Debian
後綴傳遞失敗
我的郵件伺服器(Postfix+Dovecot)有問題,它可以接收但很遺憾無法投遞郵件!
有關資訊,該伺服器在 Debian 9 上執行並由 OVH 託管。
以下是 /var/log/mail.log 條目當我嘗試發送郵件時發生的事情(使用 Thunderbird 從客戶端發送):
1 -- postfix/submission/smtpd[984]: input attribute value: 1 2 -- postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: timeout 3 -- postfix/submission/smtpd[984]: input attribute name: timeout 4 -- postfix/submission/smtpd[984]: input attribute value: 3600 5 -- postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: (list terminator) 6 -- postfix/submission/smtpd[984]: input attribute name: (end) 7 -- postfix/submission/smtpd[984]: match_string: parent_domain_matches_subdomains: fast_flush_domains ~? debug_peer_list 8 -- postfix/submission/smtpd[984]: match_string: parent_domain_matches_subdomains: fast_flush_domains ~? fast_flush_domains 9 -- postfix/submission/smtpd[984]: auto_clnt_create: transport=local endpoint=private/anvil 10 -- postfix/submission/smtpd[984]: connection established 11 -- postfix/submission/smtpd[984]: master_notify: status 0 12 -- postfix/submission/smtpd[984]: name_mask: resource 13 -- postfix/submission/smtpd[984]: name_mask: software 14 -- postfix/submission/smtpd[984]: connect from [CLIENTNAME][[CLIENTIP]] 15 -- postfix/submission/smtpd[984]: match_list_match: [CLIENTNAME]: no match 16 -- postfix/submission/smtpd[984]: match_list_match: [CLIENTIP]: no match 17 -- postfix/submission/smtpd[984]: match_list_match: [CLIENTNAME]: no match 18 -- postfix/submission/smtpd[984]: match_list_match: [CLIENTIP]: no match 19 -- postfix/submission/smtpd[984]: match_hostname: debug_peer_list: [CLIENTNAME] ~? 127.0.0.1 20 -- postfix/submission/smtpd[984]: match_hostaddr: debug_peer_list: [CLIENTIP] ~? 127.0.0.1 21 -- postfix/submission/smtpd[984]: match_hostname: debug_peer_list: [CLIENTNAME] ~? [MYDOMAIN] 22 -- postfix/submission/smtpd[984]: match_hostaddr: debug_peer_list: [CLIENTIP] ~? [MYDOMAIN] 23 -- postfix/submission/smtpd[984]: match_list_match: [CLIENTNAME]: no match 24 -- postfix/submission/smtpd[984]: match_list_match: [CLIENTIP]: no match 25 -- postfix/submission/smtpd[984]: smtp_stream_setup: maxtime=300 enable_deadline=0 26 -- postfix/submission/smtpd[984]: match_hostname: smtpd_client_event_limit_exceptions: [CLIENTNAME] ~? 127.0.0.0/8 27 -- postfix/submission/smtpd[984]: match_hostaddr: smtpd_client_event_limit_exceptions: [CLIENTIP] ~? 127.0.0.0/8 28 -- postfix/submission/smtpd[984]: match_list_match: [CLIENTNAME]: no match 29 -- postfix/submission/smtpd[984]: match_list_match: [CLIENTIP]: no match 30 -- postfix/submission/smtpd[984]: auto_clnt_open: connected to private/anvil 31 -- postfix/submission/smtpd[984]: send attr request = connect 32 -- postfix/submission/smtpd[984]: send attr ident = submission:[CLIENTIP] 33 -- postfix/submission/smtpd[984]: private/anvil: wanted attribute: status 34 -- postfix/submission/smtpd[984]: input attribute name: status 35 -- postfix/submission/smtpd[984]: input attribute value: 0 36 -- postfix/submission/smtpd[984]: private/anvil: wanted attribute: count 37 -- postfix/submission/smtpd[984]: input attribute name: count 38 -- postfix/submission/smtpd[984]: input attribute value: 1 39 -- postfix/submission/smtpd[984]: private/anvil: wanted attribute: rate 40 -- postfix/submission/smtpd[984]: input attribute name: rate 41 -- postfix/submission/smtpd[984]: input attribute value: 1 42 -- postfix/submission/smtpd[984]: private/anvil: wanted attribute: (list terminator) 43 -- postfix/submission/smtpd[984]: input attribute name: (end) 44 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 220 teshar.