Postfix

telnet 無法連接到遠端主機

  • March 26, 2016

我已經在我的一台實時伺服器上安裝了 postfix 和 devcot 來發送批量郵件(註冊時的系統消息、密碼錯誤等)。我使用 php_imap 函式來檢查退回郵件並標記這些電子郵件 ID,這樣我們就不會繼續向那些導致退回郵件的地址發送電子郵件。我注意到 php_imap 函式沒有讀取實時伺服器上的反彈,它確實讀取了測試伺服器上的反彈。但是實時伺服器能夠發送郵件!兩台伺服器都具有相同的 Centos 6.4 作業系統並具有相同的 iptable 配置。

我比較了“測試”和“實時”域的 DNS 條目,它們具有必要的 SPF 條目。託管服務提供商有必要的 PTR 記錄。但是由於某種原因,php_imap 程序無法使用反彈。

在這一點上,我不確定反彈是否被傳遞到伺服器並且 dovecot 無法讀取它們,或者反彈是否根本沒有傳遞。

所以我比較了“測試”和“實時”伺服器的 /etc/postfix/main.cf 和 /etc/postfix/master.cf 中的條目,發現它們除了域名之外是相同的。

為了確保我檢查了 postfix 是否正在執行 ps aux | grep 後綴,它返回了

實時伺服器

[root@bw sridhar]# ps aux | grep postfix
root      1433  0.0  0.1  13476  2696 ?        Ss   09:32   0:00 /usr/libexec/postfix/master
postfix   1443  0.0  0.1  13720  2836 ?        S    09:32   0:00 qmgr -l -t fifo -u
postfix   4724  0.0  0.1  13552  2668 ?        S    12:00   0:00 pickup -l -t fifo -u
postfix   4850  0.0  0.1  13696  2776 ?        S    12:15   0:00 cleanup -z -t unix -u
postfix   4852  0.0  0.1  13748  2928 ?        S    12:15   0:00 smtp -t unix -u
postfix   4855  0.0  0.1  13748  2928 ?        S    12:15   0:00 smtp -t unix -u
postfix   4856  0.0  0.1  13588  2656 ?        S    12:15   0:00 bounce -z -n defer -t unix -u
root      4858  0.0  0.0   4360   736 pts/0    S+   12:15   0:00 grep postfix

測試伺服器

[root@bwStagingTesting sridhar]# ps aux | grep postfix
root      1258  0.0  0.2  12816  2480 ?        Ss   Feb17   0:13 /usr/libexec/postfix/master
postfix   1268  0.0  0.2  13228  2896 ?        S    Feb17   0:07 qmgr -l -t fifo -u
postfix   2158  0.0  0.2  12888  2468 ?        S    Feb17   0:00 tlsmgr -l -t unix -u
postfix   4860  0.0  0.2  12892  2496 ?        S    12:12   0:00 pickup -l -t fifo -u
postfix   4988  0.0  0.2  13036  2604 ?        S    12:15   0:00 cleanup -z -t unix -u
postfix   4990  0.0  0.3  13148  3096 ?        S    12:15   0:00 local -t unix
root      5334  0.0  0.0   4356   728 pts/5    S+   12:15   0:00 grep postfix

對我來說似乎還可以。然後我檢查了我是否能夠在本地主機上遠端登錄到埠 25,我得到了以下結果

實時伺服器

[root@bw sridhar]# telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused

測試伺服器

[root@bwStagingTesting sridhar]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.st.biz ESMTP Postfix
ehlo localhost
250-mail.st.biz
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.

我嘗試從筆記型電腦遠端登錄到各個伺服器的 IP 地址。Telnet 到 LIVE 伺服器導致 telnet:無法連接到遠端主機:連接被拒絕

但是我可以遠端登錄到測試伺服器。

所以我檢查了是否有人在兩台機器和實時伺服器上的埠 25 上監聽我得到以下資訊

實時伺服器

[root@bw sridhar]# netstat -lnp | grep 25
unix  2      [ ACC ]     STREAM     LISTENING     8125   1341/dovecot        /var/run/dovecot/login/pop3
unix  2      [ ACC ]     STREAM     LISTENING     8425   1433/master         public/cleanup

