telnet 無法連接到遠端主機
我已經在我的一台實時伺服器上安裝了 postfix 和 devcot 來發送批量郵件(註冊時的系統消息、密碼錯誤等)。我使用 php_imap 函式來檢查退回郵件並標記這些電子郵件 ID,這樣我們就不會繼續向那些導致退回郵件的地址發送電子郵件。我注意到 php_imap 函式沒有讀取實時伺服器上的反彈,它確實讀取了測試伺服器上的反彈。但是實時伺服器能夠發送郵件!兩台伺服器都具有相同的 Centos 6.4 作業系統並具有相同的 iptable 配置。
我比較了“測試”和“實時”域的 DNS 條目,它們具有必要的 SPF 條目。託管服務提供商有必要的 PTR 記錄。但是由於某種原因,php_imap 程序無法使用反彈。
在這一點上,我不確定反彈是否被傳遞到伺服器並且 dovecot 無法讀取它們,或者反彈是否根本沒有傳遞。
所以我比較了“測試”和“實時”伺服器的 /etc/postfix/main.cf 和 /etc/postfix/master.cf 中的條目,發現它們除了域名之外是相同的。
為了確保我檢查了 postfix 是否正在執行 ps aux | grep 後綴,它返回了
實時伺服器
[root@bw sridhar]# ps aux | grep postfix root 1433 0.0 0.1 13476 2696 ? Ss 09:32 0:00 /usr/libexec/postfix/master postfix 1443 0.0 0.1 13720 2836 ? S 09:32 0:00 qmgr -l -t fifo -u postfix 4724 0.0 0.1 13552 2668 ? S 12:00 0:00 pickup -l -t fifo -u postfix 4850 0.0 0.1 13696 2776 ? S 12:15 0:00 cleanup -z -t unix -u postfix 4852 0.0 0.1 13748 2928 ? S 12:15 0:00 smtp -t unix -u postfix 4855 0.0 0.1 13748 2928 ? S 12:15 0:00 smtp -t unix -u postfix 4856 0.0 0.1 13588 2656 ? S 12:15 0:00 bounce -z -n defer -t unix -u root 4858 0.0 0.0 4360 736 pts/0 S+ 12:15 0:00 grep postfix
測試伺服器
[root@bwStagingTesting sridhar]# ps aux | grep postfix root 1258 0.0 0.2 12816 2480 ? Ss Feb17 0:13 /usr/libexec/postfix/master postfix 1268 0.0 0.2 13228 2896 ? S Feb17 0:07 qmgr -l -t fifo -u postfix 2158 0.0 0.2 12888 2468 ? S Feb17 0:00 tlsmgr -l -t unix -u postfix 4860 0.0 0.2 12892 2496 ? S 12:12 0:00 pickup -l -t fifo -u postfix 4988 0.0 0.2 13036 2604 ? S 12:15 0:00 cleanup -z -t unix -u postfix 4990 0.0 0.3 13148 3096 ? S 12:15 0:00 local -t unix root 5334 0.0 0.0 4356 728 pts/5 S+ 12:15 0:00 grep postfix
對我來說似乎還可以。然後我檢查了我是否能夠在本地主機上遠端登錄到埠 25,我得到了以下結果
實時伺服器
[root@bw sridhar]# telnet localhost 25 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused
測試伺服器
[root@bwStagingTesting sridhar]# telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. 220 mail.st.biz ESMTP Postfix ehlo localhost 250-mail.st.biz 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit 221 2.0.0 Bye Connection closed by foreign host.
我嘗試從筆記型電腦遠端登錄到各個伺服器的 IP 地址。Telnet 到 LIVE 伺服器導致 telnet:無法連接到遠端主機:連接被拒絕
但是我可以遠端登錄到測試伺服器。
所以我檢查了是否有人在兩台機器和實時伺服器上的埠 25 上監聽我得到以下資訊
實時伺服器
[root@bw sridhar]# netstat -lnp | grep 25 unix 2 [ ACC ] STREAM LISTENING 8125 1341/dovecot /var/run/dovecot/login/pop3 unix 2 [ ACC ] STREAM LISTENING 8425 1433/master public/cleanup
測試伺服器
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1258/master tcp 0 0 :::25 :::* LISTEN 1258/master unix 2 [ ACC ] STREAM LISTENING 8270 1258/master public/cleanup unix 2 [ ACC ] STREAM LISTENING 8277 1258/master private/tlsmgr unix 2 [ ACC ] STREAM LISTENING 8281 1258/master private/rewrite unix 2 [ ACC ] STREAM LISTENING 8285 1258/master private/bounce unix 2 [ ACC ] STREAM LISTENING 8289 1258/master private/defer unix 2 [ ACC ] STREAM LISTENING 8293 1258/master private/trace unix 2 [ ACC ] STREAM LISTENING 8297 1258/master private/verify unix 2 [ ACC ] STREAM LISTENING 8301 1258/master public/flush unix 2 [ ACC ] STREAM LISTENING 8305 1258/master private/proxymap unix 2 [ ACC ] STREAM LISTENING 8309 1258/master private/proxywrite unix 2 [ ACC ] STREAM LISTENING 8313 1258/master private/smtp unix 2 [ ACC ] STREAM LISTENING 8317 1258/master private/relay unix 2 [ ACC ] STREAM LISTENING 8321 1258/master public/showq unix 2 [ ACC ] STREAM LISTENING 8325 1258/master private/error unix 2 [ ACC ] STREAM LISTENING 8329 1258/master private/retry unix 2 [ ACC ] STREAM LISTENING 8333 1258/master private/discard unix 2 [ ACC ] STREAM LISTENING 8337 1258/master private/local unix 2 [ ACC ] STREAM LISTENING 8341 1258/master private/virtual unix 2 [ ACC ] STREAM LISTENING 8345 1258/master private/lmtp unix 2 [ ACC ] STREAM LISTENING 8349 1258/master private/anvil unix 2 [ ACC ] STREAM LISTENING 8353 1258/master private/scache
我看到 LIVE 伺服器的條目中缺少為 TEST SERVER 顯示的前兩行。這意味著 postfix 沒有監聽 LIVE 伺服器上的埠 25 這讓我想知道這是否可能是反彈沒有到達 LIVE SERVER 但到達 TEST 伺服器的原因。
搞了兩天了,還沒有找到解決方法的線索。關於如何解決這個問題的任何想法?