[MYDOMAIN] ESMTP Postfix (Debian/GNU) 45 -- postfix/submission/smtpd[984]: < [CLIENTNAME][[CLIENTIP]]: EHLO [192.168.0.10] 46 -- postfix/submission/smtpd[984]: match_list_match: [CLIENTNAME]: no match 47 -- postfix/submission/smtpd[984]: match_list_match: [CLIENTIP]: no match 48 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-[MYHOSTDOMAIN] 49 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-PIPELINING 50 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-SIZE 10240000 51 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-VRFY 52 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-ETRN 53 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-STARTTLS 54 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-ENHANCEDSTATUSCODES 55 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-8BITMIME 56 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-DSN 57 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250 SMTPUTF8 58 -- postfix/submission/smtpd[984]: < [CLIENTNAME][[CLIENTIP]]: STARTTLS 59 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 220 2.0.0 Ready to start TLS 60 -- postfix/submission/smtpd[984]: setting up TLS connection from [CLIENTNAME][[CLIENTIP]] 61 -- postfix/submission/smtpd[984]: [CLIENTNAME][[CLIENTIP]]: TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH:!MD5:!DES:!ADH:!RC4:!PSD:!SRP:!3DES:!eNULL:!aNULL:!MD5:!DES:!ADH:!RC4:!PSD:!SRP:!3DES:!eNULL:!aNULL" 62 -- postfix/submission/smtpd[984]: send attr request = seed 63 -- postfix/submission/smtpd[984]: send attr size = 32 64 -- postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: status 65 -- postfix/submission/smtpd[984]: input attribute name: status 66 -- postfix/submission/smtpd[984]: input attribute value: 0 67 -- postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: seed 68 -- postfix/submission/smtpd[984]: input attribute name: seed 69 -- postfix/submission/smtpd[984]: input attribute value: KOIm2ud2wCvuYcE8nKhw1RrGwmpKX0gw7kT4sLbysT4= 70 -- postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: (list terminator) 71 -- postfix/submission/smtpd[984]: input attribute name: (end) 72 -- postfix/submission/smtpd[984]: SSL_accept:before SSL initialization 73 -- postfix/submission/smtpd[984]: SSL_accept:before SSL initialization 74 -- postfix/submission/smtpd[984]: send attr request = tktkey 75 -- postfix/submission/smtpd[984]: send attr keyname = [data 16 bytes] 76 -- postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: status 77 -- postfix/submission/smtpd[984]: input attribute name: status 78 -- postfix/submission/smtpd[984]: input attribute value: 4294967295 79 -- postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: keybuf 80 -- postfix/submission/smtpd[984]: input attribute name: keybuf 81 -- postfix/submission/smtpd[984]: input attribute value: 9oQDVRdjTvMeJ/jn0uOC3g== 82 -- postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: (list terminator) 83 -- postfix/submission/smtpd[984]: input attribute name: (end) 84 -- postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS read client hello 85 -- postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS write server hello 86 -- postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS write certificate 87 -- postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS write key exchange 88 -- postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS write server done 89 -- postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS write server done 90 -- postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS read client key exchange 91 -- postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS read change cipher spec 92 -- postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS read