我有一个新安装的 Debian 8 服务器,用于替换在 Debian Lenny 上运行的旧 postfix 服务器。我已根据需要在新服务器上安装并重新配置了以下较新的软件包:
- 后缀 2.11.3-1
- dovecot 2.2.13-12~deb8u1
- amavisd-new 2.10.1-2~deb8u1
- spamassasin 3.4.0-6
- clamav 0.99.2+dfsg-0+deb8u2
- dkimproxy 1.4.1-3
我能够使用 Thunderbird 和 Squirrelmail 在本地用户之间发送和接收邮件。我还可以使用这两个邮件客户端向外部用户发送邮件。
我无法从服务器本身向任何用户(包括本地用户)发送报告。这不仅影响控制台程序“邮件”,还影响通过 cron 作业中调用的脚本发送的每日报告。尝试使用“邮件”或通过脚本文件尝试发送到本地帐户会导致:
status=deferred (delivery temporarily suspended: host 127.0.0.1[127.0.0.1] refused to talk to me: 421 Internal error (Next hop is down))
主文件:
mailbox_size_limit = 0
message_size_limit = 30000000
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
myhostname = host.domain.com
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
virtual_alias_maps = hash:/etc/postfix/virtual
mynetworks = 10.0.0.0/8, 127.0.0.0/8
relay_domains =
virtual_alias_domains =
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
content_filter = smtp-amavis:[127.0.0.1]:10028
smtp-amavis_destination_concurrency_limit = 20
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_delay_reject = no
header_checks = regexp:/etc/postfix/header_checks.regexp
nested_header_checks =
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
reject_unlisted_recipient,
check_client_access hash:/etc/postfix/GEN000_override,
check_client_access regexp:/etc/postfix/fqrdns.regexp,
check_helo_access hash:/etc/postfix/access,
check_helo_access regexp:/etc/postfix/helo_blacklist.regexp,
check_sender_access hash:/etc/postfix/blacklist,
check_sender_access regexp:/etc/postfix/sender_blacklist.regexp,
check_sender_mx_access cidr:/etc/postfix/mx_access.txt,
check_sender_access hash:/etc/postfix/bdwl
check_client_access hash:/etc/postfix/broken_helos,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
check_sender_access regexp:/etc/postfix/filter_10026_catchall,
permit_mynetworks,
reject_non_fqdn_hostname,
reject_non_fqdn_recipient,
reject_unauth_destination,
check_recipient_access hash:/etc/postfix/restricted,
reject_unknown_client,
reject_unknown_hostname,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
smtpd_data_restrictions =
reject_unauth_pipelining
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.1.5/samples
readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
inet_protocols = ipv4
master.cf:
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
-o content_filter=dkimsign:127.0.0.1:10026
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
scache unix - - n - 1 scache
discard unix - - n - - discard
tlsmgr unix - - n 1000 1 tlsmgr
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
retry unix - - n - - error
proxywrite unix - - n - 1 proxymap
submission inet n - n - - smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=yes
-o content_filter=dkimsign:[127.0.0.1]:10027
-o receive_override_options=no_address_mappings
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_client_restrictions=permit_mynetworks,reject
dkimsign unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime,starttls
127.0.0.1:10028 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
我通过反复试验确定的是,在 master.cf 中禁用此内容过滤器...
pickup fifo n - n 60 1 pickup
-o content_filter=dkimsign:127.0.0.1:10026
...允许处理通过“邮件”或 cron 作业发送的邮件。但是,如果在原始 postfix (2.5.5-1.1+lenny1) 服务器上启用该行,则不存在此问题。由于继承了旧服务器,我并不完全了解该行的作用,但旧服务器已经运行多年,所以我不想盲目地删除该行,因为我不知道在此过程中可能会破坏什么。
以下是 netstat -tapn 的一些输出,显示服务器正在监听端口 10026:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 1/init
tcp 0 0 127.0.0.1:10023 0.0.0.0:* LISTEN 4404/postgrey.pid -
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 4731/amavisd-new (m
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 4699/master
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 4385/mysqld
tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 4424/perl
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 4699/master
tcp 0 0 127.0.0.1:10027 0.0.0.0:* LISTEN 4442/perl
tcp 0 0 127.0.0.1:10028 0.0.0.0:* LISTEN 4699/master
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1/init
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3205/rpcbind
以下是原始全功能服务器的相同内容:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:60000 0.0.0.0:* LISTEN 3649/postgrey.pid -
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 4254/dovecot
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 3504/amavisd (maste
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 4186/master
tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 4098/perl
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 3573/mysqld
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 4186/master
tcp 0 0 127.0.0.1:10027 0.0.0.0:* LISTEN 4106/perl
tcp 0 0 127.0.0.1:10028 0.0.0.0:* LISTEN 4186/master
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 4146/inetd
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 4254/dovecot
除 postgrey 端口外,我已确保所有 100xx 端口都与两个服务器上的功能匹配。
目前我不知道该去哪里找。如果可以的话请帮忙!
答案1
我找到答案了!原来,之前的管理员忘记在 master.cf 中添加一个部分来指示在 dkimproxy_in.conf 文件中指定的中继端口:
# specify what address/port DKIMproxy should listen on
listen 127.0.0.1:10026
# specify what address/port DKIMproxy forwards mail to
relay 127.0.0.1:10029
将本节添加到 master.cf 可以解决问题:
127.0.0.1:10029 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
显然,在 lenny 上运行的原始系统以某种方式容忍了这种遗漏,而不会引起任何问题或以任何方式抱怨。
感谢那些花时间阅读和/或回复的人!
答案2
这似乎是一个没有解决方案的问题。
在您的“main.cf”中更改以下内容,然后让我知道它是否对您有用,在您的立场上,我会一次尝试一个解决方案,以查看哪一个实际导致了错误,(但如果大声思考)我认为所有这些都应该改变。
1.
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
改成:
mydestination = $myhostname, $mydomain, localhost.localdomain, localhost
2.
mynetworks = 10.0.0.0/8, 127.0.0.0/8
改成:
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
3. 添加:
inet_interfaces = all
4. 添加:
relayhost = [127.0.0.0]
RelayHost 定义:
中继主机(默认:空)
非本地邮件的下一跳目的地;覆盖收件人地址中的非本地域。此信息由relay_transport、sender_dependent_default_transport_maps、default_transport、sender_dependent_relayhost_maps和transport(5)表决定。
在内联网上,指定组织域名。如果您的内部 DNS 不使用 MX 记录,请改为指定内联网网关主机的名称。
对于 SMTP,请指定域名、主机名、主机名:端口、[主机名]:端口、[主机地址] 或 [主机地址]:端口。格式 [主机名] 会关闭 MX 查找。
如果您通过 UUCP 连接,请参阅 UUCP_README 文件获取有用信息。
例子:
relayhost = $mydomain
relayhost = [gateway.example.com]
relayhost = uucphost
relayhost = [an.ip.add.ress]
在查看了中继主机示例后,我几乎想提供如下解决方案:
relayhost = mynetworks