Linux

後綴:警告:連接到 127.0.0.1:10023:連接被拒絕,未收到來自外部域的郵件

  • February 5, 2018

我有一個 Postfix 伺服器執行了很短的時間,它工作,但我今天不得不重新啟動伺服器,我不再接收來自外部來源的電子郵件:

Jan 23 01:34:44 myservername postfix/smtpd[1055]: connect from db3ehsobe006.messaging.microsoft.com[213.199.154.144]
Jan 23 01:34:45 myservername postfix/smtpd[1055]: warning: connect to 127.0.0.1:10023: Connection refused
Jan 23 01:34:45 myservername postfix/smtpd[1055]: warning: problem talking to server 127.0.0.1:10023: Connection refused
Jan 23 01:34:46 myservername postfix/smtpd[1055]: warning: connect to 127.0.0.1:10023: Connection refused
Jan 23 01:34:46 myservername postfix/smtpd[1055]: warning: problem talking to server 127.0.0.1:10023: Connection refused
Jan 23 01:34:46 myservername postfix/smtpd[1055]: NOQUEUE: reject: RCPT from db3ehsobe006.messaging.microsoft.com[213.199.154.144]: 451 4.3.5 Server configuration problem; from=<MyKnownWorking@EmailAccountOutside> to=<MyAccount@MyDomain.com> proto=ESMTP helo=<db3outboundpool.messaging.microsoft.com>

伺服器正在監聽port 10023,但我注意到它只通過 IPv6 監聽:

> sudo netstat -a | grep 10023
tcp6       0      0 ip6-localhost:10023     [::]:*                  LISTEN

我沒有防火牆規則可以拒絕特定埠,地獄,我繼續刷新規則集只是為了確認它。這是我的 postconf -n 的輸出(我編輯了我的域名代替“mydomain.com”:

> sudo postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
   append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
disable_vrfy_command = yes
inet_interfaces = all
inet_protocols = ipv4
mailbox_size_limit = 0
message_size_limit = 0
mydestination = localhost.$mydomain, localhost, mail.mydomain.com, servername.mydomain.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = host
myorigin = /etc/mailname
readme_directory = no
receive_override_options = no_address_mappings
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = mail.mydomain.com ESMTP $mail_name
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_tls_cert_file = /etc/ssl/private/mail.mydomain.com.crt
smtpd_tls_key_file = /etc/ssl/private/mail.mydomain.com.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = mysql:/etc/postfix/maps/alias.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/maps/domain.cf
virtual_mailbox_limit = 0
virtual_mailbox_maps = mysql:/etc/postfix/maps/user.cf
virtual_uid_maps = static:5000

如您所見,我什至試圖通過 inet_protocols 指定它偵聽 ipv4 連接。我已經嘗試過使用和不使用該命令。

任何故障排除幫助將不勝感激!當然,如果您發現我的配置中的任何內容都非常愚蠢,我不會拒絕建議或批評。

您對smtpd_recipient_restrictions的最後一次檢查使用策略服務來驗證收件人。通常這是一個 postgrey 服務,並且 Postfix 連接到它似乎有一些問題。

smtpd_recipient_restrictions = ...,check_policy_service inet:127.0.0.1:10023, permit

如果您從 smtpd_recipient_restrictions 中刪除check_policy_service inet:127.0.0.1:10023,您應該消除錯誤,但您仍然應該確定您的 postgrey 或將在此處執行的其他服務會發生什麼。

在 Unbuntu 系統上檢查 Postgrey

通常,postgrey 預設配置將在埠 10023 上偵聽連接並確定是否應允許或拒絕它們。Unbutu 伺服器上的一些元件,您可以檢查它是否已安裝…

  • 你有/etc/default/postgrey檔案嗎?這是基本的配置文件。
  • 你有/etc/postgrey文件夾嗎?這是您可以將元素列入白名單的地方。
  • 當您執行時> which postgrey,它會找到二進製文件嗎?我的在/usr/sbin/postgrey.
  • 你有/etc/init.d/postgrey在啟動時啟動它的腳本嗎?這是 Ubuntu 守護程序的典型位置。

這些只會為您提供一些線索,說明該伺服器是否曾經postgrey配置過。如果該程序在您的伺服器上未正常執行,您將需要進一步尋找故障排除。

引用自:https://serverfault.com/questions/471581