一开始怀疑是互联网问题,现在看来是 postfix 的问题,希望有人能帮我解决?
我的 amazon AWS 似乎出现了一些随机连接问题,我升级了 2 台服务器。一台家庭服务器通过 SSH,我的 amazon 服务器通过 SSH 相继升级。
我的家庭服务器连接互联网没有问题,但我的亚马逊似乎最近才出现问题。
我在 MOTD 中注意到了这个代码并开始调查。
我可以通过 SSH 顺利连接,似乎检查了“一些”更新,列表似乎很短,但使用 apt 没有任何失败
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings
Last login: Sun Sep 23 12:19:05 2018 from 212.159.70.59
ubuntu@ip-***-**-**-**:~$ ping https://changelogs.ubuntu.com/meta-release- lts
ping: https://changelogs.ubuntu.com/meta-release-lts: Name or service not known
ubuntu@ip-***-**-**-**:~$ ping ubuntu.com
PING ubuntu.com (91.189.94.40) 56(84) bytes of data.
--- ubuntu.com ping statistics ---
68 packets transmitted, 0 received, 100% packet loss, time 68613ms
ubuntu@ip-***-**-**-**:~$ ping google.com
PING google.com (216.58.195.78) 56(84) bytes of data.
^C
--- google.com ping statistics ---
14 packets transmitted, 0 received, 100% packet loss, time 13292ms
ubuntu@ip-***-**-**-**:~$ sudo apt update
Hit:1 http://us-west-2.ec2.archive.ubuntu.com/ubuntu bionic InRelease
Hit:2 http://us-west-2.ec2.archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:3 http://us-west-2.ec2.archive.ubuntu.com/ubuntu bionic-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu bionic-security InRelease
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
ubuntu@ip-***-**-**-**:~$
有人可以帮忙吗?
我已经在 ssl-tools 上检查了我的邮件服务器,连接正常。我一直在接收电子邮件,但刚刚发现我无法发送电子邮件。
编辑1
我以为可能是防火墙的问题,因为只有传入连接受到影响,然后出现了这个
ubuntu@ip-***-**-**-**:~$ sudo ufw status
WARN: Duplicate profile 'Dovecot IMAP', using last found
WARN: Duplicate profile 'Dovecot Secure IMAP', using last found
WARN: Duplicate profile 'Dovecot POP3', using last found
WARN: Duplicate profile 'Dovecot Secure POP3', using last found
Status: inactive
ubuntu@ip-***-**-**-**:~$
编辑2
我现在实际上认为这是一个 Postfix 问题。我无法启动 Postfix?
systemctl 状态后缀-l
● postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset:
Active: active (exited) since Mon 2018-10-01 18:38:57 BST; 2h 34min ago
Main PID: 1379 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 1108)
CGroup: /system.slice/postfix.service
Oct 01 18:38:57 mail.**********.com systemd[1]: Starting Postfix Mail Tra
Oct 01 18:38:57 mail.**********.com systemd[1]: Started Postfix Mail Tran
如你所见(Active:活动(已退出))
编辑3
尾部 /var/log/mail.log
Oct 8 19:06:07 mail postfix/smtpd[8803]: Anonymous TLS connection established from mail133-16.atl131.mandrillapp.com[198.2.133.16]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Oct 8 19:06:07 mail postfix/smtpd[8803]: warning: SASL: Connect to private/dovecot-auth failed: Connection refused
Oct 8 19:06:07 mail postfix/smtpd[8803]: fatal: no SASL authentication mechanisms
Oct 8 19:06:08 mail postfix/master[8206]: warning: process /usr/lib/postfix/sbin/smtpd pid 8803 exit status 1
Oct 8 19:06:08 mail postfix/master[8206]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
Oct 8 19:07:48 mail postfix/anvil[8805]: statistics: max connection rate 1/60s for (smtpd:198.2.133.16) at Oct 8 19:06:07
Oct 8 19:07:48 mail postfix/anvil[8805]: statistics: max connection count 1 for (smtpd:198.2.133.16) at Oct 8 19:06:07
Oct 8 19:07:48 mail postfix/anvil[8805]: statistics: max cache size 1 at Oct 8 19:06:07
Oct 8 19:07:50 mail dovecot: auth: passwd-file(*******@******.com,177.10.197.76,<2BSQf7t3su2xCsVM>): Password mismatch
Oct 8 19:07:55 mail dovecot: imap-login: Disconnected (auth failed, 1 attempts in 9 secs): user=<*******@******.com>, method=PLAIN, rip=177.10.197.76, lip=172.31.43.31, TLS, session=<2BSQf7t3su2xCsVM>
后配置-n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
default_destination_concurrency_limit = 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/99-mail- stack-delivery.conf -m "${EXTENSION}"
mailbox_size_limit = 0
message_size_limit = 104857600
mydestination = **********.com, localhost, mail.**********.com, localhost.**********.com
myhostname = mail.**********.com
