Postfix

如何讓 gmail 使用 postfix 作為 SMTP 伺服器

  • June 14, 2020

我正在嘗試讓 gmail 從我的虛域發送電子郵件 - 可以理解,它希望使用為該域設置的 SMTP 伺服器。我嘗試將 postfix 配置為我的虛域的 SMTP 伺服器,但在 gmail 中我不斷收到身份驗證錯誤。我的經驗似乎與Postfix 作為 Gmail 的 SMTP 伺服器非常相似。(“以” google 選項發送郵件) 對於這個特定問題,我在網上幾乎沒有找到其他有用的資訊。大多數其他似乎詢問此問題的使用者都會得到“這是如何將 gmail 用作 SMTP 伺服器”的答案,這顯然沒有幫助。Gmail 無法從我的虛域發送,這就是我(和它)需要 SMTP 伺服器的原因。

這是我的配置文件,我使用 host.example.com 作為執行後綴的伺服器的完整主機和域名。- 我已將 vanity.domain 用作我試圖以不同使用者身份使用 gmail 和 user1 等的虛榮域名。

我添加了 Letsencrypt 證書,因為有人建議 gmail 可能會拒絕自簽名證書。我不知道這是否正確,或者我是否正確地完成了它 - 我在 host.domain.com 上使用了 certbot –apache - 證書在 host.exmaple.com 的瀏覽器中確實有效。

順便說一句,我還沒有設法讓 postfix 使用埠 587 - 所以我從原來的位置刪除了 :587

$$ vanity.domain $$:587 在配置中。 main.cf(由於不同指南建議添加的所有內容,它變得很長)

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/host.example.com/fullchain.pem
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/letsencrypt/live/host.example.com/privkey.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = host.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, host.example.com, host, localhost.localdomain, localhost
#relayhost =[vanity.domain]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

virtual_alias_domains = vanity.domain
virtual_alias_maps = hash:/etc/postfix/virtual
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noplaintext,noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_auth_enable = yes
smtp_use_tls = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

#smtp_tls_security_level = may
#smtp_tls_protocols = !SSLv2, !SSLv3
#smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
#smtp_tls_mandatory_ciphers = high
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = 
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtp_tls_security_level = may
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_ciphers = high
smtp_tls_loglevel = 1 
sender_canonical_maps = tcp:127.0.0.1:10001
sender_canonical_classes = envelope_sender
recipient_canonical_maps = tcp:127.0.0.1:10002
recipient_canonical_classes = envelope_recipient

等/後綴/虛擬:

user1@vanity.domain user1@gmail.com
user2@vanity.domain user2@gmail.com
user3@vanity.domain user3@gmail.com
testing@vanity.domain user1@gmail.com
@vanity.domain user1@gmail.com

我嘗試連接時的日誌(已刪除 ips、日期和時間):

connect from mail-ua1-f41.google.com
Anonymous TLS connection established from mail-ua1-f41.google.com: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
warning: mail-ua1-f41.google.com: SASL PLAIN authentication failed:
lost connection after AUTH from mail-ua1-f41.google.com
disconnect from mail-ua1-f41.google.com ehlo=2 starttls=1 auth=0/1 commands=3/4

sasl_passwd

[vanity.domain] user1:longpassword

最後,在 gmail 的 SMTP 設置中,我填寫以下內容:

smtp 伺服器:host.example.com 使用者:user1(我也試過 user1@vanity.domainuser1@host.example.com - 我不確定應該是哪個) 密碼:longpassword 埠:25(試過 587 和 465太)安全性:TLS(嘗試過 SSL 並且不安全)

我放棄了,改用 sendgrid

引用自:https://serverfault.com/questions/1019931