Sendmail

嘗試發送電子郵件時,Sendmail“連接被 mail.example.com 拒絕”

  • August 2, 2017

我試圖讓一個虛擬託管的 PHP 站點在正確填寫並送出該站點的聯繫表時將電子郵件發送到特定的 Gmail 地址。不幸的是,沒有任何東西被發送出去。在/var/log/mail.log我有很多這樣的例子:

Jul 31 16:38:51 picus sm-mta[28576]: v6SL4xII018234: to=<person@gmail.com>,
delay=2+23:33:52, xdelay=00:00:00, mailer=esmtp, pri=38910659, 
relay=mail.example.com., dsn=4.0.0, stat=Deferred:Connection refused by 
mail.example.com.

我對處理電子郵件伺服器完全陌生,只是想使用 Sendmail,因為它內置在我正在使用的發行版中並且 Swiftmailer 支持它,所以我不知道如何解決這個問題。

我的sendmail.mc文件看起來像:

divert(-1)dnl
#-----------------------------------------------------------------------------
# $Sendmail: debproto.mc,v 8.14.4 2014-10-02 17:54:06 cowboy Exp $
#
# Copyright (c) 1998-2010 Richard Nelson.  All Rights Reserved.
#
# cf/debian/sendmail.mc.  Generated from sendmail.mc.in by configure.
#
# sendmail.mc prototype config file for building Sendmail 8.14.4
#
# Note: the .in file supports 8.7.6 - 9.0.0, but the generated
#       file is customized to the version noted above.
#
# This file is used to configure Sendmail for use with Debian systems.
#
# If you modify this file, you will have to regenerate /etc/mail/sendmail.cf
# by running this file through the m4 preprocessor via one of the following:
#       * make   (or make -C /etc/mail)
#       * sendmailconfig
#       * m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
# The first two options are preferred as they will also update other files
# that depend upon the contents of this file.
#
# The best documentation for this .mc file is:
# /usr/share/doc/sendmail-doc/cf.README.gz
#
#-----------------------------------------------------------------------------
divert(0)dnl
#
#   Copyright (c) 1998-2005 Richard Nelson.  All Rights Reserved.
#
#  This file is used to configure Sendmail for use with Debian systems.
#
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: sendmail.mc, v 8.14.4-8 2014-10-02 17:54:06 cowboy Exp $')
OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl
dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE
undefine(`confHOST_STATUS_DIRECTORY')dnl        #DAEMON_HOSTSTATS=
dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE
dnl #
dnl # General defines
dnl #
dnl # SAFE_FILE_ENV: [undefined] If set, sendmail will do a chroot()
dnl #   into this directory before writing files.
dnl #   If *all* your user accounts are under /home then use that
dnl #   instead - it will prevent any writes outside of /home !
dnl #   define(`confSAFE_FILE_ENV',             `')dnl
dnl #
dnl # Daemon options - restrict to servicing LOCALHOST ONLY !!!
dnl # Remove `, Addr=' clauses to receive from any interface
dnl # If you want to support IPv6, switch the commented/uncommentd lines
dnl #
FEATURE(`no_default_msa')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MSP-v6, Port=submission, M=Ea, Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MSP-v4, Port=submission, M=Ea, Addr=127.0.0.1')dnl
dnl #
dnl # Be somewhat anal in what we allow
define(`confPRIVACY_FLAGS',dnl
`needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl
dnl #
dnl # Define connection throttling and window length
define(`confCONNECTION_RATE_THROTTLE', `15')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl
dnl #
dnl # Features
dnl #
dnl # use /etc/mail/local-host-names
FEATURE(`use_cw_file')dnl
dnl #
dnl # The access db is the basis for most of sendmail's checking
FEATURE(`access_db', , `skip')dnl
dnl #
dnl # The greet_pause feature stops some automail bots - but check the
dnl # provided access db for details on excluding localhosts...
FEATURE(`greet_pause', `1000')dnl 1 seconds
dnl #
dnl # Delay_checks allows sender<->recipient checking
FEATURE(`delay_checks', `friend', `n')dnl
dnl #
dnl # If we get too many bad recipients, slow things down...
define(`confBAD_RCPT_THROTTLE',`3')dnl
dnl #
dnl # Stop connections that overflow our concurrent and time connection rates
FEATURE(`conncontrol', `nodelay', `terminate')dnl
FEATURE(`ratecontrol', `nodelay', `terminate')dnl
dnl #
dnl # If you're on a dialup link, you should enable this - so sendmail
dnl # will not bring up the link (it will queue mail for later)
dnl define(`confCON_EXPENSIVE',`True')dnl
dnl #
dnl # Dialup/LAN connection overrides
dnl #
include(`/etc/mail/m4/dialup.m4')dnl
include(`/etc/mail/m4/provider.m4')dnl
dnl #
dnl # Default Mailer setup
MAILER_DEFINITIONS
MAILER(`local')dnl
MAILER(`smtp')dnl

dnl # Masquerading options
FEATURE(`always_add_domain')dnl
MASQUERADE_AS(`debian')dnl
FEATURE(`allmasquerade')dnl
FEATURE(`masquerade_envelope')dnl

但是,我認為這可能是 DNS 問題,因為我無法通過埠 25 上的 telnet 連接到伺服器。該埠似乎在我的 iptables 中打開:

$ sudo iptables -L -nv --line-numbers

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       all  --  *      *       46.7.84.73           0.0.0.0/0           
2     4047  304K fail2ban-ssh-ddos  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
3     4926  376K fail2ban-recidive  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
4     4048  304K fail2ban-ssh  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
5      213 26142 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
6        0     0 REJECT     all  --  !lo    *       127.0.0.0/8          0.0.0.0/0            reject-with icmp-port-unreachable
7        2    60 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW icmptype 8
8       26  1456 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state NEW
9       14   816 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 state NEW
10      16   932 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 state NEW
11       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 state NEW
12       4   240 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 state NEW
13    4903  378K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
14     114  7692 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables_INPUT_denied: "
15     130 13980 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       all  --  *      *       46.7.84.73           0.0.0.0/0           
2        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables_FORWARD_denied: "
3        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT 129 packets, 11501 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587
2      105 15686 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25

Chain fail2ban-recidive (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1     4926  376K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fail2ban-ssh (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1       10  1276 REJECT     all  --  *      *       91.197.232.103       0.0.0.0/0            reject-with icmp-port-unreachable
2     4038  303K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0     

結果$ netstat -tan | grep LISTEN | grep 127.0.0.1 | sort是:

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
tcp6       0      0 :::443                  :::*                    LISTEN     
tcp6       0      0 :::80                   :::*                    LISTEN 

但結果$ netstat -tan | grep 25

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN 

它沒有出現在第一組中是有原因的嗎?

我已經確定這個問題確實是一個程式問題,特別是 Swiftmailer。我伺服器上的其他服務(OSSEC、fail2ban)發送電子郵件沒有問題,當通過 Symfony 控制台訪問時,我什至可以使用 Swiftmailer 成功發送電子郵件。只有當我的控制器程式碼創建一封電子郵件並將其發送到郵件假離線時,才會出現問題。

為此,我將回答/關閉這個問題。如果有人足夠了解 Swiftmailer 可以幫助我,我在 Stack Overflow 上有一篇關於它的文章。

引用自:https://serverfault.com/questions/866159