更新:iptable 條目
實時伺服器
[root@bw sridhar]# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:distinct ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:urd ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s ACCEPT tcp -- anywhere anywhere tcp dpt:imap ACCEPT tcp -- anywhere anywhere tcp dpt:imaps Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
測試伺服器
[root@bwStagingTesting sridhar]# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:urd ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s ACCEPT tcp -- anywhere anywhere tcp dpt:imap ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ACCEPT tcp -- anywhere anywhere tcp dpt:distinct ACCEPT tcp -- anywhere anywhere tcp dpt:munin Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
更新:詳細的 iptable 列表
[root@bookingwire sridhar]# iptables -L --verbose Chain INPUT (policy DROP 1662 packets, 103K bytes) pkts bytes target prot opt in out source destination 184K 190M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 7 400 DROP tcp -- any any anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW 0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG 2140 128K ACCEPT all -- lo any anywhere anywhere 1176 67092 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http 3 120 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https 6 360 ACCEPT tcp -- any any anywhere anywhere tcp dpt:distinct 8 432 ACCEPT tcp -- any any anywhere anywhere tcp dpt:smtp 1 40 ACCEPT tcp -- any any anywhere anywhere tcp dpt:urd 2 88 ACCEPT tcp -- any any anywhere anywhere tcp dpt:pop3 38 2260 ACCEPT tcp -- any any anywhere anywhere tcp dpt:pop3s 1 40 ACCEPT tcp -- any any anywhere anywhere tcp dpt:imap 1 40 ACCEPT tcp -- any any anywhere anywhere tcp dpt:imaps Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 112K packets, 103M bytes) pkts bytes target prot opt in out source destination
更新:完整的 master.cf 列表
# # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # #maildrop unix - n n - - pipe # flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # # ==================================================================== # # The Cyrus deliver program has changed incompatibly, multiple times. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # #uucp unix - n n - - pipe # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # ==================================================================== # # Other external delivery methods. # #ifmail unix - n n - - pipe # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) # #bsmtp unix - n n - - pipe # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient # #scalemail-backend unix - n n - 2 pipe # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store # ${nexthop} ${user} ${extension} # #mailman unix - n n - - pipe # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # ${nexthop} ${user}
更新:postfix 監聽 587
[root@bw sridhar]# netstat -lnp | grep master tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 16536/master tcp 0 0 :::587 :::* LISTEN 16536/master unix 2 [ ACC ] STREAM LISTENING 152749 16536/master public/cleanup unix 2 [ ACC ] STREAM LISTENING 152756 16536/master private/tlsmgr unix 2 [ ACC ] STREAM LISTENING 152760 16536/master private/rewrite unix 2 [ ACC ] STREAM LISTENING 152764 16536/master private/bounce unix 2 [ ACC ] STREAM LISTENING 152768 16536/master private/defer unix 2 [ ACC ] STREAM LISTENING 152772 16536/master private/trace unix 2 [ ACC ] STREAM LISTENING 152776 16536/master private/verify unix 2 [ ACC ] STREAM LISTENING 152780 16536/master public/flush unix 2 [ ACC ] STREAM LISTENING 152784 16536/master private/proxymap unix 2 [ ACC ] STREAM LISTENING 152788 16536/master private/proxywrite unix 2 [ ACC ] STREAM LISTENING 152792 16536/master private/smtp unix 2 [ ACC ] STREAM LISTENING 152796 16536/master private/relay unix 2 [ ACC ] STREAM LISTENING 152800 16536/master public/showq unix 2 [ ACC ] STREAM LISTENING 152804 16536/master private/error unix 2 [ ACC ] STREAM LISTENING 152808 16536/master private/retry unix 2 [ ACC ] STREAM LISTENING 152812 16536/master private/discard unix 2 [ ACC ] STREAM LISTENING 152816 16536/master private/local unix 2 [ ACC ] STREAM LISTENING 152820 16536/master private/virtual unix 2 [ ACC ] STREAM LISTENING 152824 16536/master private/lmtp unix 2 [ ACC ] STREAM LISTENING 152828 16536/master private/anvil unix 2 [ ACC ] STREAM LISTENING 152832 16536/master private/scache unix 2 [ ACC ] STREAM LISTENING 149905 16103/dovecot /var/run/dovecot/auth-master [root@bw sridhar]# telnet localhost 587 Trying ::1... Connected to localhost. Escape character is '^]'. 220 mail.bookingwire.co.uk ESMTP Postfix ehlo localhost 250-mail.bookingwire.co.uk 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit 221 2.0.0 Bye Connection closed by foreign host.
由於 Postfix 作為“master”執行,我在 netstat 中為 master 做了 grep。注意前兩行很明顯 postfix 正在偵聽埠 587。然後我 telnet 到埠 587 並驗證我的假設是正確的。現在我不明白的是為什麼它會在埠 587 上偵聽以及如何將其更改為在埠 25 上偵聽
您
master.cf
沒有配置行來處理埠 25 上的 SMTP。缺少一行:smtp inet n - n - - smtpd
在我的文件中,這是初始註釋塊之後的第一行。