我在 Ubuntu 18.04 上的 Apache Web 服务器上运行 Postfix 邮件服务器。
问题:
我可以向我的工作电子邮件地址发送电子邮件,但无法将其发送到我的 Gmail 帐户。它们甚至没有出现在垃圾邮件文件夹中。
我想从这个 Postfix 邮件服务器发送电子邮件到我的 Gmail 帐户。
mail.log 中的错误:
设置:
Postfix 配置为使用 SMTP 身份验证。我使用以下命令对其进行配置:
sudo postconf -e 'smtpd_sasl_local_domain ='
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
sudo postconf -e 'inet_interfaces = all'
sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtpd_tls_auth_only = no'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt'
sudo postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
sudo postconf -e 'tls_random_source = dev:/dev/urandom'
sudo postconf -e 'myhostname = example.com'
在该文件中/etc/postfix/sasl/smtpd.conf
我添加了以下几行:
pwcheck_method: saslauthd
mech_list: plain login
SASL 安装和配置:
sudo apt-get install libsasl2-2 sasl2-bin libsasl2-modules
然后编辑 / etc/default/saslauthd:
START=yes
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
更新dpkg状态:
sudo dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd
为配置文件创建符号链接:
sudo ln -s /etc/default/saslauthd /etc/saslauthd
证书创建:
我尝试使用由 OpenSSL 创建的自签名证书:
sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout mailserver.key -out mailserver.crt -nodes -days 365
sudo openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 365
我也尝试使用我网站的 443 端口使用的受信任 SSL 证书。为此,我必须将中间证书与域证书连接起来,但CAcert.pem经过此过程后,我没有得到任何文件。
您是否发现该配置存在明显缺陷?如果您需要更多详细信息,请告诉我!
谢谢。
答案1
这是自签名证书。我使用类似的设置成功地将邮件发送到任何地方,但我使用的是 Lets Encrypt 证书。要发送到 Gmail,您还需要 SPF 和正确的反向 DNS 设置。
我将 mail.example.com 列为 example.com 的 MX,并且 example.com 的 SPF 记录允许所有列出的 MX。 /etc/mailname包含mail.example.com IP 指向的反向 DNSmail.example.com
root@ex1:~# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/gnu_terry_pratchett
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
milter_connect_macros = i j {daemon_name} v {if_name} _
mydestination = $myhostname, mail.example.com, ex1, localhost.localdomain, localhost
myhostname = mail.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = -
relayhost =
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_milters = unix:/spamass/spamass.sock
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_rbl_client zen.spamhaus.org
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/example.com/fullchain.pem
smtpd_tls_dh1024_param_file = /etc/ssl/postfix/dhparams.pem
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA
smtpd_tls_key_file = /etc/letsencrypt/live/example.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_exchange_name = /var/run/prng_exch
tls_random_source = dev:/dev/urandom
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp