --  postfix/submission/smtpd[984]: input attribute value: 3600
5 --  postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: (list terminator)
6 --  postfix/submission/smtpd[984]: input attribute name: (end)
7 --  postfix/submission/smtpd[984]: match_string: parent_domain_matches_subdomains: fast_flush_domains ~? debug_peer_list
8 --  postfix/submission/smtpd[984]: match_string: parent_domain_matches_subdomains: fast_flush_domains ~? fast_flush_domains
9 --  postfix/submission/smtpd[984]: auto_clnt_create: transport=local endpoint=private/anvil
10 --  postfix/submission/smtpd[984]: connection established
11 --  postfix/submission/smtpd[984]: master_notify: status 0
12 --  postfix/submission/smtpd[984]: name_mask: resource
13 --  postfix/submission/smtpd[984]: name_mask: software
14 --  postfix/submission/smtpd[984]: connect from [CLIENTNAME][[CLIENTIP]]
15 --  postfix/submission/smtpd[984]: match_list_match: [CLIENTNAME]: no match
16 --  postfix/submission/smtpd[984]: match_list_match: [CLIENTIP]: no match
17 --  postfix/submission/smtpd[984]: match_list_match: [CLIENTNAME]: no match
18 --  postfix/submission/smtpd[984]: match_list_match: [CLIENTIP]: no match
19 --  postfix/submission/smtpd[984]: match_hostname: debug_peer_list: [CLIENTNAME] ~? 127.0.0.1
20 --  postfix/submission/smtpd[984]: match_hostaddr: debug_peer_list: [CLIENTIP] ~? 127.0.0.1
21 --  postfix/submission/smtpd[984]: match_hostname: debug_peer_list: [CLIENTNAME] ~? [MYDOMAIN]
22 --  postfix/submission/smtpd[984]: match_hostaddr: debug_peer_list: [CLIENTIP] ~? [MYDOMAIN]
23 --  postfix/submission/smtpd[984]: match_list_match: [CLIENTNAME]: no match
24 --  postfix/submission/smtpd[984]: match_list_match: [CLIENTIP]: no match
25 --  postfix/submission/smtpd[984]: smtp_stream_setup: maxtime=300 enable_deadline=0
26 --  postfix/submission/smtpd[984]: match_hostname: smtpd_client_event_limit_exceptions: [CLIENTNAME] ~? 127.0.0.0/8
27 --  postfix/submission/smtpd[984]: match_hostaddr: smtpd_client_event_limit_exceptions: [CLIENTIP] ~? 127.0.0.0/8
28 --  postfix/submission/smtpd[984]: match_list_match: [CLIENTNAME]: no match
29 --  postfix/submission/smtpd[984]: match_list_match: [CLIENTIP]: no match
30 --  postfix/submission/smtpd[984]: auto_clnt_open: connected to private/anvil
31 --  postfix/submission/smtpd[984]: send attr request = connect
32 --  postfix/submission/smtpd[984]: send attr ident = submission:[CLIENTIP]
33 --  postfix/submission/smtpd[984]: private/anvil: wanted attribute: status
34 --  postfix/submission/smtpd[984]: input attribute name: status
35 --  postfix/submission/smtpd[984]: input attribute value: 0
36 --  postfix/submission/smtpd[984]: private/anvil: wanted attribute: count
37 --  postfix/submission/smtpd[984]: input attribute name: count
38 --  postfix/submission/smtpd[984]: input attribute value: 1
39 --  postfix/submission/smtpd[984]: private/anvil: wanted attribute: rate
40 --  postfix/submission/smtpd[984]: input attribute name: rate
41 --  postfix/submission/smtpd[984]: input attribute value: 1
42 --  postfix/submission/smtpd[984]: private/anvil: wanted attribute: (list terminator)
43 --  postfix/submission/smtpd[984]: input attribute name: (end)
44 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 220 teshar.[MYDOMAIN] ESMTP Postfix (Debian/GNU)
45 --  postfix/submission/smtpd[984]: < [CLIENTNAME][[CLIENTIP]]: EHLO [192.168.0.10]
46 --  postfix/submission/smtpd[984]: match_list_match: [CLIENTNAME]: no match
47 --  postfix/submission/smtpd[984]: match_list_match: [CLIENTIP]: no match
48 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-[MYHOSTDOMAIN]
49 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-PIPELINING
50 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-SIZE 10240000
51 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-VRFY
52 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-ETRN
53 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-STARTTLS
54 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-ENHANCEDSTATUSCODES
55 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-8BITMIME
56 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-DSN
57 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250 SMTPUTF8
58 --  postfix/submission/smtpd[984]: < [CLIENTNAME][[CLIENTIP]]: STARTTLS
59 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 220 2.0.0 Ready to start TLS
60 --  postfix/submission/smtpd[984]: setting up TLS connection from [CLIENTNAME][[CLIENTIP]]
61 --  postfix/submission/smtpd[984]: [CLIENTNAME][[CLIENTIP]]: TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH:!MD5:!DES:!ADH:!RC4:!PSD:!SRP:!3DES:!eNULL:!aNULL:!MD5:!DES:!ADH:!RC4:!PSD:!SRP:!3DES:!eNULL:!aNULL"
62 --  postfix/submission/smtpd[984]: send attr request = seed
63 --  postfix/submission/smtpd[984]: send attr size = 32
64 --  postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: status
65 --  postfix/submission/smtpd[984]: input attribute name: status
66 --  postfix/submission/smtpd[984]: input attribute value: 0
67 --  postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: seed
68 --  postfix/submission/smtpd[984]: input attribute name: seed
69 --  postfix/submission/smtpd[984]: input attribute value: KOIm2ud2wCvuYcE8nKhw1RrGwmpKX0gw7kT4sLbysT4=
70 --  postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: (list terminator)
71 --  postfix/submission/smtpd[984]: input attribute name: (end)
72 --  postfix/submission/smtpd[984]: SSL_accept:before SSL initialization
73 --  postfix/submission/smtpd[984]: SSL_accept:before SSL initialization
74 --  postfix/submission/smtpd[984]: send attr request = tktkey
75 --  postfix/submission/smtpd[984]: send attr keyname = [data 16 bytes]
76 --  postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: status
77 --  postfix/submission/smtpd[984]: input attribute name: status
78 --  postfix/submission/smtpd[984]: input attribute value: 4294967295
79 --  postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: keybuf
80 --  postfix/submission/smtpd[984]: input attribute name: keybuf
81 --  postfix/submission/smtpd[984]: input attribute value: 9oQDVRdjTvMeJ/jn0uOC3g==
82 --  postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: (list terminator)
83 --  postfix/submission/smtpd[984]: input attribute name: (end)
84 --  postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS read client hello
85 --  postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS write server hello
86 --  postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS write certificate
87 --  postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS write key exchange
88 --  postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS write server done
89 --  postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS write server done
90 --  postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS read client key exchange
91 --  postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS read change cipher spec
92 --  postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS read finished
93 --  postfix/submission/smtpd[984]: send attr request = tktkey
94 --  postfix/submission/smtpd[984]: send attr keyname = [data 0 bytes]
95 --  postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: status
96 --  postfix/submission/smtpd[984]: input attribute name: status
97 --  postfix/submission/smtpd[984]: input attribute value: 0
98 --  postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: keybuf
99 --  postfix/submission/smtpd[984]: input attribute name: keybuf
100 --  postfix/submission/smtpd[984]: input attribute value: GS4aMvZYYdXW1YceMhQci3PUTQMO/Y/DqBWSZmv8PmTQ8yVeCJL5ZN4VqHMk0jVglcG5vVfLUGluXxMUkDkHrvMcOWwBBjemd8eZhpQzfdP5iBddAAAAAA==
101 --  postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: (list terminator)
102 --  postfix/submission/smtpd[984]: input attribute name: (end)