finished 93 -- postfix/submission/smtpd[984]: send attr request = tktkey 94 -- postfix/submission/smtpd[984]: send attr keyname = [data 0 bytes] 95 -- postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: status 96 -- postfix/submission/smtpd[984]: input attribute name: status 97 -- postfix/submission/smtpd[984]: input attribute value: 0 98 -- postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: keybuf 99 -- postfix/submission/smtpd[984]: input attribute name: keybuf 100 -- postfix/submission/smtpd[984]: input attribute value: GS4aMvZYYdXW1YceMhQci3PUTQMO/Y/DqBWSZmv8PmTQ8yVeCJL5ZN4VqHMk0jVglcG5vVfLUGluXxMUkDkHrvMcOWwBBjemd8eZhpQzfdP5iBddAAAAAA== 101 -- postfix/submission/smtpd[984]: private/tlsmgr: wanted attribute: (list terminator) 102 -- postfix/submission/smtpd[984]: input attribute name: (end) 103 -- postfix/submission/smtpd[984]: [CLIENTNAME][[CLIENTIP]]: Issuing session ticket, key expiration: 1561823481 104 -- postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS write session ticket 105 -- postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS write change cipher spec 106 -- postfix/submission/smtpd[984]: SSL_accept:SSLv3/TLS write finished 107 -- postfix/submission/smtpd[984]: Anonymous TLS connection established from [CLIENTNAME][[CLIENTIP]]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) 108 -- postfix/submission/smtpd[984]: xsasl_dovecot_server_create: SASL service=smtp, realm=(null) 109 -- postfix/submission/smtpd[984]: name_mask: noanonymous 110 -- postfix/submission/smtpd[984]: xsasl_dovecot_server_connect: Connecting 111 -- postfix/submission/smtpd[984]: xsasl_dovecot_server_connect: auth reply: VERSION?1?1 112 -- postfix/submission/smtpd[984]: xsasl_dovecot_server_connect: auth reply: MECH?LOGIN?plaintext 113 -- postfix/submission/smtpd[984]: name_mask: plaintext 114 -- postfix/submission/smtpd[984]: xsasl_dovecot_server_connect: auth reply: SPID?989 115 -- postfix/submission/smtpd[984]: xsasl_dovecot_server_connect: auth reply: CUID?1 116 -- postfix/submission/smtpd[984]: xsasl_dovecot_server_connect: auth reply: COOKIE?f9b6043b1239b511c8d485c337183bad 117 -- postfix/submission/smtpd[984]: xsasl_dovecot_server_connect: auth reply: DONE 118 -- postfix/submission/smtpd[984]: xsasl_dovecot_server_mech_filter: keep mechanism: LOGIN 119 -- postfix/submission/smtpd[984]: < [CLIENTNAME][[CLIENTIP]]: EHLO [192.168.0.10] 120 -- postfix/submission/smtpd[984]: match_list_match: [CLIENTNAME]: no match 121 -- postfix/submission/smtpd[984]: match_list_match: [CLIENTIP]: no match 122 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-[MYHOSTDOMAIN] 123 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-PIPELINING 124 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-SIZE 10240000 125 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-VRFY 126 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-ETRN 127 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-AUTH LOGIN 128 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-AUTH=LOGIN 129 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-ENHANCEDSTATUSCODES 130 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-8BITMIME 131 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250-DSN 132 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 250 SMTPUTF8 133 -- postfix/submission/smtpd[984]: < [CLIENTNAME][[CLIENTIP]]: QUIT 134 -- postfix/submission/smtpd[984]: > [CLIENTNAME][[CLIENTIP]]: 221 2.0.0 Bye 135 -- postfix/submission/smtpd[984]: match_hostname: smtpd_client_event_limit_exceptions: [CLIENTNAME] ~? 127.0.0.0/8 136 -- postfix/submission/smtpd[984]: match_hostaddr: smtpd_client_event_limit_exceptions: [CLIENTIP] ~? 