Postfix
沒有收到來自 Google 的郵件甚至連接嘗試
我最近在 vps 上安裝並配置了我自己的 postfix 郵件伺服器。它使用 LetsEncrypt 萬用字元證書,有一個 PTR DNS 記錄,其中 vps 的 IP 地址指向我的郵件伺服器的主機名,並配置了 SPF 和 DKIM(但還沒有 DMARC),並
ufw配置為允許埠上的傳入連接25,80,443,587,993。一切似乎都執行良好:郵件伺服器接收來自幾乎任何人的傳入郵件,除了來自 Google 的郵件,正如我今天發現的那樣:
我今天多次嘗試使用我自己的一個郵件地址創建一個 Google 帳戶,但每次我都沒有收到驗證碼,儘管 Google 告訴我他們會發送一個。事實上:
/var/log/mail.log甚至沒有列出來自 Google 的任何連接嘗試。然後,我測試了使用來自知名網路郵件提供商的臨時電子郵件地址創建一個 Google 帳戶,並且驗證碼順利通過。
所以,這一切都讓我相信我的郵件伺服器配置錯誤。
我的假設是Google有非常嚴格的安全措施來驗證郵件地址和/或郵件伺服器的真實性,但我沒有足夠的知識來確切地知道在哪裡查看。
這是我的
/etc/postfix/main.cf(域編輯為<mydomain>):smtpd_banner = $myhostname ESMTP $mail_name biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters smtpd_tls_cert_file=/etc/letsencrypt/live/<mydomain>/fullchain.pem smtpd_tls_key_file=/etc/letsencrypt/live/<mydomain>/privkey.pem smtpd_tls_security_level=may smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtp_tls_CApath=/etc/ssl/certs smtp_tls_security_level=may smtp_tls_loglevel = 1 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_recipient_restrictions=reject_unknown_client_hostname,check_policy_service unix:private/policyd-spf # Host parameters myhostname = mail.<mydomain> alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname masquerade_domains = $mydomain mydestination = $myhostname, <mydomain>, vps.<mydomain>, localhost.<mydomain>, localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all # Connect to Postgres for mailboxes, transports and aliases local_recipient_maps = virtual_uid_maps = static:997 virtual_gid_maps = static:998 virtual_mailbox_base = /var/mail/vmail/ virtual_mailbox_maps = pgsql:/etc/postfix/pgsql/mailboxes.cf virtual_alias_maps = pgsql:/etc/postfix/pgsql/aliases.cf transport_maps = pgsql:/etc/postfix/pgsql/transports.cf # DKIM milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:127.0.0.1:8892 non_smtpd_milters = $smtpd_milters…這是我的
/etc/postfix/master.cf:smtp inet n - y - - smtpd -o disable_vrfy_command=yes #smtp inet n - y - 1 postscreen #smtpd pass - - y - - smtpd #dnsblog unix - - y - 0 dnsblog #tlsproxy unix - - y - 0 tlsproxy submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_tls_auth_only=yes -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_reject_unlisted_recipient=no -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions= -o milter_macro_daemon_name=ORIGINATING -o disable_vrfy_command=yes # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions #smtps inet n - y - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - y - - qmqpd pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup -o header_checks=regexp:/etc/postfix/header_checks qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp relay unix - - y - - smtp -o syslog_name=postfix/$service_name # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache postlog unix-dgram n - n - 1 postlogd # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} policyd-spf unix - n n - 0 spawn user=policyd-spf argv=/usr/bin/policyd-spf您知道為什麼 Google 無法將郵件發送到我的郵件伺服器嗎?可能是缺少 DMARC 嗎?或者Google可能會嘗試通過 25 以外的其他埠發送郵件?那是一回事嗎?通過 25 以外的其他埠接收郵件?
一些附加資訊,以響應 glts 的回答,可能是相關的:
我確實有一條 MX 記錄指向我的郵件伺服器:
但是,
/etc/hostname我的 vps 盒子的主機名 ( ) 是vps.<mydomain>. 只有 postfix 被配置為監聽mail.<mydomain>(如您在 中所見main.cf)。這可能是一個問題嗎?
如果您在日誌中沒有看到如下一行,那麼 Google 伺服器確實甚至沒有嘗試與您聯繫。
postfix/smtpd[90034]: connect from mail-oa1-x2a.google.com[2001:4860:4864:20::2a]發件人如何知道要連接到哪個郵件伺服器?通過查看郵件域的 MX 記錄。
因此,如果您希望在地址 me@example.com 接收郵件,那麼發送 MTA 將查看 example.com 的 MX 記錄以找到正確的伺服器。然後它將查找郵件伺服器的 IP 地址,因此請確保也為 mail.<mydomain> 設置了 A 和 AAAA 記錄。
如果您沒有為您的郵件域 example.com 配置指向您的郵件伺服器的 MX 記錄,那麼當然 Google 將永遠找不到您。除此之外,在我看來,Google是一個普通的發件人,沒有特殊的隱藏要求。