103 --  postfix/submission/smtpd[984]: [CLIENTNAME][[CLIENTIP]]: Issuing session ticket, key expiration: 1561823481
104 --  postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS write session ticket
105 --  postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS write change cipher spec
106 --  postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS write finished
107 --  postfix/submission/smtpd[984]: Anonymous TLS connection established from [CLIENTNAME][[CLIENTIP]]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
108 --  postfix/submission/smtpd[984]: xsasl_dovecot_server_create: SASL service=smtp, realm=(null)
109 --  postfix/submission/smtpd[984]: name_mask: noanonymous
110 --  postfix/submission/smtpd[984]: xsasl_dovecot_server_connect: Connecting
111 --  postfix/submission/smtpd[984]: xsasl_dovecot_server_connect: auth reply: VERSION?1?1
112 --  postfix/submission/smtpd[984]: xsasl_dovecot_server_connect: auth reply: MECH?LOGIN?plaintext
113 --  postfix/submission/smtpd[984]: name_mask: plaintext
114 --  postfix/submission/smtpd[984]: xsasl_dovecot_server_connect: auth reply: SPID?989
115 --  postfix/submission/smtpd[984]: xsasl_dovecot_server_connect: auth reply: CUID?1
116 --  postfix/submission/smtpd[984]: xsasl_dovecot_server_connect: auth reply: COOKIE?f9b6043b1239b511c8d485c337183bad
117 --  postfix/submission/smtpd[984]: xsasl_dovecot_server_connect: auth reply: DONE
118 --  postfix/submission/smtpd[984]: xsasl_dovecot_server_mech_filter: keep mechanism: LOGIN
119 --  postfix/submission/smtpd[984]: < [CLIENTNAME][[CLIENTIP]]: EHLO [192.168.0.10]
120 --  postfix/submission/smtpd[984]: match_list_match: [CLIENTNAME]: no match
121 --  postfix/submission/smtpd[984]: match_list_match: [CLIENTIP]: no match
122 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-[MYHOSTDOMAIN]
123 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-PIPELINING
124 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-SIZE 10240000
125 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-VRFY
126 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-ETRN
127 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-AUTH LOGIN
128 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-AUTH=LOGIN
129 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-ENHANCEDSTATUSCODES
130 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-8BITMIME
131 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-DSN
132 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250 SMTPUTF8
133 --  postfix/submission/smtpd[984]: < [CLIENTNAME][[CLIENTIP]]: QUIT
134 --  postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 221 2.0.0 Bye
135 --  postfix/submission/smtpd[984]: match_hostname: smtpd_client_event_limit_exceptions: [CLIENTNAME] ~? 127.0.0.0/8
136 --  postfix/submission/smtpd[984]: match_hostaddr: smtpd_client_event_limit_exceptions: [CLIENTIP] ~? 127.0.0.0/8
137 --  postfix/submission/smtpd[984]: match_list_match: [CLIENTNAME]: no match
138 --  postfix/submission/smtpd[984]: match_list_match: [CLIENTIP]: no match
139 --  postfix/submission/smtpd[984]: send attr request = disconnect
140 --  postfix/submission/smtpd[984]: send attr ident = submission:[CLIENTIP]
141 --  postfix/submission/smtpd[984]: private/anvil: wanted attribute: status
142 --  postfix/submission/smtpd[984]: input attribute name: status
143 --  postfix/submission/smtpd[984]: input attribute value: 0
144 --  postfix/submission/smtpd[984]: private/anvil: wanted attribute: (list terminator)
145 --  postfix/submission/smtpd[984]: input attribute name: (end)
146 --  postfix/submission/smtpd[984]: disconnect from [CLIENTNAME][[CLIENTIP]] ehlo=2 starttls=1 quit=1 commands=4
147 --  postfix/submission/smtpd[984]: master_notify: status 1
148 --  postfix/submission/smtpd[984]: connection closed
149 --  postfix/submission/smtpd[984]: proxymap stream disconnect
150 --  postfix/submission/smtpd[984]: auto_clnt_close: disconnect private/tlsmgr stream