127.0.0.0/8 137 -- postfix/submission/smtpd[984]: match_list_match: [CLIENTNAME]: no match 138 -- postfix/submission/smtpd[984]: match_list_match: [CLIENTIP]: no match 139 -- postfix/submission/smtpd[984]: send attr request = disconnect 140 -- postfix/submission/smtpd[984]: send attr ident = submission:[CLIENTIP] 141 -- postfix/submission/smtpd[984]: private/anvil: wanted attribute: status 142 -- postfix/submission/smtpd[984]: input attribute name: status 143 -- postfix/submission/smtpd[984]: input attribute value: 0 144 -- postfix/submission/smtpd[984]: private/anvil: wanted attribute: (list terminator) 145 -- postfix/submission/smtpd[984]: input attribute name: (end) 146 -- postfix/submission/smtpd[984]: disconnect from [CLIENTNAME][[CLIENTIP]] ehlo=2 starttls=1 quit=1 commands=4 147 -- postfix/submission/smtpd[984]: master_notify: status 1 148 -- postfix/submission/smtpd[984]: connection closed 149 -- postfix/submission/smtpd[984]: proxymap stream disconnect 150 -- postfix/submission/smtpd[984]: auto_clnt_close: disconnect private/tlsmgr stream因此,客戶端似乎要求進行 STARTTLS 傳輸(第 122 行)。它會導致 TLS 握手(-> 第 106 行)和身份驗證(-> 第 118 行)。然後似乎連接重新啟動(在第 122 行),最終由客戶端(l133)“退出”。
/var/log/mail.err、systemctl status postfix、systemctl status dovecot 中沒有條目。
從我的郵件客戶端 (thunderbird),我收到以下錯誤消息:“發送消息失敗。”
我認為我的 AUTH 過程有問題,但需要您的幫助來澄清這一點。
這是“postconf -n”的輸出
alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases biff = no broken_sasl_auth_clients = yes compatibility_level = 2 debug_peer_level = 10 debug_peer_list = 127.0.0.1, $mydomain home_mailbox = Maildir/ inet_interfaces = all inet_protocols = ipv4 mailbox_size_limit = 0 mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost myhostname = [HIDDEN] mynetworks = 127.0.0.0/8 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relayhost = smtp_tls_cert_file = /etc/letsencrypt/live/[MYDOMAIN]/fullchain.pem smtp_tls_ciphers = medium smtp_tls_exclude_ciphers = MD5, DES ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL smtp_tls_key_file = /etc/letsencrypt/live/[MYDOMAIN]/privkey.pem smtp_tls_mandatory_ciphers = medium smtp_tls_mandatory_exclude_ciphers = MD5, DES ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1 smtp_tls_note_starttls_offer = yes smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1 smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/letsencrypt/live/[MYDOMAIN]/fullchain.pem smtpd_tls_ciphers = medium smtpd_tls_exclude_ciphers = MD5, DES ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL smtpd_tls_key_file = /etc/letsencrypt/live/[MYDOMAIN]/privkey.pem smtpd_tls_loglevel = 3 smtpd_tls_mandatory_ciphers = medium smtpd_tls_mandatory_exclude_ciphers = MD5, DES ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1 smtpd_tls_protocols = !SSLv2,!SSLv3, !TLSv1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes tls_preempt_cipherlist = yes這是“postconf -Mf”的輸出
smtp inet n - n - - smtpd -v submission inet n - n - - smtpd -v -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no smtps inet n - n - - smtpd -v pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}感謝您的時間和考慮:)
編輯:刪除 /var/log/mail.log 中的時間 + 主機名條目
您的配置偏離了郵件客戶端的常見和預期:您在所有 smtpd 埠上提供 STARTTLS。您的郵件客戶端直接退出(我懷疑是因為它沒有為此設置進行配置)。
通常,您會在埠 465 上提供乾淨的 TLS - 同時期望客戶端首先
STARTTLS在埠 25 和 587 上說。任何現代郵件客戶端都會自動正確設置,因為啟動安全連接的兩種方法都可以使用預設值。將您的更改
master.cf為告訴 postfix 在日誌中突出顯示非 STARTTLS 啟動的會話,並在埠 465 上提供直接 TLS 啟動,類似於您對埠 587 所做的操作:smtps inet n - n - - smtpd -v -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no然後,刪除您的insecure
smtpd_sasl_auth_enable和smtpd_sasl_security_optionsmain.cf - 因為您可能不希望允許郵件客戶端在埠 25 上傳遞經過身份驗證的郵件,僅在為此目的明確啟用的兩個送出埠上。當一切正常時,您可能還希望刪除
-vandinet_protocols標誌,我猜它們是測試的剩餘部分。