Postfix
telnet 無法連接到遠端主機
我已經在我的一台實時伺服器上安裝了 postfix 和 devcot 來發送批量郵件(註冊時的系統消息、密碼錯誤等)。我使用 php_imap 函式來檢查退回郵件並標記這些電子郵件 ID,這樣我們就不會繼續向那些導致退回郵件的地址發送電子郵件。我注意到 php_imap 函式沒有讀取實時伺服器上的反彈,它確實讀取了測試伺服器上的反彈。但是實時伺服器能夠發送郵件!兩台伺服器都具有相同的 Centos 6.4 作業系統並具有相同的 iptable 配置。
我比較了“測試”和“實時”域的 DNS 條目,它們具有必要的 SPF 條目。託管服務提供商有必要的 PTR 記錄。但是由於某種原因,php_imap 程序無法使用反彈。
在這一點上,我不確定反彈是否被傳遞到伺服器並且 dovecot 無法讀取它們,或者反彈是否根本沒有傳遞。
所以我比較了“測試”和“實時”伺服器的 /etc/postfix/main.cf 和 /etc/postfix/master.cf 中的條目,發現它們除了域名之外是相同的。
為了確保我檢查了 postfix 是否正在執行 ps aux | grep 後綴,它返回了
實時伺服器
[root@bw sridhar]# ps aux | grep postfix root 1433 0.0 0.1 13476 2696 ? Ss 09:32 0:00 /usr/libexec/postfix/master postfix 1443 0.0 0.1 13720 2836 ? S 09:32 0:00 qmgr -l -t fifo -u postfix 4724 0.0 0.1 13552 2668 ? S 12:00 0:00 pickup -l -t fifo -u postfix 4850 0.0 0.1 13696 2776 ? S 12:15 0:00 cleanup -z -t unix -u postfix 4852 0.0 0.1 13748 2928 ? S 12:15 0:00 smtp -t unix -u postfix 4855 0.0 0.1 13748 2928 ? S 12:15 0:00 smtp -t unix -u postfix 4856 0.0 0.1 13588 2656 ? S 12:15 0:00 bounce -z -n defer -t unix -u root 4858 0.0 0.0 4360 736 pts/0 S+ 12:15 0:00 grep postfix測試伺服器
[root@bwStagingTesting sridhar]# ps aux | grep postfix root 1258 0.0 0.2 12816 2480 ? Ss Feb17 0:13 /usr/libexec/postfix/master postfix 1268 0.0 0.2 13228 2896 ? S Feb17 0:07 qmgr -l -t fifo -u postfix 2158 0.0 0.2 12888 2468 ? S Feb17 0:00 tlsmgr -l -t unix -u postfix 4860 0.0 0.2 12892 2496 ? S 12:12 0:00 pickup -l -t fifo -u postfix 4988 0.0 0.2 13036 2604 ? S 12:15 0:00 cleanup -z -t unix -u postfix 4990 0.0 0.3 13148 3096 ? S 12:15 0:00 local -t unix root 5334 0.0 0.0 4356 728 pts/5 S+ 12:15 0:00 grep postfix對我來說似乎還可以。然後我檢查了我是否能夠在本地主機上遠端登錄到埠 25,我得到了以下結果
實時伺服器
[root@bw sridhar]# telnet localhost 25 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused測試伺服器
[root@bwStagingTesting sridhar]# telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. 220 mail.st.biz ESMTP Postfix ehlo localhost 250-mail.st.biz 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit 221 2.0.0 Bye Connection closed by foreign host.我嘗試從筆記型電腦遠端登錄到各個伺服器的 IP 地址。Telnet 到 LIVE 伺服器導致 telnet:無法連接到遠端主機:連接被拒絕
但是我可以遠端登錄到測試伺服器。
所以我檢查了是否有人在兩台機器和實時伺服器上的埠 25 上監聽我得到以下資訊
實時伺服器
[root@bw sridhar]# netstat -lnp | grep 25 unix 2 [ ACC ] STREAM LISTENING 8125 1341/dovecot /var/run/dovecot/login/pop3 unix 2 [ ACC ] STREAM LISTENING 8425 1433/master public/cleanup測試伺服器
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1258/master tcp 0 0 :::25 :::* LISTEN 1258/master unix 2 [ ACC ] STREAM LISTENING 8270 1258/master public/cleanup unix 2 [ ACC ] STREAM LISTENING 8277 1258/master private/tlsmgr unix 2 [ ACC ] STREAM LISTENING 8281 1258/master private/rewrite unix 2 [ ACC ] STREAM LISTENING 8285 1258/master private/bounce unix 2 [ ACC ] STREAM LISTENING 8289 1258/master private/defer unix 2 [ ACC ] STREAM LISTENING 8293 1258/master private/trace unix 2 [ ACC ] STREAM LISTENING 8297 1258/master private/verify unix 2 [ ACC ] STREAM LISTENING 8301 1258/master public/flush unix 2 [ ACC ] STREAM LISTENING 8305 1258/master private/proxymap unix 2 [ ACC ] STREAM LISTENING 8309 1258/master private/proxywrite unix 2 [ ACC ] STREAM LISTENING 8313 1258/master private/smtp unix 2 [ ACC ] STREAM LISTENING 8317 1258/master private/relay unix 2 [ ACC ] STREAM LISTENING 8321 1258/master public/showq unix 2 [ ACC ] STREAM LISTENING 8325 1258/master private/error unix 2 [ ACC ] STREAM LISTENING 8329 1258/master private/retry unix 2 [ ACC ] STREAM LISTENING 8333 1258/master private/discard unix 2 [ ACC ] STREAM LISTENING 8337 1258/master private/local unix 2 [ ACC ] STREAM LISTENING 8341 1258/master private/virtual unix 2 [ ACC ] STREAM LISTENING 8345 1258/master private/lmtp unix 2 [ ACC ] STREAM LISTENING 8349 1258/master private/anvil unix 2 [ ACC ] STREAM LISTENING 8353 1258/master private/scache我看到 LIVE 伺服器的條目中缺少為 TEST SERVER 顯示的前兩行。這意味著 postfix 沒有監聽 LIVE 伺服器上的埠 25 這讓我想知道這是否可能是反彈沒有到達 LIVE SERVER 但到達 TEST 伺服器的原因。
搞了兩天了,還沒有找到解決方法的線索。關於如何解決這個問題的任何想法?
更新:iptable 條目
實時伺服器
[root@bw sridhar]# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:distinct ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:urd ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s ACCEPT tcp -- anywhere anywhere tcp dpt:imap ACCEPT tcp -- anywhere anywhere tcp dpt:imaps Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination測試伺服器
[root@bwStagingTesting sridhar]# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:urd ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s ACCEPT tcp -- anywhere anywhere tcp dpt:imap ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ACCEPT tcp -- anywhere anywhere tcp dpt:distinct ACCEPT tcp -- anywhere anywhere tcp dpt:munin Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination更新:詳細的 iptable 列表
[root@bookingwire sridhar]# iptables -L --verbose Chain INPUT (policy DROP 1662 packets, 103K bytes) pkts bytes target prot opt in out source destination 184K 190M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 7 400 DROP tcp -- any any anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW 0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG 2140 128K ACCEPT all -- lo any anywhere anywhere 1176 67092 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http 3 120 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https 6 360 ACCEPT tcp -- any any anywhere anywhere tcp dpt:distinct 8 432 ACCEPT tcp -- any any anywhere anywhere tcp dpt:smtp 1 40 ACCEPT tcp -- any any anywhere anywhere tcp dpt:urd 2 88 ACCEPT tcp -- any any anywhere anywhere tcp dpt:pop3 38 2260 ACCEPT tcp -- any any anywhere anywhere tcp dpt:pop3s 1 40 ACCEPT tcp -- any any anywhere anywhere tcp dpt:imap 1 40 ACCEPT tcp -- any any anywhere anywhere tcp dpt:imaps Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 112K packets, 103M bytes) pkts bytes target prot opt in out source destination更新:完整的 master.cf 列表
# # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # #maildrop unix - n n - - pipe # flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # # ==================================================================== # # The Cyrus deliver program has changed incompatibly, multiple times. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # #uucp unix - n n - - pipe # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # ==================================================================== # # Other external delivery methods. # #ifmail unix - n n - - pipe # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) # #bsmtp unix - n n - - pipe # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient # #scalemail-backend unix - n n - 2 pipe # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store # ${nexthop} ${user} ${extension} # #mailman unix - n n - - pipe # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # ${nexthop} ${user}更新:postfix 監聽 587
[root@bw sridhar]# netstat -lnp | grep master tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 16536/master tcp 0 0 :::587 :::* LISTEN 16536/master unix 2 [ ACC ] STREAM LISTENING 152749 16536/master public/cleanup unix 2 [ ACC ] STREAM LISTENING 152756 16536/master private/tlsmgr unix 2 [ ACC ] STREAM LISTENING 152760 16536/master private/rewrite unix 2 [ ACC ] STREAM LISTENING 152764 16536/master private/bounce unix 2 [ ACC ] STREAM LISTENING 152768 16536/master private/defer unix 2 [ ACC ] STREAM LISTENING 152772 16536/master private/trace unix 2 [ ACC ] STREAM LISTENING 152776 16536/master private/verify unix 2 [ ACC ] STREAM LISTENING 152780 16536/master public/flush unix 2 [ ACC ] STREAM LISTENING 152784 16536/master private/proxymap unix 2 [ ACC ] STREAM LISTENING 152788 16536/master private/proxywrite unix 2 [ ACC ] STREAM LISTENING 152792 16536/master private/smtp unix 2 [ ACC ] STREAM LISTENING 152796 16536/master private/relay unix 2 [ ACC ] STREAM LISTENING 152800 16536/master public/showq unix 2 [ ACC ] STREAM LISTENING 152804 16536/master private/error unix 2 [ ACC ] STREAM LISTENING 152808 16536/master private/retry unix 2 [ ACC ] STREAM LISTENING 152812 16536/master private/discard unix 2 [ ACC ] STREAM LISTENING 152816 16536/master private/local unix 2 [ ACC ] STREAM LISTENING 152820 16536/master private/virtual unix 2 [ ACC ] STREAM LISTENING 152824 16536/master private/lmtp unix 2 [ ACC ] STREAM LISTENING 152828 16536/master private/anvil unix 2 [ ACC ] STREAM LISTENING 152832 16536/master private/scache unix 2 [ ACC ] STREAM LISTENING 149905 16103/dovecot /var/run/dovecot/auth-master [root@bw sridhar]# telnet localhost 587 Trying ::1... Connected to localhost. Escape character is '^]'. 220 mail.bookingwire.co.uk ESMTP Postfix ehlo localhost 250-mail.bookingwire.co.uk 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit 221 2.0.0 Bye Connection closed by foreign host.由於 Postfix 作為“master”執行,我在 netstat 中為 master 做了 grep。注意前兩行很明顯 postfix 正在偵聽埠 587。然後我 telnet 到埠 587 並驗證我的假設是正確的。現在我不明白的是為什麼它會在埠 587 上偵聽以及如何將其更改為在埠 25 上偵聽
您
master.cf沒有配置行來處理埠 25 上的 SMTP。缺少一行:smtp inet n - n - - smtpd在我的文件中,這是初始註釋塊之後的第一行。