好的,最近 Gentoo 升级 Postfix/Cyrus SASL/MySQL 软件包时出现了问题。我束手无策,不知道问题出在哪里。
主配置文件
# local settings. Remember any domain you want treated as virtual can not be your origin or in mydestination.
myhostname = mail.darqflare.com
mydomain = darqflare.com
myorigin = $myhostname
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks_style = subnet
mynetworks = 127.0.0.0/8, 208.110.162.213
# attachement filtering, optional
#mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp
# Size settings, optional
#message_size_limit= 112400000
#mailbox_size_limit = 224800000
# SASL settings
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
# TLS stuff
smtpd_use_tls = no
#smtpd_tls_key_file = /etc/postfix/newkey.pem
#smtpd_tls_cert_file = /etc/postfix/newcert.pem
#smtpd_tls_CAfile = /etc/postfix/cacert.pem
#smtpd_tls_loglevel = 3 #### change to 0 after everything works
#smtpd_tls_received_header = yes
#smtpd_tls_session_cache_timeout = 3600s
#tls_random_source = dev:/dev/urandom
# transport Stuff, optional
#transport_maps = hash:/etc/postfix/transport
#relay_domains = $transport_maps
# virtual stuff. We're going to punt and make all virtual mail users use the same UID:GID of Postfix.
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:207
virtual_mailbox_base = /var/vmail/
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 112400000
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 207
virtual_transport = virtual
virtual_uid_maps = static:207
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
permit_inet_interfaces
reject_rbl_client zen.spamhaus.org
reject_rbl_client bl.spamcop.net
reject_rbl_client dsn.rfc-ignorant.org
#check_client_access hash:/etc/postfix/access
#check_client_access mysql:/etc/postfix/mysql-access.cf
reject_unauth_destination
##reject_non_fqdn_recipient
##reject_non_fqdn_sender
#reject_unknown_recipient_domain
#permit_mynetworks
#permit_sasl_authenticated
##check_policy_service inet:127.0.0.1:2501, needed for sqlgrey and optional
#reject_unauth_destination
#permit
# additional spam fighting checks, optional
#smtpd_helo_restrictions = reject_unknown_helo_hostname
#smtpd_sender_restrictions = reject_unknown_sender_domain
#smtpd_data_restrictions = reject_unauth_pipelining
#readme_directory = /usr/share/doc/postfix-2.6.5/readme
#sample_directory = /etc/postfix
#sendmail_path = /usr/sbin/sendmail
#html_directory = /usr/share/doc/postfix-2.6.5/html
##setgid_group = postdrop
#command_directory = /usr/sbin
#manpage_directory = /usr/share/man
#daemon_directory = //usr/lib/postfix
#newaliases_path = /usr/bin/newaliases
# mailq_path: The full pathname of the Postfix mailq command. This
# is the Sendmail-compatible mail queue listing command.
#
#mailq_path = /usr/bin/mailq
#queue_directory = /var/spool/postfix
#mail_owner = postfix
#data_directory = /var/lib/postfix
主配置文件
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - 25 smtpd
-o content_filter=scan:[127.0.0.1]:10025
#submission inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
# AV scan filter (used by content_filter)
scan unix - - n - - smtp
-o smtp_send_xforward_command=yes
-o smtp_enforce_tls=no
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet n - n - - smtpd
-o content_filter=spamfilter:dummy
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
# Spam filtering
spamfilter unix - n n - - pipe
flags=Rq user=spamfilter argv=/usr/local/bin/spamfilter.sh -f ${sender} -- ${recipient}
所有四个 MySQL Postfix 配置文件:
# you only need this if you plan to act as a backup mx for various domains.
user = *
password = *
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '1' AND active = '1'
user = *
password = *
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
user = *
password = *
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'
user = *
password = *
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
SASLsmtpd 配置文件
pwcheck_method:authdaemond
使用服务器上的本地 Web 邮件客户端时,通过 SMTP 发送邮件没有问题。但是使用服务器上没有的客户端时,就会超时。
netstat -tulp | grep sm
tcp 0 0 *:smtp *:* LISTEN 15982/master
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- vortex anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:rndc
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:rndc
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT icmp -- anywhere anywhere icmp echo-request state NEW,RELATED,ESTABLISHED
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
telnet mail.darqflare.com 25 刚刚超时。服务器日志中没有任何内容。感谢大家的帮助。
答案1
在所有令人抓狂的事情中……事实证明我的 ISP 很可能正在默默地阻止我家里网络上的出站 SMTP。难以置信。
抱歉,现在问这个问题毫无意义。这似乎只是一个警示故事……
答案2
查看日志文件以查找可能存在的问题。Postfix 在记录问题方面表现得相当不错。还要确保 Mysql 和 cyrus-sasl 都在运行。在三个守护进程中,Cyrus-sasl 在任何升级后都容易出现最多问题。
我刚刚注意到您也在使用 Courier 的 authdaemon。您需要确保它也在运行。
我的另一个建议是发邮件至 gentoo-server@ 或 gentoo-user。你会更快地得到帮助。
最后,感谢您使用我的指南来构建您的服务器。希望它对您有用。