mynetworks = 127.0.0.0/8 192.168.0.0/24 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
postscreen_access_list = permit_mynetworks
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org, b.barracudacentral.org, bl.spamcop.net
postscreen_greet_action = enforce
readme_directory = no
recipient_delimiter = +
relay_destination_concurrency_limit = 1
relayhost =
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,reject_unknown_helo_hostname, permit
smtpd_recipient_restrictions = reject_unknown_client_hostname,reject_unknown_sender_domain, reject_unknown_recipient_domain,reject_unauth_pipelining, permit_mynetworks,permit_sasl_authenticated, reject_unauth_destination,reject_invalid_hostname, reject_non_fqdn_sender
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = $virtual_mailbox_maps
smtpd_sender_restrictions = reject_unknown_sender_domain,reject_sender_login_mismatch
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.**********.com/fullchain.pem
smtpd_tls_ciphers = high
smtpd_tls_key_file = /etc/letsencrypt/live/mail.**********.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_mailbox_domains = hash:/etc/postfix/virtual-mailbox-domains
virtual_mailbox_maps = hash:/etc/postfix/virtual-mailbox-users
virtual_transport = dovecot
doveconf-n
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 4.15.0-36-generic x86_64 Ubuntu 18.04.1 LTS ext4
auth_mechanisms = plain login
auth_verbose = yes
mail_home = /var/mail/vmail/%d/%n
mail_location = maildir:/var/mail/vmail/%d/%n/mail:LAYOUT=fs
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
passdb {
args = username_format=%u scheme=ssha512 /etc/dovecot/passwd.db
driver = passwd-file
}
plugin {
sieve = ~/.dovecot.sieve
sieve_after = /var/mail/vmail/sieve-after
sieve_before = /var/mail/vmail/sieve-before
sieve_dir = ~/sieve
}
protocols = imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.**********.com/fullchain.pem
ssl_cipher_list = ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
ssl_client_ca_dir = /etc/ssl/certs
ssl_key = # hidden, use -P to show it
userdb {
args = uid=5000 gid=5000 home=/var/mail/vmail/%d/%n
driver = static
}
protocol lda {
deliver_log_format = msgid=%m: %$
mail_plugins = sieve
postmaster_address = postmaster@**********.com
quota_full_tempfail = yes
rejection_reason = Your message to <%t> was automatically rejected:%n%r
}
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
mail_max_userip_connections = 10
}
编辑 4 作为评论
sudo ss -nlt'运动=25'
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 100 0.0.0.0:25 0.0.0.0:*
LISTEN 0 100 [::]:25 [::]:*
编辑5
sudo tail -n10 -f /var/log/mail.err
浏览日志文件时注意到了这一点。不确定我是否在尝试“修复”时破坏了某些东西
Oct 8 21:06:53 mail postfix/smtpd[9357]: fatal: no SASL authentication mechanisms
Oct 8 21:07:54 mail postfix/smtpd[9360]: fatal: no SASL authentication mechanisms
Oct 8 21:21:55 mail postfix/smtpd[9442]: fatal: no SASL authentication mechanisms
Oct 8 21:25:13 mail postfix/smtpd[9456]: fatal: no SASL authentication mechanisms
Oct 8 21:31:39 mail postfix/smtpd[9473]: fatal: no SASL authentication mechanisms
Oct 8 21:34:36 mail dovecot: doveadm: Error: This is Dovecot's error log (1539030876)
Oct 8 21:34:36 mail dovecot: doveadm: Fatal: This is Dovecot's fatal log (1539030876)
Oct 8 21:34:47 mail dovecot: doveadm: Error: This is Dovecot's error log (1539030887)
Oct 8 21:34:47 mail dovecot: doveadm: Fatal: This is Dovecot's fatal log (1539030887)
Oct 8 21:36:58 mail postfix/smtpd[9576]: fatal: no SASL authentication mechanisms
Oct 8 21:40:17 mail postfix/smtpd[9701]: fatal: no SASL authentication mechanisms
有人能帮帮我吗?我快抓狂了 :(
谢谢
答案1
因此您实际上没有遇到 Postfix“启动”问题。
根据命令的输出ss,有一些东西在监听端口 25 - 很可能是 Postfix。
你的问题做问题是你没有正确配置 SMTP 等身份验证。这需要你检查你的 Dovecot 配置和您的 Postfix 配置并正确配置它们。您可能需要查看Digital Ocean 指南:使用 Dovecot 的 POstfix 电子邮件服务器正确设置 Postfix 和 Dovecot 的配置,以便正确将 SASL 身份验证后端移交给 Dovecot。但是,我不知道您是否遵循了其他指南,如果您确实使用过其他指南,那么您应该查看您正在遵循的任何指南,以尝试诊断其中的核心问题,因为您可能错过了某个步骤或配置错误。