Iptables
臨時身份驗證失敗 454 4.7.1 <email>:中繼訪問被拒絕
我可以在 Squirrelmail 中接收郵件,但不能發送到外部世界。
Message not sent. Server replied: Temporary authentication failure 454 4.7.1 <email@somemail.com>: Relay access denied我仔細檢查了 postfix 是否有效,即能夠通過 mail.domain.com 和 smtp.domain.com 遠端登錄。Dovecot 也可以。似乎 Squirrelmail 是個嫌疑犯。玩配置,不確定是什麼導致了問題。
日誌顯示此資訊:
mail.domain.com postfix/smtpd[4443]: connect from mail.domain.com[XXX.XXX.XXX.XXX] mail.domain.com postfix/smtpd[4443]: NOQUEUE: reject: RCPT from mail.domain.com[XXX.XXX.XXX.XXX]: 454 4.7.1 <email@somemail.com>: Relay access denied; from=<user@domain.com> to=<email@somemail.com> proto=ESMTP helo=<mail.domain.com> mail.domain.com postfix/smtpd[4443]: lost connection after RCPT from mail.domain.com[XXX.XXX.XXX.XXX] mail.domain.com postfix/smtpd[4443]: disconnect from mail.domain.com[XXX.XXX.XXX.XXX] ehlo=1 mail=1 rcpt=0/1 commands=2/3網路統計-plntu
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 940/dovecot tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 940/dovecot tcp 0 0 192.168.124.1:53 0.0.0.0:* LISTEN 1107/dnsmasq tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1905/cupsd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 937/master tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 940/dovecot tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 940/dovecot tcp6 0 0 :::110 :::* LISTEN 940/dovecot tcp6 0 0 :::143 :::* LISTEN 940/dovecot tcp6 0 0 :::80 :::* LISTEN 3521/httpd tcp6 0 0 ::1:631 :::* LISTEN 1905/cupsd tcp6 0 0 :::993 :::* LISTEN 940/dovecot tcp6 0 0 :::995 :::* LISTEN 940/dovecot udp 0 0 127.0.0.1:323 0.0.0.0:* 736/chronyd udp 0 0 0.0.0.0:5353 0.0.0.0:* 722/avahi-daemon: r udp 0 0 0.0.0.0:55024 0.0.0.0:* 722/avahi-daemon: r udp 0 0 192.168.124.1:53 0.0.0.0:* 1107/dnsmasq udp 0 0 0.0.0.0:67 0.0.0.0:* 1107/dnsmasq udp6 0 0 :::41119 :::* 722/avahi-daemon: r udp6 0 0 ::1:323 :::* 736/chronyd udp6 0 0 :::5353 :::* 722/avahi-daemon: riptables如下:
iptables -S -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A FORWARD -d 192.168.124.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.124.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPTiptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere 192.168.124.0/24 ctstate RELATED,ESTABLISHED ACCEPT all -- 192.168.124.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:bootpciptables-保存
*mangle :PREROUTING ACCEPT [9985:4365661] :INPUT ACCEPT [9969:4364853] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [10509:2272775] :POSTROUTING ACCEPT [10545:2275457] -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill COMMIT *nat :PREROUTING ACCEPT [78:6056] :INPUT ACCEPT [62:5248] :OUTPUT ACCEPT [1057:68220] :POSTROUTING ACCEPT [1057:68220] -A POSTROUTING -s 192.168.124.0/24 -d 224.0.0.0/24 -j RETURN -A POSTROUTING -s 192.168.124.0/24 -d 255.255.255.255/32 -j RETURN -A POSTROUTING -s 192.168.124.0/24 ! -d 192.168.124.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.124.0/24 ! -d 192.168.124.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.124.0/24 ! -d 192.168.124.0/24 -j MASQUERADE COMMIT *filter :INPUT ACCEPT [9969:4364853] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [10509:2272775] -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A FORWARD -d 192.168.124.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.124.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT COMMIT15.11.2017 更新:此問題已通過更改 Squirrelmail 中的配置得到解決。跑
/usr/share/squirrelmail/config/conf.pl轉到:伺服器設置 -> 更新 IMAP 設置 -> imap.domain.com 和更新 SMTP 設置 -> smtp.domain.com。它曾經只是本地主機。
14.11.2017 更新:禁用防火牆並能夠再次發送郵件。但是,iptables 的問題仍然存在。我也在 SELinux 中嘗試過:
setsebool -P httpd_can_network_connect 1更新 13.11.2017 啟用防火牆並打開埠 80/443、25/143 後,無法在 Squirrelmail 上發送電子郵件。請幫忙!
錯誤:消息未發送。伺服器回复:
Connection refused 111 Can't open SMTP stream.這個問題來自以下執行緒。 Postfix、dovecot、squirrelmail 伺服器能夠發送但不能接收電子郵件
通過編輯 Squirrelamil 配置文件,我終於能夠發送電子郵件。基本上我從 SMTP 切換到 Sendmail。在 /etc/squirrelmail/config.php 更改
$useSendmail = true;然後重啟apache
systemctl restart httpd然後允許 Selinux 使用 sendmail
setsebool -P httpd_can_sendmail=1我懷疑 Squirrelmail 的這種配置會持續很長時間。我肯定會玩它。目前,不知道為什麼 SMTP 不起作用,但 sendmail 起作用了。希望通過弄亂 SELinux 來解決。同時,有人對 SMTP 還是 Sendmail 是最好用的有意見嗎?