測試伺服器

tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      1258/master         
tcp        0      0 :::25                       :::*                        LISTEN      1258/master         
unix  2      [ ACC ]     STREAM     LISTENING     8270   1258/master         public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     8277   1258/master         private/tlsmgr
unix  2      [ ACC ]     STREAM     LISTENING     8281   1258/master         private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     8285   1258/master         private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     8289   1258/master         private/defer
unix  2      [ ACC ]     STREAM     LISTENING     8293   1258/master         private/trace
unix  2      [ ACC ]     STREAM     LISTENING     8297   1258/master         private/verify
unix  2      [ ACC ]     STREAM     LISTENING     8301   1258/master         public/flush
unix  2      [ ACC ]     STREAM     LISTENING     8305   1258/master         private/proxymap
unix  2      [ ACC ]     STREAM     LISTENING     8309   1258/master         private/proxywrite
unix  2      [ ACC ]     STREAM     LISTENING     8313   1258/master         private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     8317   1258/master         private/relay
unix  2      [ ACC ]     STREAM     LISTENING     8321   1258/master         public/showq
unix  2      [ ACC ]     STREAM     LISTENING     8325   1258/master         private/error
unix  2      [ ACC ]     STREAM     LISTENING     8329   1258/master         private/retry
unix  2      [ ACC ]     STREAM     LISTENING     8333   1258/master         private/discard
unix  2      [ ACC ]     STREAM     LISTENING     8337   1258/master         private/local
unix  2      [ ACC ]     STREAM     LISTENING     8341   1258/master         private/virtual
unix  2      [ ACC ]     STREAM     LISTENING     8345   1258/master         private/lmtp
unix  2      [ ACC ]     STREAM     LISTENING     8349   1258/master         private/anvil
unix  2      [ ACC ]     STREAM     LISTENING     8353   1258/master         private/scache

我看到 LIVE 伺服器的條目中缺少為 TEST SERVER 顯示的前兩行。這意味著 postfix 沒有監聽 LIVE 伺服器上的埠 25 這讓我想知道這是否可能是反彈沒有到達 LIVE SERVER 但到達 TEST 伺服器的原因。

搞了兩天了,還沒有找到解決方法的線索。關於如何解決這個問題的任何想法?

更新:iptable 條目

實時伺服器

[root@bw sridhar]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 
DROP       tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG 
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:distinct 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:urd 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

測試伺服器

[root@bwStagingTesting sridhar]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 
DROP       tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW 
DROP       tcp  --  anywhere             anywhere            tcp     flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG 
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:urd 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:distinct 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:munin 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

更新:詳細的 iptable 列表

[root@bookingwire sridhar]# iptables -L --verbose
Chain INPUT (policy DROP 1662 packets, 103K bytes)
pkts bytes target     prot opt in     out     source               destination         
184K  190M ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 
0     0 DROP       tcp  --  any    any     anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 
7   400 DROP       tcp  --  any    any     anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW 
0     0 DROP       tcp  --  any    any     anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG 
2140  128K ACCEPT     all  --  lo     any     anywhere             anywhere            
1176 67092 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:http 
3   120 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:https 
6   360 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:distinct 
8   432 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:smtp 
1    40 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:urd 
2    88 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:pop3 
38  2260 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:pop3s 
1    40 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:imap 
1    40 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:imaps 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 112K packets, 103M bytes)
pkts bytes target     prot opt in     out     source               destination         