因此,客戶端似乎要求進行 STARTTLS 傳輸(第 122 行)。它會導致 TLS 握手(-> 第 106 行)和身份驗證(-> 第 118 行)。然後似乎連接重新啟動(在第 122 行),最終由客戶端(l133)“退出”。

/var/log/mail.err、systemctl status postfix、systemctl status dovecot 中沒有條目。

從我的郵件客戶端 (thunderbird),我收到以下錯誤消息:“發送消息失敗。”

我認為我的 AUTH 過程有問題,但需要您的幫助來澄清這一點。

這是“postconf -n”的輸出

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
biff = no
broken_sasl_auth_clients = yes
compatibility_level = 2
debug_peer_level = 10
debug_peer_list = 127.0.0.1, $mydomain
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_size_limit = 0
mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost
myhostname = [HIDDEN]
mynetworks = 127.0.0.0/8
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_cert_file = /etc/letsencrypt/live/[MYDOMAIN]/fullchain.pem
smtp_tls_ciphers = medium
smtp_tls_exclude_ciphers = MD5, DES ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
smtp_tls_key_file = /etc/letsencrypt/live/[MYDOMAIN]/privkey.pem
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers = MD5, DES ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/[MYDOMAIN]/fullchain.pem
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = MD5, DES ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
smtpd_tls_key_file = /etc/letsencrypt/live/[MYDOMAIN]/privkey.pem
smtpd_tls_loglevel = 3
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_exclude_ciphers = MD5, DES ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1
smtpd_tls_protocols = !SSLv2,!SSLv3, !TLSv1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_preempt_cipherlist = yes

這是“postconf -Mf”的輸出

smtp       inet  n       -       n       -       -       smtpd -v
submission inet  n       -       n       -       -       smtpd -v
   -o syslog_name=postfix/submission
   -o smtpd_tls_security_level=encrypt
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_reject_unlisted_recipient=no
smtps      inet  n       -       n       -       -       smtpd -v
pickup     unix  n       -       n       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache flags=DRhu
   user=vmail argv=/usr/bin/maildrop -d ${recipient}

感謝您的時間和考慮:)

編輯:刪除 /var/log/mail.log 中的時間 + 主機名條目

您的配置偏離了郵件客戶端的常見和預期:您在所有 smtpd 埠上提供 STARTTLS。您的郵件客戶端直接退出(我懷疑是因為它沒有為此設置進行配置)。

通常,您會在埠 465 上提供乾淨的 TLS - 同時期望客戶端首先STARTTLS在埠 25 和 587 上說。任何現代郵件客戶端都會自動正確設置,因為啟動安全連接的兩種方法都可以使用預設值。

將您的更改master.cf為告訴 postfix 在日誌中突出顯示非 STARTTLS 啟動的會話,並在埠 465 上提供直接 TLS 啟動,類似於您對埠 587 所做的操作:

smtps      inet  n       -       n       -       -       smtpd -v
 -o syslog_name=postfix/smtps
 -o smtpd_tls_wrappermode=yes
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_reject_unlisted_recipient=no

然後,刪除您的insecure smtpd_sasl_auth_enablesmtpd_sasl_security_optionsmain.cf - 因為您可能不希望允許郵件客戶端在埠 25 上傳遞經過身份驗證的郵件,僅在為此目的明確啟用的兩個送出埠上。

當一切正常時,您可能還希望刪除-vandinet_protocols標誌,我猜它們是測試的剩餘部分。

引用自:https://serverfault.com/questions/973387