Debian

帶有 Gsuite / Gmail 中繼的 Postfix 無法正常工作

  • September 20, 2019

我是伺服器管理員的新手,並嘗試使用 GSUITE 使用者作為發件人從我的伺服器發送電子郵件

我閱讀了很多教程(包括在 Google Compute Engine 實例中配置後綴以使用 Google Apps SMTP 中繼),但我對 EHLO / TLS / …

我只想 :

  • 從伺服器發送電子郵件:

    • 託管在MY_HOST_NAME.COM
    • 使用 IP 地址MY_HOST_IP
    • 使用主機名MY_HOST_NAME
  • 使用 gsuite 域MY_GSUITE_DOMAIN.COM

到目前為止,我有:

  • 在 /etc/postfix/sasl/sasl_passwd 中輸入我的 SMTP 憑據並生成一個 sasl_passwd.db 文件
  • 按照google doc配置 Gsuite SMTP 中繼選項
    • 允許來自我的 Gsuite 域的使用者
    • 要求 smtp 身份驗證
    • 不需要 TLS 身份驗證

我的後綴配置 /etc/postifx/main.cf 如下:

myorigin = /etc/mailname  ## FILE CONTAINS ONLY MY_HOST_NAME

biff = no

readme_directory = no

compatibility_level = 2

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd

myhostname = MY_HOST_NAME.COM
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, MY_GSUITE_DOMAIN.COM,  localhost
fallback_transport = relay

relayhost = [smtp-relay.gmail.com]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +

inet_interfaces = loopback-only
inet_protocols = ipv4

我嘗試使用 sendmail 命令發送測試電子郵件:

echo "Subject: sendmail test " | sendmail -v john@johncompany.com

…並在 /var/log/mail.log 中不斷收到相同的錯誤:

Sep 19 11:06:18 MY_HOST_NAME postfix/pickup[22443]: B40A61D4FD0: uid=0 from=<root>
Sep 19 11:06:18 MY_HOST_NAME postfix/cleanup[9353]: B40A61D4FD0: message-id=<20190919090618.B40A61D4FD0@**MY_SERVER_HOST.COM**>
Sep 19 11:06:18 MY_HOST_NAME postfix/qmgr[22444]: B40A61D4FD0: from=<root@**MY_GSUITE_DOMAIN.COM**>, size=275, nrcpt=1 (queue active)
Sep 19 11:06:18 MY_HOST_NAME postfix/smtp[9355]: B40A61D4FD0: to=<JOHN@JOHNCOMPANY.COM>, relay=smtp-relay.gmail.com[173.194.76.28]:587, 
delay=0.23, delays=0.03/0.01/0.08/0.11, dsn=5.7.1, status=bounced 
(host smtp-relay.gmail.com[173.194.76.28] said: 550-5.7.1 Invalid credentials for relay [**MY_SERVER_IP**]. 
The IP address you've 550-5.7.1 registered in your G Suite SMTP Relay service doesn't match domain of 550-5.7.1 
the account this email is being sent from. If you are trying to relay 550-5.7.1 mail from a domain that isn't 
registered under your G Suite account 550-5.7.1 or has empty envelope-from, you must configure your mail 
server 550-5.7.1 either to use SMTP AUTH to identify the sending domain or to present 550-5.7.1 one of your 
domain names in the HELO or EHLO command. For more 550-5.7.1 information, please visit 550 5.7.1  
https://support.google.com/a/answer/6140680#invalidcred d13sm115728wrp.67 - gsmtp (in reply to MAIL FROM command))
Sep 19 11:06:18 MY_HOST_NAME postfix/cleanup[9353]: EE3691D4FD2: message-id=<20190919090618.EE3691D4FD2@**MY_SERVER_HOST.COM**>
Sep 19 11:06:18 MY_HOST_NAME postfix/qmgr[22444]: EE3691D4FD2: from=<>, size=3661, nrcpt=1 (queue active)
Sep 19 11:06:18 MY_HOST_NAME postfix/bounce[9368]: B40A61D4FD0: sender non-delivery notification: EE3691D4FD2
Sep 19 11:06:18 MY_HOST_NAME postfix/cleanup[9353]: EF93A1D4FCA: message-id=<20190919090618.EF93A1D4FCA@**MY_SERVER_HOST.COM** >
Sep 19 11:06:18 MY_HOST_NAME postfix/bounce[9369]: B40A61D4FD0: sender delivery status notification: EF93A1D4FCA

錯誤出現在myorigin 參數中:它必須是MY_GSUITE_DOMAIN.COM才能擁有正確的發件人而不是主機。

所以穀歌錯誤在這裡有點誤導。

另外不要忘記降低 gsuite 帳戶中安全性較低的應用程序:https: //support.google.com/a/answer/6260879?hl= fr

對於像我這樣想要使用 php 從 gsuite 電子郵件帳戶發送的人,不要忘記:

  • 在 php.ini 中或直接在 php 腳本中指定發件人(在 php 郵件或其他任何內容中)
  • 在 php.ini 中定義 sendmail 命令的正確位置

…並為您的發行版使用 /var/log/mail.log 或類似工具進行調試。

到目前為止,我在 postfix / gsuite 設置上找到的最好的教程是這個:https ://www.linode.com/docs/email/postfix/configure-postfix-to-send-mail-using-gmail-and -google-apps-on-debian-or-ubuntu/

(我跳過了應用程序密碼部分)

引用自:https://serverfault.com/questions/984823