更新:完整的 master.cf 列表

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
submission inet n   -   n   -   -   smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n   -   n   -   -   smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628      inet  n   -   n   -   -   qmqpd
pickup    fifo  n   -   n   60  1   pickup
cleanup   unix  n   -   n   -   0   cleanup
qmgr      fifo  n   -   n   300     1   qmgr
#qmgr     fifo  n   -   n   300     1   oqmgr
tlsmgr    unix  -   -   n   1000?   1   tlsmgr
rewrite   unix  -   -   n   -   -   trivial-rewrite
bounce    unix  -   -   n   -   0   bounce
defer     unix  -   -   n   -   0   bounce
trace     unix  -   -   n   -   0   bounce
verify    unix  -   -   n   -   1   verify
flush     unix  n   -   n   1000?   0   flush
proxymap  unix  -   -   n   -   -   proxymap
proxywrite unix -   -   n   -   1   proxymap
smtp      unix  -   -   n   -   -   smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -   -   n   -   -   smtp
       -o smtp_fallback_relay=
   #   -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n   -   n   -   -   showq
error     unix  -   -   n   -   -   error
retry     unix  -   -   n   -   -   error
discard   unix  -   -   n   -   -   discard
local     unix  -   n   n   -   -   local
virtual   unix  -   n   n   -   -   virtual
lmtp      unix  -   -   n   -   -   lmtp
anvil     unix  -   -   n   -   1   anvil
scache    unix  -   -   n   -   1   scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop  unix  -   n   n   -   -   pipe
#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
#old-cyrus unix  -   n   n   -   -   pipe
#  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -   n   n   -   -   pipe
#  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp      unix  -   n   n   -   -   pipe
#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail    unix  -   n   n   -   -   pipe
#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp     unix  -   n   n   -   -   pipe
#  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix -   n   n   -   2   pipe
#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
#  ${nexthop} ${user} ${extension}
#
#mailman   unix  -   n   n   -   -   pipe
#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
#  ${nexthop} ${user}

更新:postfix 監聽 587

[root@bw sridhar]# netstat -lnp | grep master
tcp        0      0 0.0.0.0:587                 0.0.0.0:*                   LISTEN      16536/master        
tcp        0      0 :::587                      :::*                        LISTEN      16536/master        
unix  2      [ ACC ]     STREAM     LISTENING     152749 16536/master        public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     152756 16536/master        private/tlsmgr
unix  2      [ ACC ]     STREAM     LISTENING     152760 16536/master        private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     152764 16536/master        private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     152768 16536/master        private/defer
unix  2      [ ACC ]     STREAM     LISTENING     152772 16536/master        private/trace
unix  2      [ ACC ]     STREAM     LISTENING     152776 16536/master        private/verify
unix  2      [ ACC ]     STREAM     LISTENING     152780 16536/master        public/flush
unix  2      [ ACC ]     STREAM     LISTENING     152784 16536/master        private/proxymap
unix  2      [ ACC ]     STREAM     LISTENING     152788 16536/master        private/proxywrite
unix  2      [ ACC ]     STREAM     LISTENING     152792 16536/master        private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     152796 16536/master        private/relay
unix  2      [ ACC ]     STREAM     LISTENING     152800 16536/master        public/showq
unix  2      [ ACC ]     STREAM     LISTENING     152804 16536/master        private/error
unix  2      [ ACC ]     STREAM     LISTENING     152808 16536/master        private/retry
unix  2      [ ACC ]     STREAM     LISTENING     152812 16536/master        private/discard
unix  2      [ ACC ]     STREAM     LISTENING     152816 16536/master        private/local
unix  2      [ ACC ]     STREAM     LISTENING     152820 16536/master        private/virtual
unix  2      [ ACC ]     STREAM     LISTENING     152824 16536/master        private/lmtp
unix  2      [ ACC ]     STREAM     LISTENING     152828 16536/master        private/anvil
unix  2      [ ACC ]     STREAM     LISTENING     152832 16536/master        private/scache
unix  2      [ ACC ]     STREAM     LISTENING     149905 16103/dovecot       /var/run/dovecot/auth-master

[root@bw sridhar]# telnet localhost 587
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.bookingwire.co.uk ESMTP Postfix
ehlo localhost
250-mail.bookingwire.co.uk
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.

由於 Postfix 作為“master”執行,我在 netstat 中為 master 做了 grep。注意前兩行很明顯 postfix 正在偵聽埠 587。然後我 telnet 到埠 587 並驗證我的假設是正確的。現在我不明白的是為什麼它會在埠 587 上偵聽以及如何將其更改為在埠 25 上偵聽

master.cf沒有配置行來處理埠 25 上的 SMTP。缺少一行:

smtp      inet  n       -       n       -       -       smtpd

在我的文件中,這是初始註釋塊之後的第一行。

引用自:https://serverfault.com/questions/578418